...RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base information system, applications and data. This layer requires a login and password authentication...
Words: 440 - Pages: 2
...Richman Investments “Internal Use Only” Data Classification Standard Brief Report RICHMAN INVESTMENTS “INTERNAL USE ONLY” DATA CLASSIFICATION STANDARD Brief Report This Brief Report is to describe Richman Investments policy of “Internal Use Only” data classification standard. This document is to be used as an informational guide for any employee or third party representative who is to access any or all of Richman Investments internal data base information system. To access Richman Investments internal data base any user, employee or third party representative must agree to the acceptable use policy (AUP). “While confidential information or data may not be included, communications, documents or any data are not intended to leave the organization.” (Beecher, 2013) There are 3 types of IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments listed as follows: User Domain is the first layer of the infrastructure and is defined as any person (single user) accessing Richman Investments internal data base information system who has agreed to the AUP. This Domain defines the user permissions. This is where the IT department defines what access each individual user will have on the network. This is considered to weakest link in the company’s infrastructure. Workstation Domain is the second layer of the infrastructure and is defined as the first access point to the Richman Investments internal data base...
Words: 318 - Pages: 2
...RICHMAN INVESTMENTS “INTERNAL USE ONLY” AND DATA CLASSIFICATION My brief today will be about Richman Investments “Internal Use Only” and Data Classification. Richman Investments IT infrastructure domains will be basic. The infrastructure will be broken down to three domains: User Domain, Workstation Domain, and the LAN to WAN Domain. This will give the user, their workstations, and their access to the internet and Richman Investment server databases. The first layer of the Richman Investments IT infrastructure will be the User Domain. The User Domain is thought of the weakest parts of the infrastructure. This is where personal information is created and obtained for the “Internal Use Only.” The User Domain and Acceptable Use Policy (AUP) will tell what the user can and cannot do on the Richman Investments data that he or she has access to it. Everyone from Richman Investment user, contractor, and third party user will have to agree and comply with the AUP prior to gaining any access to the Richman Investments Network. Anyone in violations wills immediate suspension of their privileges to the Richman Investments Network until the investigation is complete by the IT Department and Richman Investments Executives. The violator can be assessed with punitive action. The second layer of the Richman Investments IT infrastructure will be the Workstation Domain. Every Workstation Domain has to be approved on the company network. There will be no personal devices or removable...
Words: 479 - Pages: 2
...Unit1/Assignment 2 03/25/13 Impact of a Data Classification Standard “Internal Use Only” This is my brief report on the IT infrastructure domain. I will be describing the “internal use only “data classification standards set by Richman Investments. The user domain is the first layer of the IT infrastructure I will discuss that is affected by the “internal use only” standard. It is the first layer and what some believe to be the weakest in the infrastructure. The user domain is where personal information is created and obtained for internal use only. Each person will have set permissions on what they can and cannot do. This way no one person can mess up or delete anything that doesn’t need to be (Jones and Bartlett Learning). The work station domain is the second layer of the infrastructure that I will discuss. This is also affected by the “internal use only” standard. This layer is where the user can access the network and any applications or information on the system. This requires a user to login with a password or authentication of some kind. This has to be done before this person can get to this information. This will help keep people out that aren’t supposed to be accessing the information (Jones and Bartlett Learning). The LAN to WAN domain is the third layer of the infrastructure I will discuss. I feel this is also affected by the “internal use only” standard. The TCP and UDP are not safe due the fact...
Words: 340 - Pages: 2
...March 27, 2013 Senior Management Richman Investments Dear Management Team: I was asked to write a brief report that describes the “Internal Use Only” data classification standards in your company. Internal Use only data is confidential to your company and your employees. Confidential data is subject to the most restricted distribution and must be protected at all times. Compromise of data classified as Confidential could seriously damage the reputation, mission, safety, or integrity of the institution, its staff, or its constituents. It is mandatory to protect data at this level to the maximum possible degree as is prudent or as required by law. (N/A n.d.) This report will explain the three most common IT infrastructure domains that are affected by the standard and how each one is affected. The first layer that will be affected by the standard is the user domain. The user domain defines the people who can access your company’s information. (Kim and Solomon 2012) The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data shall he or she have access to it. The AUP is similar to a code of conduct that employees must follow. Any violation will be subject to punitive action. The second layer is the workstation domain where most users connect to the IT infrastructure. It is essential to have tight security and access controls for this particular domain. It should only be accessed by users who have proper...
