Premium Essay

Classification Standard

In:

Submitted By lmichelle92
Words 509
Pages 3
User Domain
The User Domain defines the people who access an organization’s information system. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data shall he or she have access to it. Its like a rulebook that employees must follow. Users are responsible for their use of IT assets. The User Domain is the weakest link in the IT infrastructure. Any user responsible for computer security must understand what brings someone to compromise the data of an organization.
Workstation domain
The workstation domain is where most users connect to the IT infrastructure. The workstation can be a desktop computer, laptop computer, or any other devise that connects to a network. The staff should have the access necessary to be productive. Tasks include configuring hardware. Hardening systems and verifying antivirus files. Hardening a system is the process of ensuring that controls are in place to handle any known threats.
The workstation domain requires tight security and access controls. This is where users first access systems, applications and data. The workstation domain requires a logon ID and password for access. Now I will list risks, threats and vulnerabilities commonly found in the workstation domain, along ways to protect against them. Unauthorized accesses to workstation- (solution) enable password protection on workstations for access. Enable auto screen lockout for inactive times. Viruses, malicious code, or malware infects a user's workstation or laptop.
User downloads photos, music, or videos via the internet-(solution) use content filtering and antivirus scanning at internet entry and exit. Enable workstation auto-scans for all new files and automatic file quarantine for unknown types. User inserts compact or universal serial bus thumb drive into organization computer- (solution) deactivate

Similar Documents

Free Essay

Impact of a Data Classification Standard

...Data Classification Standard is a guideline of how a business or organization should handle as well as secure their different array of data. With this particular report it will describe the “Internal Use Only” data of an Investment firm. Internal use only should tell you that this is information that is seen by employees of a company and no one else. There are 3 domains that could be under this umbrella of internal use only these would be the User Domain, Workstation Domain and the LAN domain. First we have the User Domain which defines the employees that will access the company’s information systems. This particular domain is the weakest link in the domain infrastructure due the users on this system that don’t think about the vulnerabilities and threats which include lack of user awareness, apathy towards policies, policy violations, downloads of personal or files that could malicious. Each of these risks is presented on an everyday basis that could compromise a company’s internal data. Secondly, you have the workstation domain, which is the domain where most of the users connect to the organizations infrastructure. This domain should require very tight security as well as access rights. Meaning, each user on the domain should only have the right to access what they need to be able to do their job productively and no more. This will have an impact in lowering the chance of breach in security. Some threats with this domain include; Unauthorized access to workstations...

Words: 417 - Pages: 2

Premium Essay

Data Classification Standard

...RICHMAN INVESTMENTS DATA CLASSIFICATION STANDARD The main priority of Richman investment is to keep the financial investments and consulting of our clients confidential. To maintain complete security of their information, new guidelines will be implemented to the User Domain, Workstation Domain, and the System Application Domain. To help mitigate threats in the User Domain all employees will attend annual training on basic computer security. Annual training will keep employees updated on recent virus threats and refresh employees on safety protocols they can practice to keep the company network secure. Also access to social network, social media, and indecent web sites will be blocked. By implementing these safeguards it will help stop computer viruses from infiltrating the infrastructure and obtaining access to client’s personal information and it also prevents employees from discussing personal information over social network sites. Lastly employees will have a personal ID and password and all activities on company computers will be monitored and tracked. Monitoring and tracking activities on the network will help identify what information employees are accessing and transferring. Employees will be issued a security level and will only be able to access information in the Workstation Domain that corresponds with their security level clearance. Issuing security levels will stop...

