...Multi-Layered Security Plan The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office. Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices(Symantec 2008). What's more, while yesterday's attack activity consisted of a single compromise...
Words: 866 - Pages: 4
...INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for...
Words: 751 - Pages: 4
...Multi Layered Security Plan Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network...
Words: 302 - Pages: 2
...Multi Layered Security Plan Richman Investments This Multi layered security plan will give you a brief overview of the security strategies that will be implemented at each level of the companies IT infrastructure. The usage of security awareness training to instruct employees of Richman Investments security policies, auditing of user activity will be implemented at the User Domain level of the infrastructure. The usage of antivirus and anti malware programs on each user computer, strict access privileges to corporate data and the deactivation of media ports will be put in place at the Workstation Domain of the infrastructure. Utilizing network switches, encryption to wireless access points using WPA 2 security shell encryption, as well as securing server rooms from unauthorized access will be implemented at the LAN Domain level of the infrastructure. The closing off unused ports using a firewall to reduce the chance of unwanted network access, monitoring inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent, running all networking hardware with up to date security patches, and operating systems with be set in place within the LAN to WAN Domain structure. Enforcing encryption, and Virtual Private Network (VPN) tunneling for remote connections, configuring routers, and network firewalls to block ping requests to reduce chance of denial of service (DOS) attacks, enforcing anti virus scanning of email attachments, Isolating malicious...
Words: 306 - Pages: 2
...Chris Lewis 10/16/15 NT2580 Project 1 Multi Layered Security Plan We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain- Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or 60 days). Passwords must be used, passwords must have more than eight characters, and users must incorporate numbers and letters. System/Application...
Words: 386 - Pages: 2
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the...
Words: 726 - Pages: 3
...Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations will have up-to-date application software and security patches conferring to company guide lines...
Words: 779 - Pages: 4
...Project Part 1 Multi-Layered Security Plan | NT2580 | | James Maus | 8/21/2015 | In the process of emerging a mulit-layered security plan, you will need to see the seven domains of the IT set-up. The security will be increased on each of the domains. Security increase on the seven domains increases complete security of the system and build a mulit-layered security plan. Only the users can negotiate the system in the user domain. Easy passwords can cause a lot of problems so we will need to use difficult passwords with eight characters and up. Passwords will include special characters with capitals and lowercase. A limit to how long you can use the password and to only a one time password use. Workstations will have antivirus and malware protection installed. Since laptops are very weak and easy to get lost or stolen, the companies will have a converted hard drive so only the owner can recover the data. On the LAN domain, you should never open any scam emails when on company systems. To reduce email malware, you should add spam filters to stop junk email and reduce employee mistakes. On the LAN to WAN domain, we should switch the FTP to secure FTP so only our suers can have access to the FTP server. On the WAN domain there should be firewalls put in place on the network to filter inbound traffic. In the case of the Richman investments, network of\ any kind of traffic that is coming in and out is not needed will be stopped by a firewall. Reference Courtesy of...
Words: 444 - Pages: 2
...Hospital Response Plan: Fire Evacuation A hospital, depending on its size can house hundreds of patients on any given day. Fire is a severe risk to the hospital because of its erratic nature. In this scenario, a fire in the mess hall has developed outside the staffs’ ability to successfully control and snuff out the fire. The fire has reached a level extreme enough to where management has deemed it necessary to call for a complete evacuation of the hospital. The Federal Emergency Management Administration (1996) stated that, “There are several factors which must be considered when planning for an evacuation, among these are the characteristics of the hazard or threat itself” (P. 5E1). Our goal is to Develop an effective emergency response plan, which will takes into account the threat of fire, this is vital to emergency management. We must be prepared at all times, no matter what type of emergency it is, be it a natural disaster or a manmade event; the hospital should have a planned response to protect the hospitals assets. Interagency Coordination Interagency Coordination is a significant part of a completed response plan. Hospital plans for full or partial evacuation should incorporate pre-planning and address the incident command and management structure established for its operational area (community). In advance of an event, Hospitals should understand and incorporate local plans and protocols that are in place to support evacuation and should...
