The Security plan will be implemented keeping in mind the strategies of the Blue Bookstore. The factors that will mainly affect the security plan will be the costs involved and a strong focus on providing a secure place for the employees to work and customers to shop.

   Individual accountability is essential for the implementation of controls and protective measures for information assets. It is equally essential for the quality of operations surrounding those information assets. Without the ability to identify the individual who made an error or omission, it is impossible to provide quality feedback to correct that behavior.

1. Identify data that requires restricted access.

2. Define data access authorization privileges for their information and where relevant, the computer applications that process their information.

3.  Define security requirements to be built into the system.

4. Define records retention and destruction schedules for their data, which comply with operational, legal and regulatory requirements

5. Communicate the need for “information protection” as appropriate to Information security manager.

6. Review and approve requisition for granting access.

7. Review and approve requisition for changes to the computer applications that process their information.

   This addresses Policies and Procedures related to the physical security of information resources. This Policy applies to all employees at Country Office, Branch offices Regional Offices and third parties operating within premises and all information resources including corporate data, as well as the application and systems software. In short we can address:

• Entry Restrictions to premises
• Entry Restriction to Server Room
• Fire Damage
• Water Damage
• Electrical Damage
• Pollution control

   Disaster Recovery Plan  (DRP) can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption. DRP should be aimed at arriving at a cost-effective contingency solution that balances the value of potential losses to the business and its assets against the cost of guaranteeing continuity of critical business processes.

   The company will develop, communicate and implement formal systems and procedures for detecting and reporting incidents relating to exceptional situations in day-to-day administration of IT and information security related areas. It should be ensured that the incidents are reported in time to the appropriate authorities and corrective actions are taken immediately to avoid the recurrence of such events in future.

E-Mail Security:

   The company develop effective systems and procedures to ensure that e-mails are used as an efficient mode of business communication and implement control procedures so that the e-mail facility is not misused. They will ensure that e-mail service and operations remain secure, efficient while communicating within intranet as well as through the Internet.

Web Server Security:

   The company will use Web server as an important resource for carrying out its customer related operations more efficiently. They should develop systems & procedures to ensure that only authorized users have access to its web applications in a secure manner. The policy also outlines protection requirements of files/data stored on the web server.

   For the Blue Bookstore, the extranet will be mainly used as public telecommunication system to securely share part of a business's information or operations with its suppliers, vendors, partners, customers, or other businesses. Factors that will be affected by these policies are:

• Application Security

• Network and Telecommunications Security