Free Essay

Plag Check

In:

Submitted By brandonkern
Words 866
Pages 4
Multi-Layered Security Plan

The following Multi-Layered Security Plan outline I am submitting for approval and

implementation for Richman Investments, will provide a sound security plan for the firms

most important mission critical assets, identifying and reducing vulnerabilities, Risks and

threats to the firms confidential proprietary intelligence, sensitive customer data and

other important assets within each of the Seven Domains that make up the core for the

IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5

year progressive implementation achievement plan starting with one or two security

initiatives where success can be clearly demonstrated and evaluated.

First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains

that make-up the firms IT infrastructure. Secondly, proposed security measures and

controls for headquarters and each branch office.

Keeping information assets secure is challenging for any business, regardless of its

size. It seems there's no limit to the ingenuity and maliciousness of today's

cybercriminals, hackers and identity thieves. In fact, hackers have become so

sophisticated and organized that their operational methods are similar to those of

traditional software development and business practices(Symantec 2008).

What's more, while yesterday's attack activity consisted of a single compromise aimed

at gaining access to the data on a computer, current attack techniques are multi-staged.

Hackers use their initial compromise to establish a beachhead from which they can

launch subsequent attacks. With an estimated 1.25 billion Internet users worldwide,

according to Computer Economics, cybercriminals have never had a bigger pool of

potential victims from which to choose(Symantec 2008).

While these current threat treds should give any Internet user pause, they can be

particularly worrisome for small businesses. After all, with confidential business

information at risk yet limited IT staff on hand to focus on security, small businesses

must be very vigilant. To that end, by putting in place multiple layers of defense, small

businesses can protect their assets from increasingly complex, multifaceted

threats(Symantec 2008).

Here are some ways we can use domain names to help connect between the different

cities within Richman Investments. User Domain: Main concern at this domain is lack

of user knowledge on what different attacks look like and proper response protocols.

Here are a few solutions:

A) Training: send emails on security best practices; alerts on common and new attack vectors; hold company-wide training segmented throughout the day; place Infosec, Opsec posters and incident response procedures in every space

B) Auditing of user activity: Setup a script to run on the proxy server utilizing a dirty word list to search user internet usage

Workstation Domain: Main concern here is unauthorized access and out-of-date anti-virus software. Here are some solutions:

A) Anti-virus/Anti-malware: Keep up-to-date with latest patches from vendor websites

B) Passwords; Technical Controls: Enable password policies through GPO’s and screen-saver passwords for extra access protection

LAN Domain: Main concern here is physical access to network assets. Here are some solutions:

A) Securing high-priority systems: Establish access lists; combo/cipher locks for server and switch rooms; also have a sign-in sheet for contractors and tech-reps working on-site

B) Implement Kerberos as another secure means of identifying users over a non-secure network

LAN to WAN Domain: Main concern here is the attempt for attackers to scan the network. Here are some solutions:

A) Install IDS/IPS on the network to monitor and combat network anomalies; also use a proxy server such as ISA or TMG to filter unknown or malicious traffic

WAN Domain: Main concern here is providing a secure way of communicating over

remote connections: Here are some solutions:

A) Use VPN tunneling for end-to-end secure IP communications;

B) Configure routers and network firewalls to use stateful packet inspection for blocking

unwanted TCP, UDP and IP packet traffic

Remote Access Domain: Main concern here is securing mobile user communication.

And Finally An Actionable Plan, A sound security plan is the first step towards a

multi-layered defense. To develop a plan, the company must assess its most important

assets, identify vulnerabilities as well as the infrastructure and technology most

appropriate for mitigating risk, then implement a strategy for putting the plan into action.

Email is a prime example.  It has become a critical business communications tool

and is also a primary conduit for malicious code. Protecting email against viruses,

worms, spam, Trojan horses, phishing attacks and other threats requires a variety of

security technologies. These include antivirus and antispyware software, content

filtering, and firewalls (Symantec 2008). Such security technologies must be installed at

various levels of the infrastructure-such as the gateway, mail servers and desktop or

laptop. This way, threats that may bypass one level are dealt with at another. In

addition, layering security helps mitigate the risk of an employee who disables

protection on his or her desktop.

