Premium Essay

Multi-Layered Security Outline Plan

In:

Submitted By dsatter59
Words 751
Pages 4
RICHMAN FINANCIAL INVESTMENTAND CONSULTING FIRM

Multi-Layered Security Outline Plan

IT Infrastructure Security

Daniel Satterfield

7/1/2014

Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls

MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN
The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated.
The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture.
First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office.

USER DOMAIN
Risk Threats and Vulnerabilities Security measures and controls

Lack of user awareness, Security Policy Violations, user destruction of Systems Applications and Data
Conduct security awareness training, post Security posters, send monthly security email reminders to all employees, implement Acceptable Use

Similar Documents

Premium Essay

Creating a Multilayer Network

...Chris Lewis 10/16/15 NT2580 Project 1 Multi Layered Security Plan We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain- Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or 60 days). Passwords must be used, passwords must have more than eight characters, and users must incorporate numbers and letters. System/Application...

Words: 386 - Pages: 2

Premium Essay

Meow Investments Meow Documents

...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Reading  Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work:  Data Classification Standard  Information System  Information Systems Security  Layered Security Solution  Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes  You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...

Words: 1409 - Pages: 6

Premium Essay

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report...

Words: 530 - Pages: 3

Free Essay

Plag Check

...Multi-Layered Security Plan The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office. Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices(Symantec 2008). What's more, while yesterday's attack activity consisted of a single compromise...

Words: 866 - Pages: 4

Premium Essay

Intro to Info Security Project Part 1

...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the...

Words: 726 - Pages: 3

Free Essay

It255 Project

...Part I The following outline presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions...

Words: 779 - Pages: 4

Premium Essay

Nt2580:Project Part 1

...The following is a multi-layered security plan outline for Richmond Investments that will address general security solutions for the safety of the company’s data and information. The outline will state recommended security solutions for each of the seven domains of the IT infrastructure. User Domain One of the most common vulnerabilities within the User domain is the lack of awareness or concern for employees towards the security policies of the company. To minimize this vulnerability Richmond investment is requiring that all company employees participate in a mandatory refresh security awareness training every four months. These mandatory refresh classes are aimed at educating employees regarding the best practices for opening email, password creation, reminding employees of security policies that might have been overlooked the first time they received their training, and other policies that ultimately can help prevent malicious threats. Workstation Domain The most common vulnerabilities in the workstation domain include unauthorized user access, weaknesses in the software currently installed, and possible introduction to malicious software. To help minimize the risk of unauthorized access, the company will enable password protection on all the devices and recommend that all users lock the computers every time they step of the workstation. In addition, the company’s network administrator will be responsible to keep all software and applications up to date with the latest...

Words: 725 - Pages: 3

Free Essay

Project Part 1,

...Project Part 1 : Multilayered Security Plan The safety and security of information owned by Richman Investments is extremely important and needs to monitored constantly. Through the following outline I hope to enhance the companies security, update systems and applications and ensure the integrity of the information stored on the network. The outlined areas will be monitored and reported monthly to senior management and will be updated as needed. The following outline will touch on each domain and will include security measures needed for those domains. 1.0 User Domain 2.1 Mobile storage disabled 2.2 Admittance to work area and computer with badge only. No visitors permitted 2.3 Multi-layered authentication with username/password and either token or biometrics 2.4 Training of new hires or quarterly training of current employees on security awareness 2.5 Security software with scanning capabilities to ensure no malware or virus intrusion is allowed. 2.0 Workstation 3.6 Hardware inventory taken quarterly to asses needs for new equipment or updates. 3.7 Software database examined to asses need for updates or antivirus renewal. 3.8 Different departments will be assessed groups in active directory to prevent authorization conflicts or confusion 3.9 Admittance to workstations will only be permitted with proper credentials, badge or token. 3.0 Lan 4.10 All cabinets and server rooms will be locked...