Words: 405 - Pages: 2
...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to log...
Words: 461 - Pages: 2
...Impact of a Data Classification Standard This report is to identify the IT infrastructure domains that affect the “Internal Use Only” data classification standard of Richman investment and go into details as to how each domain is affected. User Domain The first domain that affects this standard is the user domain and also maybe one of the more vulnerable of the IT infrastructure. User domain consists of the people that accesses Richman’s information system. Users at this level are expected to be responsible for the information they access here at Richman, but because that is not always the cause, Richman will have in place an acceptable use policy (AUP). The AUP will, in detail, define what information which users are allow to access and also what they are allowed to do with that information. Richman Investments deal mostly with customer’s financial records, so anyone with that violates Richman’s AUP and poses a threat to the company information and could faces immediate dismissal. Workstation Domain The workstation domain is the second domain affected by the “Internal Use Only” standard. This is where users will access the network via some type of device such as desktop, laptop, tablet, smart phone, etc. It is very important that IT department keep workstations update to date with latest and relevant software updates, security patches, and antivirus/malware protection. The workstations will be accessible with a user define password that must meet password requirements...
Words: 385 - Pages: 2
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...2: impact of a data classification standard Hello everyone at Richman investments, I was s asked to write a brief report that describes the "internal use only" data classification standard of Richman investments. I will list a few of the IT infrastructure domains that are affected by the standard and how they are affecting the domain and their security here at Richman investments. * User domain The user domain defines the people who access an organizations information system. In the user domain you will find an acceptable use policy (AUP). An AUP defines what a user can and cannot do with organization-owned IT assets. It is like a rulebook that the employees must follow. Failure to follow these rules can be grounds for termination. The user domain is the weakest link in an IT infrastructure. Anybody who is responsible for computer security understand what motivates someone to compromise an organization system, application, or data. Now I am going to list risk and threats commonly found in the user domain and plans you can use to prevent them. Lack of user awareness - solution - conduct security awareness training, display security awareness posters, insert reminders in banner greeting, and send email reminders to employees. Security policy violation- solution - place employee on probation, review AUP and employee Manuel, discuss during performance review. Employee blackmail or extortion- solution - track and monitor abnormal employee behavior and use of IT infrastructure...
Words: 681 - Pages: 3
...infrastructure domains that are affected by the internal use only data classification standards as used in Richman Investment. The three main IT infrastructure domains that will be discussed in this report are User domain, Workstation domain, and LAN. “Internal Use Only”- This refers to data shared internally in an organization, which is not supposed to be disseminated beyond the confines of the company. Before such data can be shared, it must be approved. This information is considered critical. If compromised and found in the wrong hands, it may cost the organization lots of money and time before such problem can be solved and restored. “User Domain”- Most users who have access to the computer information system of the company have access to the user domain and this is the weakest domain in the infrastructure. Everyone who has this access must comply with an ‘Acceptable Use Policy(AUP)” whether you are a contractor, company employees, customers or third party representative. All users with access to this domain understand that wrongful dissemination of company`s data could compromise the whole computer information system. “Workstation Domain”- This domain includes workstations and computers that are approved by the company for an individual user. Users need verification before allowed access to the workstation domain. Most verifications are done with the use of usernames and passwords; everyone is asked to log in to ensure only people with the right permission can...
Words: 404 - Pages: 2
...Impact of Data Classification Standard and Internal Use Only Data classification standard provides the means of how the business should handle and secure different types of data. Through security controls different data types can be protected. All these security controls should apply to each of every IT infrastructure in which it will state how the procedures and guidelines will guarantee the organization’s infrastructures security. This report will identify the definition of “Internal Use Only” data classification standard of Richman Investments. Internal Use Only includes information that requires protection from unauthorized use, disclosure, modification, and or destruction pertaining to a particular organization. This report will tackle 3 IT infrastructure including workstation domain, LAN-Wan Domain, and Remote Access Domain. Internal Use Only data includes data related to business operations, finances, legal matters, audits, or activities of a sensitive nature, data related to stake holders, information security data including passwords, and other data associated with security related incidents occurring at the business company, internal WCMC data, the distribution of which is limited by intention of the author owner or administrator. For the Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something...
