...Chris Browning Unit5 assignment2 Acceptable Use Policy Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic LAN – WAN is where the IT infrastructure links to a wide area network and internet. For Security (Administrators and Managers) * Security monitoring controls for intrusion * Apply email server and attachment antivirus and email quadrating for unknown file types * Disablement for ping, probing, and port scanning on all exterior IP devices * Denying of outbound traffic using source IP addresses * Apply file transfer monitoring, scanning and alarming for unknown file types Web Surfing is the usage of the internet browsing a series of web browsers For Security (Administrators and Managers) * Apply domain-name content filtering at the internet entry/access point * Employees may lose productivity while searching web for no work related material Cons putting a limitation to web surfing may cause the employee to lack independence of finding information. What if they need to look up an answer to a customers question and has to find it on the web? Pros not using the internet could prevent a wide variety of viruses and the company is only allowed to use their company accounts to send out emails to customers. Guidelines to usage of email are covered under email usage policy Richman Investment Employees: Certain traffic is expressly forbidden: * No peer-to-peer...
Words: 341 - Pages: 2
...individuals either knowingly or unknowingly Internet /intranet/ extranet related systems including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, www browsing, Peer to Peer and FTP, are the property of Richman investments. These systems are to be used for business purposes in serving the interests of the company and of our clients and customers in the course of normal operations Purpose The purpose of this policy is to mitigate the improper use of company computer asset these rules are in place to protect the employee and Richman investments. Inappropriate use exposes Richman investments to risks including virus attacks, compromise of network systems and services, and legal issues. Scope To implement a new AUP policy to stop these problems from occurring they need to design an AUP to let user know what they can or can’t do on the system. And use the IT department to restrict access to removable devices. Policy General use and ownership 1. No introduction of malicious programs into networks or onto systems 2. No accessing unauthorized internal resources or information from external sources 3. No Port scanning or data interception on network 4. No Denying service or circumventing authentication to legitimate users 5. No Using programs ,scripts, or commands to interfere with other network users 6. No Accessing adult content from company resources Security and Proprietary Information ...
Words: 407 - Pages: 2
...IT255 Acceptable Use Policy (AUP) I have reviewed the list of forbidden traffic and came up with this acceptable use policy. Some ports (20&69) would be disabled denying file transfer if all traffic listed is forbidden. I propose the use of content filtering, file transfer monitoring, scanning and alarming for unknown file types from unknown or restricted sources. The restriction on downloading executables could be changed in the same fashion. Both of these guidelines could otherwise interfere with otherwise normal business practice and hinder the productivity of the company. The redistribution copyrighted material is restricted because the system administrator ensures all workstations have what they need. No exporting internal software or technical material in violation of export control laws. If a worker needs such software or material for a location that does not have it then they will be issued license for said use of such property. Workstations will run antivirus and malicious removal software. These programs will be update as new definitions and malicious code data are provided. The organizations data classification standard should address remote access. The company will deny outbound traffic using source IP addresses in access control lists. If remote access is allowed, encrypt where necessary. This will prevent any unauthorized access to internal resources or information from external sources. No unauthorized port scanning or probing on the company’s network...
Words: 487 - Pages: 2
...Unit 5 Assignment 2: Define an Acceptable Use Policy (AUP) Acceptable Use Policy Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic. LAN – WAN is where the IT infrastructure links to a wide area network and internet. For Security (Administrators and Managers) - Security monitoring controls for intrusion - Apply email server and attachment antivirus and email quadrating for unknown file types - Disablement for ping, probing, and port scanning on all exterior IP devices - Denying of outbound traffic using source IP addresses - Apply file transfer monitoring, scanning and alarming for unknown file types Web Surfing is the usage of the internet browsing a series of web browsers For Security (Administrators and Managers) - Apply domain-name content filtering at the internet entry/access point - Employees may lose productivity while searching web for no work related material Cons putting a limitation to web surfing may cause the employee to lack independence of finding information. What if they need to look up an answer to a customers’ question and has to find it on the web? Pros not using the internet could prevent a wide variety of viruses and the company is only allowed to use their company accounts to send out emails to customers. Guidelines to usage of email are covered under email usage policy Richman Investment Employees: Certain traffic is expressly forbidden: - No peer-to-peer file...
Words: 339 - Pages: 2
...CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-2-case-study-1-acceptable-use-policy/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY CIS 462 WK 2 Case Study 1 - Acceptable Use Policy An Acceptable Use Policy (AUP) is a very important policy within organizations to define acceptable employee behavior when accessing company resources. Additionally, there are also legal implications within AUPs. Use an existing AUP that you are familiar with, such as from a current or previous workplace, or search on the Internet for an example AUP to complete this case study. Write a three to five (3-5) page paper in which you: 1. Describe the purpose of an Acceptable Use Policy you have selected and explain how the AUP helps provide confidentiality, integrity, and availability within the organization. 2. Critique the AUP you selected and provide recommendations for improving the AUP. 3. Explain methods that organizations can implement to help ensure compliance with the AUP, mitigate their risk exposure, and minimize liability. Describe how your selected AUP accomplishes these goals. More Details hidden... Activity mode aims to provide quality study notes and tutorials to the students of CIS 462 WK 2 Case Study 1 Acceptable Use Policy in order to ace their studies. CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY To purchase this visit here: http://www.activitymode...