Words: 403 - Pages: 2

Premium Essay

Data Classification Standard

...There are three domains that are affected by an “Internal Use Only” data classification standard. The three domains most affected by the classification are the: User domain, Workstation domain, and LAN domain. ​The User Domain: * Is made up of the people who can access the information system. With an AUP (Acceptable Use Policy) for this domain, any third party that requires access to the network must sign an AUP and a confidentiality agreement. This domain is considered one of the weakest and the most affected for a few reasons. 1st is the lack of user awareness to correct this you should conduct security training with all personal. 2nd if you have obvious security violations after that training then you need to place the employees on probation and review the AUP. 3rd when users are downloading various different files that do not conform to the established security guidelines then enabling content filtering and automatic antivirus scans would be wise. ​The Workstation Domain: * Is made up of the devices that employees use to connect to the IT infrastructure. Availability for this domain is necessary so that all employees can easily access any tools needed to perform their work duties. This domain requires strong security and controls because this is where users first access the system. It is also where sizeable damage to system can occur. Here are some problems the can happen with some corrective solutions. If you can have unauthorized user access situation;...

Words: 441 - Pages: 2

Premium Essay

Impact of Data Classification Standard

...Impact of Data Classification Standard and Internal Use Only Data classification standard provides the means of how the business should handle and secure different types of data. Through security controls different data types can be protected. All these security controls should apply to each of every IT infrastructure in which it will state how the procedures and guidelines will guarantee the organization’s infrastructures security. This report will identify the definition of “Internal Use Only” data classification standard of Richman Investments. Internal Use Only includes information that requires protection from unauthorized use, disclosure, modification, and or destruction pertaining to a particular organization. This report will tackle 3 IT infrastructure including workstation domain, LAN-Wan Domain, and Remote Access Domain. Internal Use Only data includes data related to business operations, finances, legal matters, audits, or activities of a sensitive nature, data related to stake holders, information security data including passwords, and other data associated with security related incidents occurring at the business company, internal WCMC data, the distribution of which is limited by intention of the author owner or administrator. For the Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something...

Words: 596 - Pages: 3

Free Essay

Impact of a Data Classification Standard

...Impact of a Data Classification Standard This report is to identify the IT infrastructure domains that affect the “Internal Use Only” data classification standard of Richman investment and go into details as to how each domain is affected. User Domain The first domain that affects this standard is the user domain and also maybe one of the more vulnerable of the IT infrastructure. User domain consists of the people that accesses Richman’s information system. Users at this level are expected to be responsible for the information they access here at Richman, but because that is not always the cause, Richman will have in place an acceptable use policy (AUP). The AUP will, in detail, define what information which users are allow to access and also what they are allowed to do with that information. Richman Investments deal mostly with customer’s financial records, so anyone with that violates Richman’s AUP and poses a threat to the company information and could faces immediate dismissal. Workstation Domain The workstation domain is the second domain affected by the “Internal Use Only” standard. This is where users will access the network via some type of device such as desktop, laptop, tablet, smart phone, etc. It is very important that IT department keep workstations update to date with latest and relevant software updates, security patches, and antivirus/malware protection. The workstations will be accessible with a user define password that must meet password requirements...

Words: 385 - Pages: 2

Premium Essay

Impact of a Data Classification Standard

...IT-255 unit 1 assignment 2: impact of a data classification standard Hello everyone at Richman investments, I was s asked to write a brief report that describes the "internal use only" data classification standard of Richman investments. I will list a few of the IT infrastructure domains that are affected by the standard and how they are affecting the domain and their security here at Richman investments. * User domain The user domain defines the people who access an organizations information system. In the user domain you will find an acceptable use policy (AUP). An AUP defines what a user can and cannot do with organization-owned IT assets. It is like a rulebook that the employees must follow. Failure to follow these rules can be grounds for termination. The user domain is the weakest link in an IT infrastructure. Anybody who is responsible for computer security understand what motivates someone to compromise an organization system, application, or data. Now I am going to list risk and threats commonly found in the user domain and plans you can use to prevent them. Lack of user awareness - solution - conduct security awareness training, display security awareness posters, insert reminders in banner greeting, and send email reminders to employees. Security policy violation- solution - place employee on probation, review AUP and employee Manuel, discuss during performance review. Employee blackmail or extortion- solution - track and monitor abnormal employee behavior...