In Conclusion , The purpose of multi- layered security is to first deter intruders from

entering in the companies site. However, knowing that we cannot deter all potential

attacks, we must support deterrence with delay, detection, and response. With this

program we can prevent any online attacks from happen.

Similar Documents

Premium Essay

Assignment 1

...give their customers a perfect shopping experience, which in turn keeps the consumer loyal always. With this in mind, one day I decided to purchase the Note II, since it has the features I was interested in. There was a screen lager than the average phone so I could stream movies and watch personal videos of family and friends. I able take notes in class or write a quick shopping list when needed with the cool stylus. Then I called Best Buy customer service to see if they can check the Winchester Best Buy to if they had the 32 gigabyte note II in stock .The customer service lady was very attentive to my needs and was a active listener, automatically restating everything correctly, that I said. Then she put me on hold for about 2 minutes or so to check Winchester Best Buy inventory in her computer. She responded it “looks like they have it”, but let me call the store to make sure, since it could be a computer error”. I was pleased with how she took the extra initiative to double check. Then she came back to the phone and responded, “they have it in stock” and “I told them to put it on hold...

Words: 1027 - Pages: 5

Free Essay

Phl/458

...1. Describe the production and judgment phases that you discern in Carlson’s invention. 2. What obstacles and hindrances did Carlson encounter as he creatively and critically worked on his new idea? 3. Citing a recent problem you have solved (or issue you tackled), briefly describe these two phases of thinking in your problem-solving. The production phase of Carlson’s invention would be the determination he had for finding a simpler way of making copies. He knew there had to be an easier way to make copies other than the length of time it took to retype and double check for typos or mistakes. Carlson did encounter different obstacles during the production of the Xerox machine. One obstacle was finding the chemicals to do it the best and simplest way. Two was funding and time. He was funding the invention his self and on his spare time. Third was finding a company that believed in his invention and help make this idea, a reality. To be perfectly honest, the latest issue that I tackled was figuring out how to save money on daycare. We were paying $175 every two weeks for my son to go to before and after care at his daycare. The before care is necessary because I have to be at work at 7 am, his dad has to be at work at 5 am, and his school doesn’t start until 8 am, but I would have to wait on him to get there in the evenings. I would get there about 3:30 and he wouldn’t get there until 4. I changed him to mornings only, wish is only $70 every two weeks, and he rides the...

Words: 292 - Pages: 2

Premium Essay

Dental Hygiene

...all the documents, took vitals and explained to their patients what was going to happen during the exam. Some of the clinicians were stressed out because their patients did not show up. I called them several times and some patients did not answer. At that moment I knew exactly how important it is to have a back up patient. I did not get to see what was happening during the examination time since most of the time I was in front office. I tried to go back to help out. However, I did hear that some clinicians did not have the correct set up because they thought everything was in the cassette when they sterilized it. There is no room for “thought” at an exam. It’s crucial to follow directions given by the instructors. Check, double check, triple check everything. Some forms were not filled out correctly according to the criteria so the patients got rejected. There were specifics about probing the exact quadrant that you are going to scale, not the entire mouth. They had to complete dental charting as well in that quadrant. At the end, all of the data would be calibrated. It was interesting to see all the patients having assigned numbers instead of their names. I enjoyed being a part of the Mock Board. At least I got a feel for some do’s and don’t on such an important day which can significantly reduce stress...

Words: 320 - Pages: 2

Premium Essay

Staff Meeting

...Joint Educational Project Staff Meeting Minutes September 8, 2014 Semester Schedule: Week 3 JEP Schedule: First Trainings I. First Five a. Leigh and Vijeta: Pizza Bagels, Salad, and Cookies! b. Next week: Riley and Nana II. Passing Around a. Verify your contact information i. For those who do not attend staff meeting: please stop by Ali’s office to double check your contact information. ii. Contact information sheets will be in your mailboxes by the end of the week. Please do not share with anyone outside of JEP. III. Trojan Time a. Every other Wednesday morning, Brenda will send an email with an image of your timesheet. i. Review the timesheet to make sure that it is correct ii. Add your Wednesday office hours 1. Even though you will not have worked those hours yet, you need to add them on to the system to ensure that you get paid for your work that day a. This is on the honor system – Brenda will be able to check if your swipe out time matches the time you enter into Trojan Time. iii. Go into the Trojan Time website and enter those hours by 3:00pm on Wednesday 1. Enter the hours exactly as shown on the timesheet iv. Calculate any extra hours and submit them to the linked Google Doc 1. Brenda will add those extra hours to your Trojan Time when she approves...