Words: 688 - Pages: 3
...description and scope of the contents of the policy. #Acceptable Use Policy This policy is used to establish a culture of trust and integrity amongst the employees and users of the network. The acceptable use policy should contain an overview, purpose, scope, general use & ownership and un-acceptable use sub-sections. Email Policy The policy defines standards for conducting communications within the corperate network email system. These standards minimize the potential exposure to the company from unsolicited email messages and attachments. The email policy should contain a purpose and enforcement sub-sections. Anti-Virus Policy The policy defines standards for protecting the company’s network from any threat related to maleware Identity Policy The policy defines rules and practices for protecting the corporate network from unauthorized access. The Identity policy identifies who each user is and what resources they are allowed to access. The identity policy should contain sub-sections on purpose, employee training, visitors (i.e.temps, contractors and consultants,) and prohibited practices. Password Policy Passwords are an important aspect of netwok security. They are the front line of protection for user accounts. The password policy should contain sub-sections on purpose, scope, policies, guidelines and enforcement. Encryption Policy This policy provides guidance so that encryption efforts will use only those algorithms that have received substantial...
Words: 476 - Pages: 2
...IS4550: Security Policies and Implementation Mr. Shane Stailey Edy Ngou Date: 09/20/2015 Lab week 1: Organization Wide Security management AUP worksheet ABC Credit Union Acceptable Use Policy Policy Statement The acceptable Use Policy is to ensure compliance with laws such as the Gramm-Leach-Bailey Act (GLBA) and the Federation trade commission (FTC). This policy is also to assist the Credit Union ensuring information technology (IT) security best practices with regard to it associates. Purpose / Objective The purpose of ABC Credit Union’s acceptable use policy is to define requirements for Credit Union acceptable use policies, and define the acceptable and unacceptable uses of computer equipment, internet / intranet / extranet related systems, and email by ABC Credit Union associates in the performance of their duties. This policy requires that all Credit Union electronic information systems be used for Credit Union business with minor exceptions. These rules are in place to protect the associates and ABC Credit Union. These objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale law, so that employees are constantly being replaced. Scope This policy applies to associates, contractors, consultants, and other workers at ABC Credit Union, including all personnel affiliated with third parties. Also this policy applies to all...
Words: 461 - Pages: 2
...environment brought about by technology in the last five years. Use Table 1-1 and your own personal experiences to formulate your answer. 2. Discuss the tools and technologies for collaboration and teamwork that are available and how they provide value to an organization. 3. Discuss the personal and professional implications of so much individual data being gathered, stored, and sold. Should businesses be allowed to gather as much as they want? Should individuals have more control over their data that are gathered? 4. Describe the five technology drivers of the infrastructure evolution. Which do you think has been the most influential in helping us achieve the level of technology we enjoy today? 5. Use your imagination and come up with ideas of how your organization or company can use a wireless network. What current processes will you have to change to incorporate your idea? 6. Discuss the elements of a good security policy that every business should have. The elements of a good security policy that every business should cover are acceptable use, user authorization, and authorization management systems. The security policy should include statements ranking information risks, identify acceptable security goals, and identify mechanisms for achieving the goals. The policy should describe who generates and controls information, what existing security policies are in place to protect information, what level of risk is...
Words: 652 - Pages: 3
...Travis Avery NT2580 Project Part 2 Purpose - This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing. The policies and restrictions defined in this document shall apply to all network infrastructures and any other hardware, software, and data transmission mechanisms. This policy must be adhered to by all R.I. employees, temporary workers and by vendors and contractors working with R.I. Scope- This policy document defines the common security requirements for all R.I. personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as vendors or contractors of R.I., in cases where R.I. has a legal obligation to protect resources while in R.I. possession. This policy covers all of R.I. network systems which are comprised of various hardware, software, communication equipment and other devices designed to assist the R.I. in the creation...
