...4.3 Acceptable Use Policy Definition Richman Investments Internet Policy Policy: Access to the Internet through the Richman Inverstments is a privilege. Users granted this privilege must adhere to strict guidelines concerning the appropriate use of this information resource. Users who violate the provisions outlined in this document are subject to disciplinary action up to and including termination. In addition, any inappropriate use that involves a criminal offense will result in legal action. All users are required to acknowledge receipt and understanding of guidelines contained in this document. Purpose: To define policies and procedures for access to the Internet through the Richman Inverstments network infrastructure. Scope: This policy applies to all personnel with access to Internet and related services through the Richman Inverstments network infrastructure. Internet Related services include all services provided with the TCP/IP protocol, including but not limited to Electronic Mail (e-mail), File Transfer Protocol (FTP), Gopher, and World Wide Web (WWW) access. Procedure: 1.0 ACCEPTABLE USE 2.1. Access to the Internet is specifically limited to activities in direct support of official Richman Inverstments business. 2.2. In addition to access in support of specific work related duties, the Richman Inverstments Internet connection may be used for educational and research purposes. 2.3. If any user has a question of what constitutes acceptable...
Words: 669 - Pages: 3
...Impact of a Data Classification Standard | Unit 1 Assignment | Domain This Domain is where only one user will have entrance to it. This can be configured to internal usage only. By default, the IT department tries to sustain a certain level of Security for this, so that nobody can enter from the outside, only the IT Department may grant access privilege for Remote Access. The User Domain will enforce an acceptable use policy (AUP) to define which user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the safekeeping of the environment. 2. LAN Domain The Local Area Network Domain is a group of computers that are all connected to a single LAN domain. The LAN Domain is a collection of computers connected to each another or to a common medium. All LAN domains have data closets, physical elements of the LAN, and logical elements as designated by authorized personnel. It involves strong security and access controls. This domain can access company-wide systems, applications, and data from anyplace within the LAN. The LAN support group is in control of maintaining and securing the domain. The biggest threat to the LAN domain is an Un-authorized access to anything on the network. For example: LAN, the systems, and data. One thing we can do is require strict security protocols for this domain, such as disabling all external access ports for the workstation. This would cause a no access...
Words: 358 - Pages: 2
...Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance...
Words: 1625 - Pages: 7
...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...
Words: 689 - Pages: 3
...IT 454 Security Management Plan Marshall Miller December 20, 2015 Table of Contents Section 1: Information Security Management 4 Intro to Organization 4 People 4 Physical Security 4 Training of Security 4 Information Technology Training 4 Technology 5 Project Manager Roles 5 Section 2: Security Program 6 Data Classification 6 Management Support 7 Hierarchy Reporting Structure 8 8 Section 3: Security Policies 10 Acceptable Use Policy 10 1. Overview 10 2. Purpose 10 3. Scope 11 4. Policy 11 5. Enforcement 13 6. Definitions 13 7. Implementation Date 13 Section 4: Security Policies 14 Risk Assessment 14 Quantitative Risk Analysis 14 Quantitative Risk Analysis 14 Methodologies 15 1. Transfer 15 2. Avoid 15 3. Reduce 15 4. Accept 16 Summary 16 Section 5: Controlling Risk 17 Administrative 17 Human Resources 17 Organizational Structure 17 Security Policies 18 Technical 18 Access Control 18 System Architecture 18 System Configuration 18 Physical 19 Heating and Air Conditioning 19 Fire 19 Flood 19 Summary 19 Bibliography 20 Section 1: Information Security Management Intro to Organization My organization is about a federally recognized business called JPPSO (Joint Personnel Property Shipment Office). JPPSO specializes in the shipping of military personnel goods. JPPSO works hand in hand with the United States Air Force to enforce the safe shipping of military household goods...