Words: 1301 - Pages: 6

Free Essay

Audit

...& Smith, CPAs, about their previous engagements. This limits us on the information on the 10-K previously filed. Considering that the auditors expressed concerns about “mutually incongruent goals”, it raises many red flags about what these particular goals are therefore it would be helpful if we are able to speak with them to learn exactly what those red flags are. Looking through the control procedure manual, the treasurer signs the checks. She also inspects any voided and spoiled checks. This may become an issue because she is the person signing the checks as well as reviewing the voided making it easier to commit fraud. Another thing that looks a little suspicious is the personal loan of $1,000,000 made to Mr. Lancaster’s personal secretary which is supposed to be for an employee advancement. Mr. Lancaster recorded the loan as “Other receivables” rather than Employee “Employee advances”. Mr. Lancaster wants the check written to him instead of his secretary. That’s a fairly large amount of money to give someone in cash instead of a check. There is a new information systems that was purchased in early 2010 that has still not been set up by January 2012 (two years later) and when asked about it, Mr. Lancaster stated that “the machinery would be set up soon”. Those are just a few instances that where fraud may be occurring within...

Words: 311 - Pages: 2

Free Essay

Quality Control

...complexity or scarcity of the sample, or the sensitivity of the subject, this will be between 12% and 35%. We have defined and implemented a clear set of rules to ensure that quality is our highest priority and support this through regular contact with our members. Currently, we have access to more than 40 million households in over 70 countries – and manage the relationship with global consumers on a daily basis. 10 steps of quality control 1. Maintain database – reliable and up to date 2. Confirm respondent’s identity 3. Screen with strict procedure 4. Select accurately the right sample 5. Inspect and test questionnaire thoroughly 6. Use self-completion method 7. Create user friendly questionnaire 8. Monitor feedback extensively 9. Check questionnaire responses rigorously 10. Offer credible reward system 1 10 steps of quality control Database A large household access requires a wide range of sources for recruitment mainly to ensure that KNOTs Research avoids systematic biases inherent to certain sources. KNOTs Research recruitment is based on large...

Words: 1632 - Pages: 7

Free Essay

Nursing

...knocked and waited for her response. We entered in her room and greeted her “good morning Mrs. B’ She said “good morning”. I very slowly introduced myself and colleague’s name that we will be giving her a wash and dress in bed. Mrs. B smiled. * Preparation(b) We disinfected our hands and dried (it was provided on the wall dispenser) and put the gloves on. I asked Mrs. B whether she will dress anything particular, she said “no”. I opened Mrs. B’s wardrobe and took out two pairs of cloths and showed her which one of them she likes, she pointed to blue trouser and top. I then looked for a net kinkier, a pair of socks and placed on a chair. I switched on the light and closed door, window and curtains. I asked my colleague to double check whether we have all the necessary things to start the washing; she said “everything is in place”. I once again checked any possible harm that may directly or indirectly effect on our work. * Carrying out I told Mrs. B that we are ready now; she said you can start now. I took a basin, which her name written on it. Run the tap, checked the water temperature with my hand and filled warm water half and added some soap. I placed the water near to her bed table and told my colleague to stand on the opposite side of me (other side...

Words: 555 - Pages: 3

Free Essay

Reflection

...On arriving in that theatre I discovered it had been used prior and was left in an untidy state so I had to tidy it up before we could proceed. Had I have thought before hand I could have checked the day before to ensure this was not the case. I started by showing the student the anaesthetic machine we were going to use, explained the different parts and how they function. The student looked a bit perplexed at the terminology I used so I tried more simple terminology and explanations and that seemed to help. After the brief explanation of how the anaesthetic machine worked I described The checks we were going to carry out. I showed the student the 2012 guide to checking the machine produced by the College of Anaesthetists which is the one we currently use. We started to check the machine going through the guide step by step as described. It took quiet a while to complete the check. Afterwards I asked the student if they followed what we had done, the student commented it was a bit too much to go through in one session. I think looking back that I should have broken down the process into perhaps two or more sessions allowing the student time to take in and question the information. For future teaching I will definitely allocate more time in more separate sessions as not to bombard the student with what is quiet a lot of...