Words: 656 - Pages: 3

Premium Essay

Nt2580 Project Part 1

...This outline will, in brief, give some context to the security plan for Richman Investments’ overall IT infrastructure. The best security, is a proactive, multilayer approach that takes into account the various domains of our network. This a brief outline of the various types of solutions that will begin to mitigate to minimize our risks and vulnerabilities. Multi-layer security plan. This will detail the many areas of vulnerability and risk that will be mitigated by the various security strategies that will be implemented through the seven domain layers of our IT infrastructure. 1. User a. Education – use of strong passwords, locking work stations b. restrict access to critical user files only – principle of least privilege 2. Workstation a. Access control – password protected workstations and auto screen locking b. Antivirus-Strong, automatic programs that scan for threats 3. LAN a. Physical security – All wiring closets and server rooms should be locked b. Set up encryption between workstations and wireless access points. 4. LAN to WAN a. Disable unused ports, ping, and port scanning on exterior devices b. Strict zero-day policy for patching c. Strict security monitoring for intrusion detection Tyler Straub 3 5. WAN a. Use encryption and VPN tunnels to secure sensitive data on the internet b. Use anti-virus to scan all e-mails for malicious attachments 6. Remote access a. Encrypt all...

Words: 345 - Pages: 2

Premium Essay

Intro to Information Security

...Into To security Project Part 1: Multi-Layered Security Plan: As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan: User Domains: Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs. Workstation Domains: These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define workstation...

Words: 727 - Pages: 3

Free Essay

Nt2580 Homework 1

...This multi layered security plan will provide a brief overview the strategies to be implemented to each level of the information technology infrastructure. The IT infrastructure consist of seven domains User, Workstation, LAN, WAN, LAN-to-WAN, Remote Access, and Systems/Applications. However, we are going to outline the five we feel would be the most important for our beginning stage mitigating potential attacks. I) User Domain – Employees accessing the organization’s information system. a. Having a development of acceptable use policy (AUP) what employees can access or not. b. Any violations of the AUP will result in that offender’s termination. c. The best practice to introducing the AUP is ensuring that all employees read, understand, and sign an agreement. d. This will hold the employee accountable. II) Workstation Domain – the employee or users connecting to the network. e. hardening and configuring the system provide a defense against any vulnerabilities. f. Ensuring that the patching of software revision, and system configurations constantly monitored and conducted on a regular basis. g. The frequency of such will be determined by management. Suggesting that Desktop Support will be responsible for this layer of defense. III) WAN Domain – Connecting remote locations. h. Use VPN tunneling for end-to-end secure IP communications. i. Configure routers and network firewalls to use stateful packet...

Words: 386 - Pages: 2

Premium Essay

Richman Investments Part 1

...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...

Words: 340 - Pages: 2

Premium Essay

Security Policy Outline

...Richman Investments – Multi-layered Security Solutions Outline In today’s technological landscape, securing information is a high priority. There are many ways that a company’s assets can be compromised. In order to maintain a high level of confidence in the safety of information, actions to secure each domain in the network structure shall be implemented and observed. The following outline shows the strategies taken to mitigate risks, threats and vulnerabilities. This outline is subject to change at any time if the situation arises that new risks and threats are revealed. This outline will be subjected to monthly auditing to ensure the highest level of security. The layers of security that will be covered are as follows: 1. User Domain 2. Workstation Domain 3. LAN (Local Area Network) Domain 4. LAN-to-WAN (Wide Area Network) Domain 5. WAN Domain (Internet and Connectivity) 6. Remote Access Domain 7. System/Application Domain 1. User Domain a) Conduct security training for new associates and vendors who are being allowed onto the network. b) Develop an Acceptable Use Policy (AUP) c) Auditing of user activities on company assets 2. Workstation Domain a) Disable peripheral devices such as USB’s and CD’s from being used at workstations b) Enable password protection. Require passwords to meet complexity standards. c) Enable automatic antivirus scans d) Enable content filtering 3. LAN Domain a) Ensure wiring...

Words: 585 - Pages: 3

Premium Essay

Nt2580- Project Part 1

...Project Part 1 Multi-Layered Security Plan Outline The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. ...

Words: 779 - Pages: 4

Free Essay

Richman Investments

...Here is an outline of the general security solutions plan for the data and safety information for Richman Investments. This plan can be presented to senior management who needs this report for the month. This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and logical...

Words: 479 - Pages: 2