Words: 2755 - Pages: 12
...------------------------------------------------- Week 1 Laboratory Part 1: Craft an Organization-Wide Security Management Policy for Acceptable Use Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Define the scope of an acceptable use policy as it relates to the User Domain * Identify the key elements of acceptable use within an organization as part of an overall security management framework * Align an acceptable use policy with the organization’s goals for compliance * Mitigate the common risks and threats caused by users within the User Domain with the implementation of an acceptable use policy (AUP) * Draft an acceptable use policy (AUP) in accordance with the policy framework definition incorporating a policy statement, standards, procedures, and guidelines Part 1 – Craft an Organization-Wide Security Management Policy for Acceptable Use Worksheet Overview In this hands-on lab, you are to create an organization-wide acceptable use policy (AUP) that follows a recent compliance law for a mock organization. Here is your scenario: * Regional ABC Credit union/bank with multiple branches and locations thrrxampexoughout the region * Online banking and use of the Internet is a strength of your bank given limited human resources * The customer service department is the most critical business function/operation for the organization * The organization wants to...
Words: 639 - Pages: 3
...IS 471 Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: • Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Determine which domain is impacted by the risk, threat, or vulnerability. Determine...
Words: 1159 - Pages: 5
...The question of is it acceptable for a student to use a solutions manual to answer a problem or case lies at the core of the Delta State Graduate Catalog. According to the Delta State Graduate Catalog, the university expects all students to adhere to the highest moral academic standards while attending the university. In compliance with this policy, it would be unethical for a student to use a solutions manual to help solve any problem or case assigned. Using a solutions manual would fall under the definition of cheating that is clearly outlined in the Delta State Graduate Catalog. In an example listed it states the use of notes or any other aid not specifically allowed or approved by the instructor as cheating (DSU Graduate Catalog, p. 26). Within the scope of the definition, the use of the manual would only be permitted if the student receives permission from the instructor (DSU Graduate Catalog, P. 26). In this case, since the instructor did not allow for the use of the manual, the student is in violation. If the student is suspected of using the solutions manual, the instructor can schedule an appointment with the student for the appropriate action to be taken. Penalties can range from the failing of a final exam to dismal from the university (DSU Graduate Catalog, p. 28). Students are allowed to appeal the recommend punishment stated in the university’s undergraduate and graduate bulletins (DSU Graduate Catalog, p.28). The IMA Statement of Ethical Professional...
Words: 1066 - Pages: 5
...POLICY Acceptable Use for ICT Facilities (for Students) Purpose Student users of Özyeğin University computing and network systems, facilities and services are bound by the rules and definitions outlined in this policy. All the facilities provided to students by the University are designed and implemented for the ease of use, ease of access, faster communication and higher productivity. Compliance with this policy and proper use of system resources are vital for success. Therefore, the University has the full authority and right to audit, while providing wide and secure IT facilities. Scope All applications and usage relating to IT facilities provided for students. Validity This document is effective as of the date it is uploaded to the system. It is revised and updated in the first two months of every year and when necessary. Only the latest version on the system is valid. This is why printing the document is not recommended. In the case that a printed copy is used, it is the user’s responsibility to check the document’s validity through the system. Definitions Computing and Network Systems: Includes LANs, wireless and modem connections, on-campus telephone system, faxes, printers, plotters, scanners on the network as well as all types of communication, printing and publishing devices that work off-line. Facilities All IT facilities and services either provided on-campus in laboratories, libraries and/or any other on-campus locations or provided off-campus through remote access...
Words: 1089 - Pages: 5
...Council Human Resources Information Security Standards Steve Adamek, Head of Business Systems G\Government Connect\WBC Policies Head of Business Systems IT Policy Internal Public April 2010 Revision History Revision Date Revisor Previous Version Description of Revision V2.1 V2.2 V2.3 V2.4 V1.0 V1.1 V1.2 Laura Howse Laura Howse Steve Adamek Laura Howse Laura Howse Laura Howse Laura Howse 2.0 2.1 2.2 2.3 2.4 1 1.1 Updated to include WBC references Updated to incorporate WBC changes Updated to incorporate Unison changes Updated to incorporate Unison changes Final Version Updated to include feedback from Human Resources Updated to include feedback from Human Resources Document Approvals This document requires the following approvals: Sponsor Approval Name Date Director of Transformation General Manager for Business Services & Section 151 Officer Head of Business Systems Deputy Head of Human Resources Computacenter Service Manager (Outsourced IT Provider) Document Distribution Andrew Moulton Graham Ebers Steve Adamek Maureen Vaughan-Dixon Chris Taylor-Cutter This document will be distributed to: Name Job Title Email Address All Staff V1.2 Final Page 2 of 10 Human Resources Information Security Standards Contents 1 Policy Statement 2 Purpose 3 Scope 4 Definition 5 Risks 6 Applying the Policy 7 Policy Compliance 8 Policy Governance 9 Review and Revision 10 References 11 Key Messages A1 Applying the...