Words: 681 - Pages: 3

Premium Essay

Impact of a Data Classification Standard

...Impact of a Data Classification Standard Sir: The following IT infrastructure domains that are being affected by the “Internal Use Only” data classification are: the user domain, the workstation domain, the LAN to WAN domain, and the remote access domain. Each of these has their own sets of problems. I will describe each problem for each domain and make a recommendation on how to rectify the situation. The user domain is where the access rights for each employee starts. I observed that many of the employees were not following the company’s policies of securing data. When questioned several of the employees stated that they were not aware of the policies. I would recommend that there is a semiannually security awareness training conducted for all employees. I also noted that there were quite a few individuals using personal USB drives with personal photos, music, and documents on them. I would recommend that each time an employee plugs in a personal device to a computer that an automatic scan occur with no way for the employee to stop the scan. The workstation domain is the second domain that I observed data compromising occurring. In my observations I noticed that many of the employees do not log off or lock their computer screens when they are away from their computer thereby making it easy for anyone to walk by and have access to the information they are authorized to use. I have several recommendations for this. One is to post a memo reminding employees...

Words: 496 - Pages: 2

Premium Essay

Impact of a Data Classification Standard

...Internal use only data classification would include the User domain, the workstation domain, and the LAN domain. These domains are the basic IT infrastructure domains, and they will cover all the users and workstations in the company. The Internal use only classification will cover info such as telephone directory, internal policy manuals, and new employee training material. The user domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. The Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something like this from happening, the Richman Investments can hire a professional to train all employees for a security awareness campaign and programs throughout the year The LAN domain includes all data closets and physical as well as logical elements of the LAN. This domain needs strong security, being that it is the entry and exit points to...

Words: 300 - Pages: 2

Premium Essay

Impact of a Data Classification Standard

...Following are three important “Internal Use Only” data classification standards of Richman Investments: 1. User Domain – This layer is by far the most vulnerable portion of any IT infrastructure. Without restrictions and education a user would have free rein to expose a network to a myriad of security risks. Richman Investments is not immune to this blight. For this reason, special attention is given to precautions for and education of users. Domain administrators have processes in place to monitor user activity and limit access to portions of the domain. These rules are defined under the acceptable use policy. This policy outlines what users are allowed to do with the company data that they have access to. Above all, users are accountable for their own actions. They are expected to secure their physical and virtual environment to the best of their abilities. 2. Workstation Domain – Another integral part of the overall security of any network. This domain is the access to the local area network via something like a NIC card. It is accomplished through some type of verification as a deterrent to hackers. Here is Richman Investments we have a multi-level security system in place. First, to access any area that contains a workstation at least one door requiring a key card will need to be entered. Next, at the workstation your username has been replaced by biometrics via your thumbprint. With the print you will have to enter your password. Password requirements include: at least...

Words: 454 - Pages: 2

Premium Essay

Impact of Data Classification Standard

...Three IT infrastructure domains that are affected by the standard and are affected by "Internal Use Only" are the User, Workstation and LAN domain. The user domain is made up of the people who can access the information with an AUP. This domain is considered one of the weakest and most affected for several reasons, but mostly the lack of user awareness. The second is the workstation domain. This domailn is made up of the devices that employees use to connect to the IT infrastructure. This domain requires a strong security and controls because this is where users first access the system. If you can have unauthorized user access situation; make sure you have a strong password and screen lockout policy in place. If you have any software vulnerabilities or software patch updates that are needed; make sure you have the workstation OS vulnerability window policy in place so to it can be consistently monitored and updated. And the third domain is the Local Area Network domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel and requires a strong security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN support group is in charge maintaining and securing this domain. The biggest threat to the LAN domain is Un-authorized access...

