...I was asked to identify three domains that are affected by our “Internal Use Only” data classification standard. After doing some research I have found that the three domains most affected by the classification are the: User domain, Workstation domain, and LAN domain. The user domain is made up of the people who access our information system. We currently have an AUP (Acceptable Use Policy) set in place for this domain. Any third party that requires access to our network is to sign an AUP and a confidentiality agreement. This domain is the weakest and the most affected by the classification for multiple reasons. There is lack of user awareness; make sure to conduct security training and place reminders around the office. You have blatant security violations; when there are violations place employees on probation and review the AUP. We also have users downloading various different files; Enable content filtering and automatic antivirus scans. The workstation domain is made up of the devices that employees use to connect to the IT infrastructure. It is necessary to make sure all employees can easily access any tools needed to perform their work duties. This domain requires tight security and access controls because this is where users first access the system. This is where someone can enter the system to do damage. You can have unauthorized user access; make sure strong password protection and auto screen lockout are enabled. There can be software vulnerabilities...
Words: 286 - Pages: 2
...Intern Douglas Jaycox I was asked to prepare a report concerning the “Internal Use Only” data classification standard set by Richmond Investments. This report will pertain to three layers of the IT infrastructure at risk concerning the Internal Use Only standard.. The first is the User Domain. The User Domain is the weakest link in the infrastructure Personal information is created at this layer of the infrastructure. That information can be used to obtain Internal Use Only information. The second is the Workstaion Domain. The Workstation domain is vulnerable due to the fact that it is where the user accesses the system, applications, and data for the company. You need login and password authentication to be allowed to access information. The third is the Remote Access Domain. At this layer security is very vulnerable due to wireless access. When using Remote Access more layers of security are needed to avoid someone intercepting the information sent over the Internet. By using Remote Access devices there are many ways that secure data can be compromised. In all of these areas login and passwords need to be used I also suggest using a second level of authentication by the use of security questions. After a specified number of failed attempts user should be locked out of system and an IT manager should be notified before access for that user is granted. VPN tunnels are another good thing to use because data is encrypted both going out and coming in. Above all else hard...
Words: 299 - Pages: 2
...The following report will address the three main IT infrastructure domains that the Richman Investments “Internal Use Only” data classification policy applies to. “Internal Use Only” is used to classify any internal data shared within our organization that may or may not be confidential in nature but is not intended to leave the company. The three main domains affected by this policy are the User Domain, Workstation Domain, and the LAN Domain. The User Domain is anyone who accesses the company’s information system and is the weakest link in the infrastructure. Users will be strictly held to the acceptable use policy (AUP) which acts as a guidebook for what users are allowed to do with the company’s IT assets. Violation of the AUP can be grounds for immediate dismissal and/or legal actions. Any third party that may need access to our systems will need to adhere to these policies as well and will need to sign an agreement before any access is given. The Human Resources department will be responsible for ensuring that all employees have signed an agreement to the AUP. All employees must pass a background check and their identities verified by HR before any access to Richman’s systems are granted. The Workstation Domain is where most users will connect to Richman’s IT infrastructure. This includes all desktops, laptops, PDAs, smartphones, and tablets. No personal devices or removable media will be allowed to connect to Richman’s system. Any devices or removable media needed to conduct...
Words: 365 - Pages: 2
...at Richman investments, I was s asked to write a brief report that describes the "internal use only" data classification standard of Richman investments. I will list a few of the IT infrastructure domains that are affected by the standard and how they are affecting the domain and their security here at Richman investments. * User domain The user domain defines the people who access an organizations information system. In the user domain you will find an acceptable use policy (AUP). An AUP defines what a user can and cannot do with organization-owned IT assets. It is like a rulebook that the employees must follow. Failure to follow these rules can be grounds for termination. The user domain is the weakest link in an IT infrastructure. Anybody who is responsible for computer security understand what motivates someone to compromise an organization system, application, or data. Now I am going to list risk and threats commonly found in the user domain and plans you can use to prevent them. Lack of user awareness - solution - conduct security awareness training, display security awareness posters, insert reminders in banner greeting, and send email reminders to employees. Security policy violation- solution - place employee on probation, review AUP and employee Manuel, discuss during performance review. Employee blackmail or extortion- solution - track and monitor abnormal employee behavior and use of IT infrastructure during off hours. Alarms and alerts programmed within an IDS/IPS...
Words: 297 - Pages: 2
...NT2580 Unit 1 Assignment 2 Internal Use Only Here at Richmond Investments we need to ensure we meet a data classification standard when it comes to our employees accessing the internet from work provided computers and having access to privileged work related data. Under this standard we will implement standards for the LAN Domain, Workstation Domain, and the User Domain. For the LAN Domain we will need to secure the wiring closets, data centers, and computer rooms are secure. For access to these areas personnel will have to have the proper credentials and without them they will not be allowed access. We will need electronic door locks with a push button code. This would ensure that nobody can get into those rooms without that code. For the Workstation Domain we will require user name and passwords on all computers. This will ensure that access to the system will only be available to those that have already been added to the network by an IT Administrator. We will keep the computers up to date with current anti-virus software and regular monitoring. Only approved devices will be allowed to function with the workstations. This will eliminate possible outside threats from getting any data off the network in case they do gain access to an unlocked workstation. For the User Domain we will have an employee manual and acceptable use policy for all employees to follow. Each employee will be placed under the group in which they work for and only have access to the data that...
