Free Essay

Intro to System Security

In:

Submitted By thiagofjv
Words 937
Pages 4
1.0 Overview

Standards for network access and authentication are highly required to the company's information security. Any user accessing the company's computer systems has the ability to compromise the security of all users of the network. Appropriate Network Access and Authentication Policy decrees the chances of a security breache by requiring application authentication and access standards across the network in all locations.

2.0 Purpose

The purpose of this policy is to illustrate what must be done to ensure that users connecting to the corporate network are authorized users in compliance with company standards, and are given the least amount of access required to perform their job function.

3.0 Scope

The scope of this policy includes all users who have access to company provided computers or require access to the corporate network and systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public accesses to the company’s externally-reachable systems, such as its corporate website or public web applications, are specifically excluded from this policy.

4.0 Policy

4.1 Account Setup
During initial account setup, certain checks must be performed maintain the integrity of the process. The following policies apply to account setup:

• Positive ID with Human Resources
• Users will be granted least amount of network access required to perform his or her job function as long as they remain employed with the company

• Users will be granted access only if he or she accepts the Acceptable Use Policy.

4.2 Account Use
Network accounts must be delegated in a standard form and used across the organization. The following policies apply to account use:

• Accounts must be created using a standard format firstnamelastname, etc.

• Accounts must be password protected.

• Accounts must be for individuals only. Account sharing and group accounts are not permitted in any circumstances’

• Guests will have a business need for access to the network. When a reasons demonstrated, temporary guest access is allowed for a period needed to complete the task. This access will give minimal access will be restricted to only the necessary timeframe to complete their job

• Individuals requiring access to confidential data must have an account. This account will be subject to additional monitoring or auditing at the discretion of the IT Manager or executive team, or as required.

4.3 Account Termination
Maintaining network and user accounts, it’s really important to have communication with the Human Resources department so that when employee are hired or no longer Employed at the company any more accounts can be disabled. Human Resources must let the IT Manager know
4.4 Authentication
User machines must be configured to request authentication at startup. If the domain is not available or can not verify for some reason cannot occur, then the machine should not be permitted to access the network.

4.5 Use of Passwords when accessing the network username and password are acceptable means of authentication. Usernames must be meet the requirements presented in this document, and passwords must meet all requirementsto the company's Password Policy.

4.6 Remote Network Access
Remote access to the network can be provided for convenience to users but this comes at some risk to security. For that reason, the company encourages additional scrutiny of users remotely accessing the network. The company's standards dictate that username and password is an acceptable means of authentication as long as appropriate policies are followed. Remote access must adhere to the Remote Access Policy.

4.7 Screensaver Passwords
Screensaver passwords offer an easy way to strengthen security by removing the opportunity for a malicious user, curious employee, or intruder to access network resources through an idle computer. For this reason screensaver passwords are required to be activated after 5 minutes of inactivity.

4.8 Minimum Configuration for Access
Any system connecting to the network can have a serious impact on the security of the entire network. Vulnerability, virus, or other malware may be inadvertently introduced in this manner. For this reason, users must strictly adhere to corporate standards with regard to antivirus software and patch levels on their machines. Users must not be permitted network access if these standards are not met. This policy will be enforced with product that provides network admission control.

4.9 Encryption
Industry best practices state that username and password combinations must never be sent as plain text. If this information were intercepted, it could result in a serious security incident. Therefore, authentication credentials must be encrypted during transmission across any network, whether the transmission occurs internal to the company network or across a public network such as the Internet.

4.10 Failed Logons logon failures are indications that someone is attempt to 'crack' a password to access a network account. In order to protect against password-guessing and brute-force attempts, the company must lock a user's account after 3 unsuccessful logins. This can be implemented as a time-based lockout or require a manual reset, at the discretion of the IT Manager.

4.11Applicability of Other Policies
This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.

5.0 Enforcement

This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property are suspected, the company may report such activities to the applicable authorities.