Words: 286 - Pages: 2

Free Essay

Impact of a Data Classification Standard

...Every Organizations are responsible for protects its information, and it’s our job as IT administrators to place security measures against unauthorized use, access, modification, loss and deletion. Richman Investments Client’s social security numbers, credit/debit card numbers, personal account numbers must be protected by law. The purpose of this report is to describe the “Internal Use Only” standards set by Richman Investments, the information obtained for this report consist of a study done on three of the seven layers of our IT infrastructure so you may understand our security policy’s and understand it importance. The seven domains is consist of; User Domain, LAN Domain, LAN-to-WAN Domain, Workstation Domain, Remote Access Domain, WAN Domain, and System/Application Domain. Each one requires proper security controls and meet the requirements of the A-I-C triad. The following is an overview of just three infrastructure domains that are in this “Internal Use Only” report, The User Domain, the Workstation Domain and the LAN Domain. The User Domain identifies which people can access the information and contains all of the user’s information records. Employees at Richman Investments must follow the rulebook that defines what each user can and cannot do with the company’s data. The Workstation Domain is where all the user information will be verified from, and then approved on the company network. On the workstation domain, the staff should have the necessary access to...

Words: 386 - Pages: 2

Premium Essay

Impact of a Data Classification Standard

...Three IT infrastructure domains that are affected by the standard and are affected by “Internal Use Only” are the User, Workstation and LAN domain. The user domain is made up of the people who can access the information with an AUP. This domain is considered one of the weakest and most affected for several reasons, but mostly the lack of user awareness. The second is the workstation domain. This domailn is made up of the devices that employees use to connect to the IT infrastructure. This domain requires a strong security and controls because this is where users first access the system. If you can have unauthorized user access situation; make sure you have a strong password and screen lockout policy in place. If you have any software vulnerabilities or software patch updates that are needed; make sure you have the workstation OS vulnerability window policy in place so to it can be consistently monitored and updated. And the third domain is the Local Area Network domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel and requires a strong security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN support group is in charge maintaining and securing this domain. The biggest threat to the LAN domain is Un-authorized...

Words: 286 - Pages: 2

Premium Essay

Richman Investments “Internal Use Only” Data Classification Standard

...RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base information system, applications and data. This layer requires a login and password authentication...

Words: 306 - Pages: 2

Premium Essay

Unit 1 Assignment 2 Impact of Data Classification Standard

...Unit 1 Assignment 2 Ronald McMahon April 1, 2014 To: Senior Management. Richman Investment “Internal use only “data classification standard. Ronald McMahon April 1, 2014 Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization. This report is designed to describe clarify the standards for the “Internal use only” data classification for Richman Investments, this report will address which IT infrastructure domains are affected by the standard and how. The first IT infrastructure affected by internal use only classification is the User Domain. The user domain defines the people who access an organization’s information system. The user domain also will enforce an acceptable use policy ( AUP) to define what each user can and cannot do with any company data shall he or she have access to it. As well as with company users, any outsiders, contractor’s or third party representatives shall also need to agree and comply with the AUP . Any violation will be taken up with management and / or the authorities to access further punitive action. Work Station Domain – is where most users connect to the IT infrastructure. No personal devices or removable media may be used on this network. All devices and removable media will be issued by the company for official use only. Access Control Lists ( ACLs ) will be drawn up to appropriately define what access each person will have...

Words: 385 - Pages: 2

Free Essay

Asset Identification & Asset Classifcation

...Asset Identification & Asset Classification 1. What is the purpose of identifying IT assets and inventory? i. To help identify areas of potential risks. 2. What is the purpose of an asset classification? ii. To evaluate the health of the company by examining how well each of the company’s assets are performing. 3. For the scenario you picked, give three (3) examples of customer privacy data elements. (HIPAA) iii. Names iv. Medical records v. Health plan beneficiary numbers 4. Why is your organization’s website classification minor nut its e-commerce server considered critical for your scenario? vi. Because it presents a smaller threat while the e-commerce server is more valuable to the organization. 5. Why would you classify customer privacy data and intellectual property assets as critical? vii. They are valuable assets to the organization and possess value to the organization. 6. What are some examples of security controls for recent compliance law requirements? viii. Sarbanes-Oxley Act – To certify the accuracy of financial information. ix. Children’s Online Privacy Protection Act – Information from children under the age of 13. 7. How can a Data Classification Standard help with asset classification? x. Classifying data helps prevent vulnerability to sensitive data. 8. How can you minimize leakage of customer privacy data through the public internet? xi. Gramm-Leach-Bliley...

Words: 295 - Pages: 2