Words: 421 - Pages: 2
...is to highlight three IT infrastructure domains that are affected by the internal use only data classification standards as used in Richman Investment. The three main IT infrastructure domains that will be discussed in this report are User domain, Workstation domain, and LAN. “Internal Use Only”- This refers to data shared internally in an organization, which is not supposed to be disseminated beyond the confines of the company. Before such data can be shared, it must be approved. This information is considered critical. If compromised and found in the wrong hands, it may cost the organization lots of money and time before such problem can be solved and restored. “User Domain”- Most users who have access to the computer information system of the company have access to the user domain and this is the weakest domain in the infrastructure. Everyone who has this access must comply with an ‘Acceptable Use Policy(AUP)” whether you are a contractor, company employees, customers or third party representative. All users with access to this domain understand that wrongful dissemination of company`s data could compromise the whole computer information system. “Workstation Domain”- This domain includes workstations and computers that are approved by the company for an individual user. Users need verification before allowed access to the workstation domain. Most verifications are done with the use of usernames and passwords; everyone is asked to log in to ensure only...
Words: 404 - Pages: 2
...I was asked to identify three domains that are affected by our “Internal Use Only” data classification standard. After doing some research I have found that the three domains most affected by the classification are the: User domain, Workstation domain, and LAN domain. The user domain is made up of the people who access our information system. We currently have an AUP (Acceptable Use Policy) set in place for this domain. Any third party that requires access to our network is to sign an AUP and a confidentiality agreement. This domain is the weakest and the most affected by the classification for multiple reasons. There is lack of user awareness; make sure to conduct security training and place reminders around the office. You have blatant security violations; when there are violations place employees on probation and review the AUP. We also have users downloading various different files; Enable content filtering and automatic antivirus scans. The workstation domain is made up of the devices that employees use to connect to the IT infrastructure. It is necessary to make sure all employees can easily access any tools needed to perform their work duties. This domain requires tight security and access controls because this is where users first access the system. This is where someone can enter the system to do damage. You can have unauthorized user access; make sure strong password protection and auto screen lockout are enabled. There can be software vulnerabilities...
Words: 426 - Pages: 2
...Internal use only is information that may or may not be confidential. That is shared within our organization and kept away from the public. With this being said it is imperative that we seek the fallowing to be incorporated within the standards in each domain. User Domain refers to the people who have access to the organizations equipment User domains tend to be the worst domain for security. The reasoning for this is the multitudes of social networking and the fallacy’s of the employee’s not even meaning to release information that could be detrimental. Employees are responsible for their own equipment. The best way to avoid this is to set up an Acceptable use Policy (AUP) that informs employees what they can and cannot do with company information, equipment, and resources. We must hold employees accountable who are abusing company’s AUP. Workstation Domain refers to the computers or electronic devices in which a user uses to access the system. The threats to this domain which vary from unauthorized access to downloading personal files, the best way to fix this is to “Harden” the system by setting up firewalls, anti-virus, malware programs and restricted access to popular web page such as Social networking websites, Music sites, and video web pages. Monitor of disable the installation of software and Restrict or disable the use of removable data devices unless authorized by system Administrators. A user that violates the AUP they should be given restricted access until further...
Words: 457 - Pages: 2
...infrastructure. Assignment Requirements You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By: Unit 2 Self-Assessment Checklist * I have identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. * In my report, I have included details on how those domains are affected. Internal Use Only The term “internal use only” is a term that refers to information or data that could also include communications are intended to stay within the company. Items that are classified as “internal use only” is not always classified material. The results of this information being compromised could have a lasting negative affect on the company’s profits, any contracts or customers, and the creative property that is...
Words: 835 - Pages: 4
...Argumentative Writing Rubric 9-10 | Advanced | Proficient | Basic | Not Yet | Claim: The text introduces a clear, arguable claim that can be supported by reasons and evidence. | The text introduces a compelling claim that is clearly arguable and takes a purposeful position on an issue. The text has a structure and organization that is carefully crafted to support the claim. | The text introduces a precise claim that is clearly arguable and takes an identifiable position on an issue. The text has an effective structure and organization that is aligned with the claim. | The text introduces a claim that is arguable and takes a position. The text has a structure and organization that is aligned with the claim. | The text contains an unclear or emerging claim that suggests a vague position. The text attempts a structure and organization to support the position. | Development: The text provides sufficient data and evidence to back up the claim as well as a conclusion that supports the argument. | The text provides convincing and relevant data and evidence to back up the claim and effectively addresses counterclaims. The conclusion strengthens the claim and evidence. | The text provides sufficient and relevant data and evidence to back up the claim and addresses counterclaims fairly. The conclusion effectively reinforces the claim and evidence. | The text provides sufficient data and evidence to back up the claim and addresses counterclaims. The conclusion ties to the claim and...
