... 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? DACL means discretionary access control list and it is a type of access control defined by the trusted computer system evaluation criteria. 2. Why would you add permissions to a...
Words: 1428 - Pages: 6
...Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? ...
Words: 1093 - Pages: 5
...and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: • Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Determine which domain is impacted by the risk, threat, or vulnerability. Determine which domain is impacted by the risk, threat, or vulnerability. Determine security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. Deliverables Create a document encompassing both the hands-on steps of the assignment as well...
Words: 1159 - Pages: 5
...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to implement...
Words: 889 - Pages: 4
...report will specifically address, the IT infrastructure domains and how they are affected by our standards, they are seven IT infrastructure domain and these are they names (1) users domain (2) workstation domain (3) Lan domain (4) lan to wan domain (5) wan domain (6) remote access domain (7) system application domain. My focus in this report is to clearly identify the security risk that goes along with these domains and to identify some solutions also even to open the door for grate discussion to develop a better strategy to protect our company. Sir, Each domain requires proper security controls and must meet the A-I-C (Accountability, Integrity and Confidentiality) triad requirements. But at tins time I will only focus on three domains that are mostly affected by the “Internal Use Only” standard. Listed below are these three it infrastructure and what are the direct dealings within our company and a glimpse of their treat. 1. User Domain • The User Domain defines what data a person can and cannot have access to within an organizations information system. This domain enforces the Acceptable Use Policy (AUP) which defines what a user is allowed to do within an organization’s owned IT asset. It is the weakest link in an IT Infrastructure. Users must understand what motivates someone to compromise an organizations system. 2. Workstation domain • The Workstation Domain is where most users connect to the IT Infrastructure. Desktop computers, laptops, or any...
Words: 428 - Pages: 2
...Identified at least three IT infrastructure domains affected by "Internal Use Only" data classification standard. THE SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE 1. User Domain defines the people who access an organization’s information system. 2. Work Station Domain is where most users connect to the IT infrastructure. It can be a desktop computer, or any device that connects to your network. 3. Local Area Network (LAN) DOMAIN is a collection of computers connected to one another or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves. 4. LAN-TO-WAN DOMAIN is where the IT infrastructure links to a wide area network and the Internet. 5. Wide Area Network (WAN) DOMAIN connects remote locations. WAN services can include dedicated Internet access and managed services for customer’s routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available. 6. REMOTE ACCESS DOMAIN connect remote users to the organization’s IT infrastructure. The scope of this domain is limited to remote access via the Internet and IP communications. 7. System/Applications Domain an application domain is the CLR equivalent of an operation system’s process. An application domain is used to isolate applications from one another. This is the same way an operating system process works. The separation is required so that applications do not affect one another. This separation...
Words: 652 - Pages: 3
...instructed to create a general purpose outline for our company’s multi-layered security plan. There are seven (7) domains in a typical IT infrastructure: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and System/Application Domain. Each domain has their own unique risks, threats, and vulnerabilities that need to be mitigated in order to ensure our company’s security. In the User Domain the first thing that should be done is create an acceptable use policy (AUP). An AUP defines what users are allowed to do with organization-owned IT assets. Violation of the terms defined in the AUP can be grounds for dismissal. We will require staff and other 3rd parties to sign a confidentiality agreement to keep private data confidential. In addition to signing a confidentiality agreement, some positions may require criminal background checks to help ensure security. Here at Richman Investments we need to conduct security awareness training, insert reminders in banner greetings, and send email reminders to employees with security related tips. Disabling internal CD drives and USB ports will help keep employees from accessing personal photos, music, and videos at work. Also enabling automatic virus scans for email attachments and all new files that reach the workstation. The Workstation Domain is where most users connect to the IT infrastructure. A Workstation can include a computer, smartphone or any other device that connects to our network. Staff...
Words: 807 - Pages: 4
...distributed through the organization and nowhere else. Let’s now explain the technical side of things. The IT infrastructure domains consist of 7 different domains. These domains are user domain, workstation domain, LAN domain, LAN-to WAN domain, remote access domain, system/application domain, and WAN domain. For the use of “Internal use only” classification it should only include the following domains. The following contains information on how “internal use only” classification is affected by these domains. User domain- The user domain is by far the most vulnerable. This domain can be vulnerable by the employee’s actions, emotions, and awareness of company policies and procedures. It is up to the user to use the information correctly not necessarily up to the network protocols in place. The best way to mitigate this issue it to monitor abnormal behavior and have employees understand the company’s acceptable use policy. Workstation domain- The workstation domain is how the user connect to the company’s IT infrastructure. It can be from workstations to personal data assistance devices. The desktop support group are the one responsible to maintaining this domain. They are the one insuring that the integrity of the users fall under the company’s acceptable use policy while the IT security personnel sets user access rights for the information. LAN domain- The LAN domain is how the communication between users exist both physically and logically within the IT...