Words: 304 - Pages: 2

Free Essay

Herramientas de Calidad, Hoteles Ritz Carlton

...HERRAMIENTAS DE CALIDAD Entrega 8: Hoteles Ritz-Carlton Integrantes: - Vargas Morales, Marcel Arturo - Garay Salazar, Luis Antonio - Dapello Perez, Paolo‎ - Zamora Palomina, Henry Armando - Enciso Deza, Paula Leonor Profesor: - CULQUICHICON CACERES, CARLOS FELIPE - 2011-   1. Promesa de Calidad: Ritz-Carlton es una marca de hoteles y resorts enfocados a clientes pertenecientes al sector económico alto, con 70 propiedades ubicadas en muchas de las grandes ciudades de 23 países de todo el mundo, que buscan diferenciarse de su competencia ofreciendo profesionalismo en el servicio, pues tienen como objetivo el seguir posicionándose como una cadena de hoteles lujosa que sobresale debido a su servicio: “Cualquiera puede vender habitaciones, vender comida, vender bebidas pero no todos lo harán como nosotros (Ritz Carlton), nosotros nos diferenciamos del resto por nuestro profesionalismo en el servicio.” Es pocas palabras, la Promesa de Calidad primordial del Ritz-Carlton es brindar un servicio en donde la comodidad y cuidado del huésped es lo primordial, y ser excelentes en ello. En base al compromiso que adoptan con respecto a la satisfacción de sus clientes se establece una Política de Calidad bajo las siguientes directrices: • Compromiso y Respeto: La cadena busca tener empleados que se diferencien de los demás hoteles, que no solo trabajen para ellos sino que se les unan y adopten la Cultura Organizacional propia, conociendo las metas en común e identificándose...

Words: 1677 - Pages: 7

Free Essay

Steps for Writing Synthesis Essays

...STEP 01: First you want to select a topic; the issue MUST be related to your field. Consider some ideas/issues that relate to your major. Consider what controversial (has more than one side / answer / opinion / etc) issues exist in your discipline / major and which are most interesting to you and/or relevant in your field today. To help you with that, you may want to move through the brainstorm / freewrite below to see if you can develop some of those ideas. You should use this to help you come up with ideas that you could discuss and develop on the DB. You may even want to post portions of what you came up with here on the DB. Thoughtful interaction could earn you some BONUS in the CE column and allow you to SPIN some ideas and nail down some solid topics. With that in mind, each student’s essay is to be unique with regards to its TOPIC / ISSUE / STANCE / ETC; therefore, the Board is meant to be a place to help shape ideas, not see one and “steal” it for your own essay. Topics will be reserved for those individuals who first bring them up and if similarities exist it will be the responsibility of the students to determine what different aspects of the issue will be explored by each (first poster gets first choice). I will NOT allow the “casual” student (one who is hanging around on the roster but not really submitting assignments and/or participating on the previous Boards) tell me at the last minute that “X” is his/her project when a conscientious student already articulated...

Words: 3785 - Pages: 16

Free Essay

How to Run an Event

...event, PLUS time for setup and tear down. Make sure to have the items that are required by contact. The red form, also due 2 weeks before, which is basically a checklist to help you do everything that you need to get done before the event. The green form -Overview of the event: Place to find more information, confirmed room, review tech needs, confirm food orders. Yellow Form - Don’t miss deadlines: Make sure staffing list is sent at least two weeks prior to the event; make sure parking request is sent at least 7 days before the event The lion production for sounds and after the event you have to fill out the evaluation form which is called the blue form. MAINTENANCE-. Check restrictions set by risk management. Draw up a setup for the event. Run setup by the advisor. Hand in setup to Marcia. Double check the setup the day before. PAPERWORK- Email members staffing list. Confirm the staffing list closer to the event. Send staffing list to LEAP Liaison for the point system. Make sure that there is ACTIVE...