Similar Documents

Free Essay

Itil 2011 Foundations Study Guide

...ITIL Study Guide | | | | ITILFND01 Service Management as a practice The purpose of this unit is to help the candidate to define Service and to comprehend and explain the concept of Service Management as a practice. 01-1. Describe the concept of Good Practice (SS 1.2.2) 01-2. Define and explain the concept of a Service (SS 2.2.1) 01-3. Define and explain the concept of Service Management (SS 2.1) 01-4. Functions and Processes (SS 2.3, 2.6.1, SD 2.3, SD 3.6.4, ST 2.3, SO 2.3, 3.1, CSI 2.3) 01-5. Explain the process model and the characteristics of processes (SD 2.3.2, 3.6.4) The recommended study period for this unit is minimum 45 minutes ITILFND02 The Service Lifecycle The purpose of this unit is to help the candidate to understand the value of the Service Lifecycle, how the processes integrate with each other, throughout the Lifecycle and explain the objectives and business value for each phase in the Lifecycle 02-2. Structure, scope, components and interfaces of the Service Lifecycle (SS 1.2.3 All ) 02-3. Account for the main goals and objectives of Service Strategy (SS 1.3) 02-4. Account for the main goals and objectives of Service Design (SD 2.4.1, SD 3.1) 02-5. Briefly explain what value Service Design provides to the business (SD 2.4.3) 02-6. Account for the main goals and objectives of Service Transition (ST 2.4.1) 02-7. Briefly explain what value Service Transition provides to the business (ST 2.4.3) 02-8. Account for the main goals and...

Words: 1961 - Pages: 8

Premium Essay

It/244 Week 1

...Student Name: Philip J. McCarthy UNIVERSITY OF PHOENIX IT/244 INTRO TO IT SECURITY Instructor’s Name: JAMES SERSHEN Date: 04/18/2012 1. Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1.1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Company I have chosen is, The Bloom Design Group. The Bloom Design Groups mission is to provide online interior design services to its customers. The company offers their customers interior design services. What sets this company apart from others is that they have a website that allows customers a chance to design and decorate their rooms to their liking in a virtual environment before spending their money. The option provided for their customers is a virtual decorating tool. With this tool customers can play around with various color schemes for each room’s floor and ceilings, as well as customizing furniture as well. Then employees are able to access the corporate network through a VPN collection to access their client files, in order to place electronic orders for the design materials and furniture. 1.2. Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. Program-Framework security policy is the best overall for this type of company. As The Bloom...

Words: 924 - Pages: 4

Free Essay

Swear as Mechanism to Pain

...Chapter 2 OPERATING SYSTEM CONCEPTS SYS-ED/ Computer Education Techniques, Inc. Solaris System Administration: Introduction Operating System Concepts Objectives You will learn: • Operating system components. • Solaris usage of processes. • File management and file systems. • Use of the Solaris Management Console. SYS-ED/COMPUTER EDUCATION TECHNIQUES, INC. (Solaris – System Admin: Intro - 6.5) Ch 2: Page i Solaris System Administration: Introduction 1 Operating System Concepts Operating System: Definition An operating system is the set of programs that controls a computer. The core of the operating system is the kernel. The kernel is a control program that functions in privileged state that allows all hardware instructions to be executed. It reacts to interrupts from external devices and to service requests and traps from processes. The kernel creates and terminates processes and responds to requests for service. Operating systems are resource managers. The main resource is computer hardware in the form of processors, storage, input/output devices, communication devices, and data. Operating system functions include: • Implementing the user interface. • Sharing hardware among users. • Allowing users to share data among themselves. • Preventing users from interfering with one another. • Scheduling resources among users. • Facilitating input/output. • Recovering from errors...