Words: 510 - Pages: 3
...another name for obtaining information under false pretenses and what does it have to do with GLBA? What is an example of the safeguard pertinent to this requirement? Pre-texting or social engineering. GLBA specifically mentions this in title 15 US code chapter 94 sub chapter 2, section 6821. GLBA encourages companies to implement safeguards around pre-texting and social engineering. Security awareness training and periodic reminders of awareness to pre-texting and social engineering is a best practice performed within the user domain. 3. How does GLBA impact information system security and the need for information systems security practitioners and professionals? The safeguards rule within GLBA requires financial institutions and insurance companies to develop security plan detailing how they will protect their customers nonpublic personal information. The safeguards rule impacts the security plan throughout the 7 domains of a typical IT infrastructure in regards to protecting nonpublic personal information. 4. If your organization is a financial institution or insurance company that is also publicly traded, what other compliance law must you comply with? The Sarbanes-Oxley act. Proper security controls and safeguards must be designed and implemented to protect the nonpublic...
Words: 1267 - Pages: 6
...Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions. Assignment Requirements This is a matching activity. You...
Words: 1409 - Pages: 6
...creating a Microsoft Windows Enterprise Patch Management solution for an organization, but you have no budget. What options does Microsoft provide? 4. How does network monitoring, performance monitoring, alarming, and incident response help secure the IT infrastructure? 5. Provide an example of multi-factor authentication and identify an application that you think would require multi-factor authentication. 6. In which of the seven domains of a typical IT infrastructure would be policy definitions for implementation of anti-virus application/tool as a security countermeasure? Explain. 7. What is the difference between a Host-based Firewall and a Network-based Firewall? What domains of the typical IT infrastructure would you deploy each of these within? Explain how firewalls help mitigate risk exposure by preventing or blocking unauthorized access. 8. Give at least 3 examples of controls typically implemented in the User Domain. Explain these controls. 9. Provide 3 example of encrypted remote access communications commonly used through the public Internet (i.e., remote access via Internet) 10. Which domain within a typical IT infrastructure is the weakest link? From am access control perspective, why is the User Domain the greatest risk? 11. True or False. It is a best practice to enable both a host-based IP stateful firewall in servers and workstation along with a perimeter, network-based IP stateful firewall for a layered security solution. 12. What types of...
Words: 376 - Pages: 2
...This is a multi-layered security plan. First, Assign people that are fully trained and/or provide the training that makes it possible to do the job. To prevent malicious software and etc. in the 7 domains of an IT infrastructure, you can isolate and install preventions for each domain. The domains are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain. The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer. In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection...
Words: 331 - Pages: 2
...proper IT infrastructure, it consists of seven total domains. Each domain’s overview consists of risks, threats, and the vulnerabilities that will be found in today’s society. Here I will explain three of the IT infrastructure domains affected by the “Internal Use Only” data classification standard. The first domain is the User Domain. The user domains consist of the Acceptable use policy. This is the guidelines that each user must follow within an organization. If any of these rules are violated, the employee can be terminated. The AUP consist of all the asset of the Richman Investment Company. It is the responsibility for the company to have all employees’ sign a legal document that ensure all assets will be kept confidential. The user domain structure is the weakest link of any infrastructure and has several risks associated with it. There is lack of awareness, and it can be controlled by conducting security awareness training. Another risk is user apathy toward policies, and it can be controlled by implementing acceptable use policies and updating staff manuals and handbooks. The second domain is the workstation domain. A workstation consists of desktops, PDAs or smartphones, or laptops. All employees must have the proper rights and access to be efficient at their job. This tasks falls into the job description of the IT professionals to assign rights and grant access where needed. A few of the following risks are things that may occur within a workstation domain. The first...
Words: 479 - Pages: 2
...Introduction: For this final paper, I am to assemble the executive reports for which I have completed over the last 5 weeks and combine them into one final report. These reports will consist of: - The two auditing frameworks or hardening guidelines / security checklists used by the DoD. - How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance. - How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered. - The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening. - The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening. - The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. - The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. Part 1: Purpose: The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks. Background: A little background...
Words: 2140 - Pages: 9
...This is a multi-layered security plan. First, Assign people that are fully trained and/or provide the training that makes it possible to do the job. To prevent malicious software and etc. in the 7 domains of an IT infrastructure, you can isolate and install preventions for each domain. The domains are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain. The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer. In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection and...
Words: 683 - Pages: 3