Words: 668 - Pages: 3
...RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base information system, applications and data. This layer requires a login and password authentication...
Words: 306 - Pages: 2
...Charles Elliot 6/20/15 To: Richman Investments Employees. Subject: Internal Use Only Policy This report is to inform all members of Richman investments of their Internal Use Only policy. We will be discussing what this policy means, its effect on running day to day tasks on the network, and what protocols we are to follow when under the enforcement of this policy. Internal use only simply means that the data stays on site, or that an organization shares the information internally. And while the information may or may not be of a sensitive nature, there will be no exchange of data or communication of any kind outside of the organization. Any person(s) who wish to gain access to any information within Richman Investments infrastructure must authenticate themselves by logging on to their User profile and entering their password. All Users must agree and adhere to the AUP-Acceptable Use Policy. The AUP is a policy that states what a user can or cannot do with information from Richman Investments. Failure to adhere to the AUP will result in disciplinary actions both in their profession as well as legal disciplinary actions. The workstation is where the User connects to the infrastructure. There are no personal or recording devices or removable media of any kind allowed at the workstation. Richman Investments will provide and devices and removable media themselves, also these devices are never to leave the premises. The infrastructure administrators will determine which information...
Words: 317 - Pages: 2
...Conflicting goals are always a potential in an internal environment; however, there are underlying factors in which goals can, and at times do, conflict, especially when it comes to employee development. There can be conflict between the goals of innovation and change and productivity, but this is most likely a management issue more than a flaw in either goal. It is important to keep in mind there are always alternatives to resolving conflicts. When setting goals, one must look at the cost, duration, flexibility, as well as the permanence it has among employees. Additionally, the goals that a company sets may be overwhelming for employees. Employees, as well as managers, will need to be aware of the different dynamics the goals may cause the organization to go through. Moreover, employees may resist to the change causing a negative impact on the productivity of the company (Carter, 2009). Other conflicts may include new management, training, employee performance and external views. Externally, stakeholders may not agree with goals an organization has set which is a conflict of interest. Internal process approach would be the most appropriate analyzing a police department. A police department has to have a cohesive group of employees because it is an extremely serious career path. This approach shows how the indicators reveal an evaluation of the coordination of the organizations parts. This type of work must be fluent in goals and actions to accurately monitor the residents...
Words: 733 - Pages: 3
.............................................................4 2.1 Company Information………………………………………………………………4 2.2 Site Goal……………………………………………………………………………..4 2.3 Organizational Culture…………………………………………………….............4 2.4 Affects of Physical Settings on Information Access and Use...........................4 2.5 Primary Audience and Secondary Users…………………………………………5 2.6 Audience Demographics and Psychographics…………………………………..5 2.7 Primary Use of Product or Service………………………………………………..5 2.8 Role of Current Resources………………………………………………………...5 2.0 VISUAL AND FUNCTIONAL DETAILS..............................................................5 3.9 Internal/External User Site Map…………………………………………………...6 3.0 SPECIFIC REQUIREMENTS..............................................................................7 4.10 Performance Requirements………………………………………………………..7 4.11 Platform………………………………………………………………………………7 4.12 Database…………………………………………………………………………….7 4.13 Security………………………………………………………………………………7 4.14 Site Hosting………………………………………………………………………….8 4.15 Major Pages, Functions, Features and Use Cases……………………………..8 4.16.1 Home Page…………………………………………………………………9 4.16.2 Search……………………………………………………………………....9 4.16.3 Search Result Page(s)…………………………………………………….9 4.16.4 Shopping Cart………………………………………………………….......9 4.16.5 Checkout…………………………………………………………………….9 ...
Words: 2592 - Pages: 11
.............................................................4 2.1 Company Information………………………………………………………………4 2.2 Site Goal……………………………………………………………………………..4 2.3 Organizational Culture…………………………………………………….............4 2.4 Affects of Physical Settings on Information Access and Use...........................4 2.5 Primary Audience and Secondary Users…………………………………………5 2.6 Audience Demographics and Psychographics…………………………………..5 2.7 Primary Use of Product or Service………………………………………………..5 2.8 Role of Current Resources………………………………………………………...5 2.0 VISUAL AND FUNCTIONAL DETAILS..............................................................5 3.9 Internal/External User Site Map…………………………………………………...6 3.0 SPECIFIC REQUIREMENTS..............................................................................7 4.10 Performance Requirements………………………………………………………..7 4.11 Platform………………………………………………………………………………7 4.12 Database…………………………………………………………………………….7 4.13 Security………………………………………………………………………………7 4.14 Site Hosting………………………………………………………………………….8 4.15 Major Pages, Functions, Features and Use Cases……………………………..8 4.16.1 Home Page…………………………………………………………………9 4.16.2 Search……………………………………………………………………....9 4.16.3 Search Result Page(s)…………………………………………………….9 4.16.4 Shopping Cart………………………………………………………….......9 4.16.5 Checkout…………………………………………………………………….9 ...
Words: 2592 - Pages: 11