Words: 2421 - Pages: 10

Premium Essay

Google

...Intro Intro Swot BalancedScorecard Conclusion Corporate finance 2 Ngoc-Viet Vo Binh-Duong Doan Yuming Hao Huili Liu Noelia Martin Plaza Khurram Shahzad © 2010 - GMP IAE LYON 3 Intro Intro Swot BalancedScorecard Conclusion Plan Intro Swot Scorecard Conclusion Plus Introduction SWOT Analysis Balanced Scorecard Strategies & Indicators GMP Corporate Finance Plus Conclusion 2 Intro Intro Swot BalancedScorecard Conclusion introduction 3 Intro Intro Swot BalancedScorecard Conclusion Introduction Intro Swot Scorecard Conclusion Plus GMP Corporate Finance Plus Google is a global technology leader focused on improving the ways people connect with information. Incorporated in California in September 1998 and reincorporated in Delaware in August 2003. Headquarters are located at 1600 Amphitheatre Parkway, Mountain View, California 94043 4 Intro Intro Swot BalancedScorecard Conclusion Introduction Intro Swot Scorecard Conclusion Plus Mission: Google’s mission is to organize the world’s information and make it universally accessible and useful GMP Corporate Finance Plus Major Products: Google Web Search with Advanced Search Functionality Web Page Translation—supports 41 languages Integrated Tools—such as a spell checker, a calculator, a dictionary and currency and measurement converters Google image and book search Google Scholar Google Finance Google webmaster...

Words: 1119 - Pages: 5

Premium Essay

It/244 Final

...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...

Words: 1790 - Pages: 8

Premium Essay

Xbrl

...accounting + auditing Intro to XBRL Patricia Francis xbrL Is resHApING tHe FINANcIAL reportING LANDscApe WorLDWIDe, AND LooKs set to Do tHe sAme IN mALAYsIA oNce FuLLY ImpLemeNteD bY LocAL reGuLAtors AND busINesses. Are You xbrL reADY? The objectives of SSM’s SDP II are: • To enhance delivery and improve accuracy of information; • To achieve a standardised and consistent mode of reporting with enhanced analytical capabilities; • To promote data usability and exchange flow with external stakeholders. According to Nor Azimah, SSM also promotes the adoption of XBRL as a nationwide format to be used by key agencies such as the Inland Revenue Board (LHDN), Securities Commission (SC) and Bursa Malaysia and the building of extension taxonomies by the mentioned agencies. The said adoption will provide SSM, other regulators and businesses with detailed data which can be aggregated and made available to stakeholders in the form of industry analysis for industrial benchmarking. The move to XBRL-based reporting is also in line with plans to transform Malaysia into a digital country by 2020, as XBRL reports form part of the digital reporting chain. At the recent Digital Malaysia Press Conference held on 5 July 2012 by the Ministry of Science, Technology and Innovation (MOSTI) along with Multimedia Development Corporation (MDeC), Datuk Badlisham Ghazali, CEO of MDeC told the media that Digital Malaysia will help drive automation and technology adoption to ensure productivity and...

Words: 2550 - Pages: 11

Free Essay

Training Schedual

...TRAINING SCHEDUAL DATABASE Eilean L. Greene Dr. Jon Drake Washington Adventist University Healthcare Systems Analysis June 22, 2014 Table of Contents Table of Contents 2 Abstract 3 Referance………………………………………………………………………………………….8 Appendix………………………………………………………………………………………….9 Abstract This essay will focus on the requirements needed to build a database for the scheduling process, the advantages and disadvantages of moving the schedule to a database .I will define referential integrity and how this database concept ensures that the relationships between tables remain consistent and whether or not the advantages outweighed the difficulty of setup. The requirements to build a database design for scheduling are tables, records, primary key relationship that will make up the database. The database is a relational one as defined by the primary key. The advantages of moving this scheduling to database is reduction in data redundancy, decreases in updating errors and increased consistency along with greater data integrity. Lat but not least I will discuss the ethical issue of change over to an automate system. I have created a graph of the database along with an access database. . TRAINING SCHEDUAL DATABASE This essay will focus on the requirements needed to build a database for the scheduling process, the advantages and disadvantages of moving the schedule to a database...