Words: 646 - Pages: 3

Free Essay

Yuppers

...bodega y llevar 1 pieza de mano como equipaje libre permitido. Para conocer el peso y tamaño exigido por pieza según el destino, así como la política de equipaje para infantes (0 a 2 años), por favor consulta nuestra página web www.avianca.com You are permitted 2 pieces of checked baggage and 1 carry-on item. For more information regarding weight and dimensions permitted to our various destinations and our infant baggage policy, please refer to www.avianca.com Documentos legales / Required documents Consulta cuáles son los documentos necesarios que debes tener para tu viaje a través de los consulados, embajadas o entidades gubernamentales correspondientes del país de destino y países por los cuales transitas o haces conexión. Please check the required travel documents for your journey with the corresponding consulates, embassies or government agencies of the country of destination and the countries where you have connecting flights. Presentación en el aeropuerto / Airport arrival times Preséntate con suficiente tiempo de anticipación en el aeropuerto y ten en cuenta nuestras recomendaciones en www.avianca.com, donde podrás consultar la información correspondiente a tu lugar de destino, tiempos...

Words: 671 - Pages: 3

Free Essay

Writing a Book Report

...Writing a Book Report Summary: This resource discusses book reports and how to write them. Contributors: Purdue OWL (owl.English.purdue.edu) Book reports are informative reports that discuss a book from an objective stance. They are similar to book reviews but focus more on a summary of the work than an evaluation of it. Book reports commonly describe what happens in a work; their focus is primarily on giving an account of the major plot, characters, thesis, and/or main idea of the work. Most often, book reports range from 250 to 500 words. Before You Read Before you begin to read, consider what types of things you will need to write your book report. First, you will need to get some basic information from the book: • Author • Title • Publisher location, name of publisher, year published • Number of Pages You can either begin your report with some sort of citation, or you can incorporate some of these items into the report itself. Next, try to answer the following questions to get you started thinking about the book: • Author: Who is the author? Have you read any other works by this author? • Genre: What type of book is this: fiction, nonfiction, biography, etc.? What types of people would like to read this kind of book? Do you typically read these kinds of books? Do you like them? • Title: What does the title do for you? Does it spark your interest? Does it fit well with the text of the book? • Pictures/Book Jacket/Cover/Printing:...

Words: 645 - Pages: 3

Premium Essay

Applying Problem Solving

...One real world problems I have encountered would be the day my husband and I got fired from our jobs in the same week. This incident happened about two years ago when the economy was starting to go down and the recession was just a reflection on what was to come. I had just started working as a call center agent for Kaiser Permanente working the graveyard shift; this had been the first job I had taken with those hours. In order to work permanently for Kaiser Permanente there is a probation period of four months, during these four months an employee cannot call in sick without a doctor’s note, cannot be late to a shift more than twice, and cannot call in to be absent. One day I had a really bad migraine and ear ache and decided to call in sick. The next day when I went back to work I had forgotten to get a doctor’s note to take to work and my supervisor had advice me to get one the following day or my job could be in jeopardy. The week went by and I had forgotten about the note, when my probation evaluation was up that incident came up and the department supervisor decided I had to be terminated. About three days earlier my husband was also terminated from his job due to our childcare issues. Now that it happened and time has passed to reflect on what went wrong I believe a way to solve this problem in a persuasive thinking manner would have been for myself to go to work that day and speak with my supervisor and explain to him that I knew the rules of calling in sick during the...

Words: 720 - Pages: 3

Free Essay

Pharmacology Paper

...Medication errors are flaws in the healthcare system that can result in injury, disease, and even death. There are ways to prevent these mistakes and to make a facility more safe by enforcing certain rules and regulations. In order for these rules to be effective, the entire healthcare team including doctors, nurses, pharmacy, etc., need to cooperate and work together. It's very common for someone to make a clumsy move which is why triple checking is becoming more and more effective today. First scenario: A patient was prescribed two completely different medications to her but with similar names. The first drug was hydroxyzine 100 mg PO QID as needed and the second was hydrochlorothiazide 25 mg PO daily. When the nurse was supposed to be giving the 100 mg dose of hydroxyzine they instead pulled four 25 mg hydrochlorothiazide pills from the automated dispensing cabinet. The nurse proceeded to administer the medication before using the barcode scanning system. Not using the barcode was her first mistake. The nurse scanned the barcode after the patient had already consumed the pills. A pop up error came up saying "medication not found" because the daily dose of hydrochlorothiazide had already been given that day. Thankfully, the patient survived this incorrect administration of medication with no side effects to report. The nurse in this scenario administered the wrong medication that ended up being four times the prescribed dose of something that had already been given...

Words: 1320 - Pages: 6