Words: 2757 - Pages: 12
...Travis Avery NT2580 Project Part 2 Purpose - This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing. The policies and restrictions defined in this document shall apply to all network infrastructures and any other hardware, software, and data transmission mechanisms. This policy must be adhered to by all R.I. employees, temporary workers and by vendors and contractors working with R.I. Scope- This policy document defines the common security requirements for all R.I. personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as vendors or contractors of R.I., in cases where R.I. has a legal obligation to protect resources while in R.I. possession. This policy covers all of R.I. network systems which are comprised of various hardware, software, communication equipment and other devices designed to assist the R.I. in the creation...
Words: 598 - Pages: 3
...Acceptable Use Policy (AUP) The three companies I compared policies with were; SANS, Sopho, and Pinterest. In regards to SANS institute and Sopho they were alike in several ways first of all the AUP was from a employee / company comparison, such as not sharing id's, passwords, company's copyright information etc…They also shared Pirated software not licensed by the company is prohibited. My third choice Pinterest is more of a social site and some of the policies are different because even though your accessing the companies site to post images, opinions etc…they still have AUP in place to restrict users from posting pornographic images, creates a risk of harm, loss, physical or mental injury, emotional distress, death, disability, disfigurement, or physical or mental illness to yourself, to any other person, or to any animal. Researching different companies policies gave me a broader understanding on how to tailor the AUP to better suit the company, in other words they are not all the same. You need to create on a case by case bases. My AUP definition for Richman Investments Acceptable Use and Unacceptable use are as follows; The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). Richman Investments...
Words: 619 - Pages: 3
...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...
Words: 616 - Pages: 3
...Unit 5 Assignment: Acceptable Use Policy (AUP) Definition The Richman”s Investment Group updated (AUP) Acceptable Use Policy for January 2014 for both acceptable and unacceptable use of the Internet use operated or owned by Richman’s Investment. Any violations in this agreement policy may result in disciplinary and/or legal action. Penalties can range from immediate termination of employment to imprisonment with fines. Internet Usage • Any and all employees of Richman’s Investment are encouraged to use the internet where such use is needed and is in stride to goals and objectives of the business of Richman’s Investments. • The equipment and services belong to Richman’s Investments and there reserve the right to monitor any or all internet traffic including emails and any data sent or received. • Using Richman’s Investment hardware, software and or internet to hack into unauthorized websites is strictly prohibited. • The use of any and all bit torrent software or sites is not allowed on any network, owned or operated by Richman’s Investment do to its high risk of abuse and or misuse. • No viewing or distributing of inappropriate material on the internet owned or operated by Richman’s Investments and will result in termination of employment. • Any and all downloads done off of the internet must be scanned before opening or accessing (NO ACCECPTIONS). • Using Richman’s Investments hardware, software and or internet to form and sort of fraud, and/or software, film or music...
Words: 323 - Pages: 2
...The first thing to understand is what the standard for “internal use only” is. The definition of “internal use only” is “Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization.” What does that mean? It means that information being used by this classification is to be created, used, and distributed through the organization and nowhere else. Let’s now explain the technical side of things. The IT infrastructure domains consist of 7 different domains. These domains are user domain, workstation domain, LAN domain, LAN-to WAN domain, remote access domain, system/application domain, and WAN domain. For the use of “Internal use only” classification it should only include the following domains. The following contains information on how “internal use only” classification is affected by these domains. User domain- The user domain is by far the most vulnerable. This domain can be vulnerable by the employee’s actions, emotions, and awareness of company policies and procedures. It is up to the user to use the information correctly not necessarily up to the network protocols in place. The best way to mitigate this issue it to monitor abnormal behavior and have employees understand the company’s acceptable use policy. Workstation domain- The workstation domain is how the user connect to the company’s IT infrastructure. It can be from workstations to personal data assistance...
Words: 510 - Pages: 3