Words: 1357 - Pages: 6

Free Essay

Salim Lims

...Private Contractor versus Government-Operated System on Aviation Security Travis Park Embry-Riddle Aeronautical University ASCI 202: Intro to Aeronautical science I. Summary: Throughout the 1960s, 70s, and 80s, the government developed its security system by introducing inspection devices, canine teams, and etc. However, on September 11, 2001, the most terrible tragedy has changed the United States. It was the most shocking moment in the history, and it changed the whole security system in aviation industry. The Aviation and Transportation Security Act of 2011 (ATSA) was passed, and the federal government created Transportation Security Administration (TSA) and gave direct responsibility of aviation and airport security to TSA. Although the government has done its best for aviation security, the government-owned system has its pros and cons. This research paper would discuss the pros and cons of security system between private contractor and government-owned system. II. Problem: The United States called for more effective security system on the aviation industry, which ensures the safety and protect the country. However, the government agencies do not always succeed its efficiency and created many loss compare to private sector. The ATSA required TSA to run a two-year long pilot program, culminating the Screening Partnership Program (SPP), which allowed airports have private contractors for its security personnel and maintain issue that operate under the TSA requirements...

Words: 651 - Pages: 3

Premium Essay

Security

...Delores Patton Intro to Security 1-27-14 Unit 5 Assignment 2 Define and Acceptable Use Policy(AUP) An acceptable use policy (AUP) is the policy that companies used to ensure that a user must agree to follow in order to be provided with access to a network or to the Internet. LAN-to- WAN is when the network system links to a wide area network and internet. Security Administrators should monitor what users are accessing on the network, setup firewalls, apply antiviruses to identify unknown files and emails, disable pinging, probing, and port scanning on all exterior devices, and denial of outbound traffic using source IP addresses. Web Surfing is accessing the internet using different web browsers. As a Security Administrator, you should apply domain-name content filtering at the internet entry/access point. By doing this, employees might not be able to surf certain web sites on the internet. The advantage of not having access to the internet is that it could prevent the network from getting viruses and the employees will only be allowed to use the company accounts to send out emails to customers. The disadvantage of this is what if an employee is trying to assist a customer by answering a question that they need to access the internet to answer. As Richman Investment employees, guidelines to usage of email are covered under email usage policy. The following traffic is not allowed: No peer-to-peer file sharing or externally reachable file transfer protocol...

Words: 379 - Pages: 2

Premium Essay

Cyber Security Plan

...Project Intro/Definition 1. Cyber security is a type of technology where it takes preparatory measure to ensure user protection and information privacy. (http://www.idigitaltimes.com/cybersecurity-information-sharing-act-advances-senate-heres-why-apple-twitter-485485) Cyber security growing challenges (2 prominent topics) Complexity of the joined environment * The technique with movement of the web is represent by a huge measure of data. * The advanced economy dynamically depends on upon boundless measures of computerised data that are made through money related trades, diversion, communications, travel, web filtering, shopping and a few other routine activities. * Threats in the cyber world will continue concentrating on the weakest joins in any puzzling web of business associations or government methodology, which means partners in cyber security, tries having a shared part in guaranteeing the structure and the information that course through. Threats are moving to the mobile sphere * Mobile phones contain a considerable measure of individual information. * In this new advanced time, there is variety of components and applications that is highly important and valuable, however near to these utilities for user is the probability for new vulnerabilities or open entryways for breaches. * As cyber threats continuously target mobile phones especially smartphones, which is a booming trend for the past few years, data security transforms...

Words: 567 - Pages: 3

Premium Essay

Clover Living In Chinatown Research Paper

...Clover Living in Chinatown, Calgary, Alberta Intro – General Clover Living in ChinaTown, in Calgary, Alberta, stands directly behind the historic Calgary Chinese United Church and is an integral part of Calgary’s Chinatown, a community with more than 100 years of history. Clover Living in Chinatown has established a deserved reputation as a highly desirable retirement home, designed for Chinese and other Oriental people who wish to age in a space of Chinese culture. Intro - Retirement Homes To retire is to move into a new chapter of your life, it is time to take joy in meaningful activities and leave the tiresome responsibilities of home ownership behind you. At Clover Living in Chinatown, we offer exceptional staff, accommodations that are second to none and a philosophy that puts you, and...