Words: 910 - Pages: 4
...Into To security Project Part 1: Multi-Layered Security Plan: As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan: User Domains: Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs. Workstation Domains: These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define workstation...
Words: 727 - Pages: 3
...[1] David Kim and Michael G. Solomon. Fundamentals of Information Systems Security - Jones & Bartlett Learning, LLC. 40 - Tall Pine Drive Sudbury, MA 01776 – Copyright 2012 Multi Layered Security Plan: Richman Investments 1.) General This Multi-layered Security Plan will give a brief overview of the security strategies that will be implemented at each level of the Information Technology (IT) infrastructure. 2.) User Domain a. Security awareness training will be implemented to instruct employees of Richman Investments security policies. b. Structured auditing of all user activity. 3.) Workstation Domain c. The installation of antivirus and anti-malware programs on all user computers. d. Strict access privileges to corporate data files and important company documents. e. Media ports to be deactivated. 4.) LAN Domain f. Utilizing the correct network switches per each domain. g. WPA 2 encryption policies to wireless access points. h. Securing server rooms from unauthorized access. 5.) LAN to WAN Domain i. Deactivating and closing off unused ports per the firewall to reduce the chance of unwanted network access. j. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent. k. All networking hardware is to have up to date security patches, and operating systems. 6.) WAN Domain l. Enforce encryption, and VPN tunneling...
Words: 316 - Pages: 2
...the attacker to have elevated privileges. This allowed for the bots to be controlled and the attacker to do whatever he or she wanted to do. In this case, the attacker chose to bring down the registration system. Best Practices to Practices to Prevent Internal DDoS There are several measures that can be taken to prevent DDoS. This Guide will focus on steps to prevent these attacks from originating internally. Actively monitor the network Be familiar with the inbound traffic profile. Be able to differentiate between the normal pattern of traffic and suspicious traffic. Best Practices for DDoS Attack 2 - DDoS attacks are not slow and subtle. They will appear aggressive and sharp when viewed on the network. Designate Network Security Team This structure should consist of...
Words: 665 - Pages: 3
...of war” and one of its main purposes is to maintain international peace and security. Peacekeeping, although not explicitly provided for in the Charter, has evolved into one of the main tools used by the United Nations to achieve this purpose. The Charter gives the United Nations Security Council primary responsibility for the maintenance of international peace and security. In fulfilling this responsibility, the Security Council may adopt a range of measures, including the establishment of a United Nations peacekeeping operation. The legal basis for such action is found in Chapters VI, VII and VIII of the Charter. While Chapter VI deals with the “Specific Settlement of Disputes”, Chapter VII contains provisions related to “Action with Respect to the Peace, Breaches of the Peace and Acts of Aggression”. Chapter VIII of the Charter also provides for the involvement of regional arrangements and agencies in the maintenance of international peace and security provided such activities are consistent with the purposes and principles outlined in Chapter I of the Charter. United Nations peacekeeping operations have traditionally been associated with Chapter VI of the Charter. However, the Security Council need not refer to a specific Chapter of the Charter when passing a resolution authorizing the deployment of a United Nations peacekeeping operation and has never invoked Chapter VI. In recent years, the Security Council has adopted the practice of invoking Chapter VII of the Charter when...
Words: 8577 - Pages: 35
...among its intelligence systems. On the other hand, information based on a single source is deficient, and does not produce qualitative assessments. According to Anissa Frini, “Stovepiping keeps the output of different collection systems separated from one another and thus, it prevents one discipline from cross-checking another.” The lack of collaborated intelligence can lead to erroneous reporting and deception by the adversary. In order for policymakers to formulate strategic plans, information or rather intelligence gathered must have a holistic and integrated perspective. This paper will begin by highlighting the value of strategic intelligence to policymakers and leadership, the advantages of employing multiple intelligence methods, and will focus on analysis based from an all-source perspective which is necessary for strategic intelligence. The objective of this paper is to define and represent the all-source intelligence capabilities based on an integrated approach. The goal of strategic level intelligence is to provide accurate, timely, and relevant intelligence therefore enabling decision makers to take appropriate...
Words: 2641 - Pages: 11