Words: 598 - Pages: 3
...Delores Patton Intro to Security 1-27-14 Unit 5 Assignment 2 Define and Acceptable Use Policy(AUP) An acceptable use policy (AUP) is the policy that companies used to ensure that a user must agree to follow in order to be provided with access to a network or to the Internet. LAN-to- WAN is when the network system links to a wide area network and internet. Security Administrators should monitor what users are accessing on the network, setup firewalls, apply antiviruses to identify unknown files and emails, disable pinging, probing, and port scanning on all exterior devices, and denial of outbound traffic using source IP addresses. Web Surfing is accessing the internet using different web browsers. As a Security Administrator, you should apply domain-name content filtering at the internet entry/access point. By doing this, employees might not be able to surf certain web sites on the internet. The advantage of not having access to the internet is that it could prevent the network from getting viruses and the employees will only be allowed to use the company accounts to send out emails to customers. The disadvantage of this is what if an employee is trying to assist a customer by answering a question that they need to access the internet to answer. As Richman Investment employees, guidelines to usage of email are covered under email usage policy. The following traffic is not allowed: No peer-to-peer file sharing or externally reachable file transfer protocol...
Words: 379 - Pages: 2
...Atlanta, GA Chicago, IL Cincinnati, OH User Domain * Have employees sign confidential agreement * Introduce an AUP acceptable use policy * Have HR verify an employee’s identity with background checks * Conduct security awareness training * Enable content filtering and antivirus scanning * Restrict access to only info needed to perform job * Track and monitor abnormal behavior of employees Workstation Domain * Implement workstation log on ids and password * HR must define proper access controls for workers based on jobs * IT security must then assign access rights to systems, apps, and data * IT director must ensure workstation conforms to policy * Implement second level test to verify a user’s right to gain access * Start periodic workstation domain vulnerability tests to find gaps * Define workstation application software vulnerability window policy * Use content filtering and antivirus scanning at internet entry and exit * Mandate annual security awareness training LAN Domain * Setup of user LAN accounts with logon ID and password access controls * Make sure wiring closets, data centers , and computer rooms are secure * Define strict access control policies * Implement second level identity check * Define a strict software vulnerability window policy * Use WLAN network keys that require a password for wireless access * Implement encryption between workstation and WAP LAN to...
Words: 1912 - Pages: 8
...------------------------------------------------- Week 1 Laboratory Part 1: Craft an Organization-Wide Security Management Policy for Acceptable Use Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Define the scope of an acceptable use policy as it relates to the User Domain * Identify the key elements of acceptable use within an organization as part of an overall security management framework * Align an acceptable use policy with the organization’s goals for compliance * Mitigate the common risks and threats caused by users within the User Domain with the implementation of an acceptable use policy (AUP) * Draft an acceptable use policy (AUP) in accordance with the policy framework definition incorporating a policy statement, standards, procedures, and guidelines Part 1 – Craft an Organization-Wide Security Management Policy for Acceptable Use Worksheet Overview In this hands-on lab, you are to create an organization-wide acceptable use policy (AUP) that follows a recent compliance law for a mock organization. Here is your scenario: * Regional ABC Credit union/bank with multiple branches and locations thrrxampexoughout the region * Online banking and use of the Internet is a strength of your bank given limited human resources * The customer service department is the most critical business function/operation for the organization * The organization wants to...
Words: 639 - Pages: 3
...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to log...
Words: 461 - Pages: 2
...environment brought about by technology in the last five years. Use Table 1-1 and your own personal experiences to formulate your answer. 2. Discuss the tools and technologies for collaboration and teamwork that are available and how they provide value to an organization. 3. Discuss the personal and professional implications of so much individual data being gathered, stored, and sold. Should businesses be allowed to gather as much as they want? Should individuals have more control over their data that are gathered? 4. Describe the five technology drivers of the infrastructure evolution. Which do you think has been the most influential in helping us achieve the level of technology we enjoy today? 5. Use your imagination and come up with ideas of how your organization or company can use a wireless network. What current processes will you have to change to incorporate your idea? 6. Discuss the elements of a good security policy that every business should have. The elements of a good security policy that every business should cover are acceptable use, user authorization, and authorization management systems. The security policy should include statements ranking information risks, identify acceptable security goals, and identify mechanisms for achieving the goals. The policy should describe who generates and controls information, what existing security policies are in place to protect information, what level of risk is...
Words: 306 - Pages: 2
...Prevention This document details guidelines that can be implemented to the school to prevent the recent DDoS attack the school experienced. These guidelines are by no means any requirement, however each will grant an additional layer of security for the current networks and services in production. Implement Policies and procedures An Acceptable Use Policy is a policy that defines what type of actions are allowed to be performed on the systems and network to which the policy applies. For the school, an Acceptable Use Policy may state that users of the computers and network must be performing functions related to the school such as homework, administration, research, etc. In addition to defining what is allowed, the Acceptable Use Policy should also specify what actions will be taken when a user or individual violates the policy. The acceptable use policy should be made accessible to every user. One method to do this would be to display the policy when a user logs in or direct them to where they can read the document. (Glenn, 2003.) Develop Incident Response Procedures The incident response procedures should identify the following: ← Define who the respondents are and what each individual's responsibility is ← Specify what data is to be collected and what actions are expected ◦ This would include gathering information on the attacker and a clearly defined resolution path for the team to return systems to a pre-attack state ← Details...
Words: 699 - Pages: 3