Words: 676 - Pages: 3

Premium Essay

It/244 Appendix C

...Introduction Student Name: Pete Lorincz University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tom Joseph Date: June 10, 2012 Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1 Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Bloom Design Group which provides services throughout the globe and has two locations in the United States, located in Los Angeles, and New York. The corporate office is located in New York. The company offers customers a virtual decorating tool for their clients to create their specific designs. The website allows the interior designers to access the client files and company style guides along with the ability to electronically process orders for design materials and furniture. A secure login and password is required from the designers to access the website and its many features. The employees work remotely to access the corporate network use a VPN. 2 Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. The implementation of the system-specific policy would be the proper choice for Bloom Design Group. The system-specific policy is required because Bloom Design has customers and designers...

Words: 664 - Pages: 3

Premium Essay

Disaster Recovery Plan

...Disaster Recovery Plan Brandon Brown University of Phoenix IT/244 Intro to IT Security Katarina Brunski October 14, 2013 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Authentication Authentication establishes the identity of a user on a network. Malicious user and programs try to disrupt the service of the network in an attempt to obtain sensitive information or falsify data by mimicking valid persons. Differentiating the malevolent from the valid or appropriate individuals is a part of the authentication process and is vital to network security. Every worker will have photo access badges that will be coded to either allow or disallow personnel from certain areas. The access badges will only allow the workers into areas that they are cleared to enter, and when they enter those areas, the times will be logged. Workers will access to the network by having a unique username and password that is not to be shared with anyone else, at all. Access control strategy Discretionary access control This is to permit the right to use the system only to users who have correct authorization. Least privilege is basically having things on a need to know basis. The entry-level worker does not need to be privileged to the same information and access as the senior IT director. Least privilege will allow the user to access only the information that they need to do their job...

Words: 622 - Pages: 3

Premium Essay

Domain Ssecurity Plan

...Intro to Information Security Project Part 1 Listed below are some of the different layers of security that a Network Administrator or Security Administrator could implement on different domains in order to increase the strength of the servers against attacks. Many of these are universal implementations and can be applied to multiple types of servers / domains. To increase the security of a User Domain at the user level an administrator should apply Group Policy settings in order to require end-users to use complex passwords. This increases the strength of the authentication process and helps prevent easy password cracking techniques such as Brute Force. To help prevent the extraction of data on the next layer, Workstation Domains, workstations should be setup to have important data encrypted on the drive. In the event of data extraction or theft of the drive, this would ensure that the data could not be utilized. On the next layer, LAN Domains, it is important to implement spam filters in order to intercept and “weed out” potentially malicious incoming packets, connections, & emails to the server. It is also important to set Group Policy settings to initiate session timeouts for active sessions on the LAN and also on the WAN Domains. This will provide an extra layer of security if users walk away from their active workstations for an extended period of time. It will also help to secure the sessions from outside attacks if accidentally left open. Also, a good Network...

Words: 367 - Pages: 2

Premium Essay

Introduction to Security

...of Phoenix IT/244 Intro to IT Security Instructor’s Name: Date: October 28, 2012 Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1 Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. Sunica Music and Movies is the company that I have chosen. Working independent of one another, the four locations cannot effectively service their costumer’s needs when it comes to inventory and special items, which is causing the stores to lose money due to the lack of good communication between each of the stores. By not having access to share, any customer information or inventory between the stores costumers are growing tired of the inconvenience. In other words, they do not have the best communications skills. What they are trying to do is make it very simple so that they are able to connect to each other through the internet to a central database so that customers are able to see what is available and what they have in stock. This way the stores will be able to communicate with one another through the internet and to know what is available at the other locations and what items that are being sold in order to keep the more popular items in stock and not waste time or money ordering the items that are not creating positive revenue. 2 Security policy overview Of the different types of security policies—program-level...

Words: 735 - Pages: 3