Words: 596 - Pages: 3
...Unit 1 Assignment 2: Impact of a Data Classification Standard Course Name & Number: NT2580 Introduction to Information Security Learning Objectives and Outcomes * You will learn how to determine the impact of a data classification standard on an organization's IT infrastructure. Assignment Requirements You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By: Unit 2 Self-Assessment Checklist * I have identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. * In my report, I have included details on how those domains are affected. Internal Use Only The term “internal use only” is a term that refers to information or data that could also include communications are...
Words: 835 - Pages: 4
...Richman Investments To: Don, IT supervisor From: XXXX,XXXXXXXXXX, IT Intern I was tasked with drafting a report on the Richman Investments “Internal Use Only” data classification standard. This report will address which IT Infrastructure domains are affected by the standard and in addition how they are affected. There are seven layers (domains) in the IT Infrastructure that are affected by this; however I will mainly focus on three. User Domain is the first layer in the IT Infrastructure and is the weakest link in an IT Infrastructure. This is where you will encounter your Risks, Threats and Vulnerabilities. But you can also mitigate most of the common User Security risks. Here, the employees can access systems, applications and data based on their access rights. This is where one will find an Acceptable Use Policy (AUP). The AUP defines what every system user is allowed to do with company owned systems. Workstation Domain is the second layer in the IT Infrastructure. This is where most users connect to the IT Infrastructure. Keep in mind, a workstation can be either a centralized desktop computer or a laptop computer or any device utilized to connect onto the network. The users will initially access systems, application and or data. However, in order to protect the systems, workstations require additional layers of security such as; logon IDs and passwords. LAN Domain is the third layer in the IT Infrastructure. Your LAN (Local Area Network) allows for computers...
Words: 374 - Pages: 2
...Unit 1 Assignment 2 Ronald McMahon April 1, 2014 To: Senior Management. Richman Investment “Internal use only “data classification standard. Ronald McMahon April 1, 2014 Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization. This report is designed to describe clarify the standards for the “Internal use only” data classification for Richman Investments, this report will address which IT infrastructure domains are affected by the standard and how. The first IT infrastructure affected by internal use only classification is the User Domain. The user domain defines the people who access an organization’s information system. The user domain also will enforce an acceptable use policy ( AUP) to define what each user can and cannot do with any company data shall he or she have access to it. As well as with company users, any outsiders, contractor’s or third party representatives shall also need to agree and comply with the AUP . Any violation will be taken up with management and / or the authorities to access further punitive action. Work Station Domain – is where most users connect to the IT infrastructure. No personal devices or removable media may be used on this network. All devices and removable media will be issued by the company for official use only. Access Control Lists ( ACLs ) will be drawn up to appropriately define what access each person will have...
Words: 385 - Pages: 2
...The internal use only standard is the information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization. This report is derived from the seven infrastructure domains with the purpose of first, finding the weak points in Richman Investments internal infrastructure and second, finding a solution that best limits all chances of an internal and external breach upon Richman Investments. The first infrastructure that has a great possibility of affecting the “Internal Use Only” data classification standard is the User Domain. Having employees who have access to any and all data such as: co-workers or company email addresses, company passwords and the ability to delete files can sometimes become unmanageable to monitor. To prevent such actions it is important to follow the first step in preventative measures and that is educating employees about the acceptable use policy or the AUP. An AUP is a guideline or rulebook that educates the employee on how to handle his or her privileges regarding company information and security. It is Richman’s responsibility to enforce the policies mentioned in the AUP and makes it known to the employees that all violations can be ground for dismissal. The second infrastructure domain that RI will need to evaluate is the workstation domain. This particular domain will rely heavily on the director of IT security at RI because it will be his or...
Words: 540 - Pages: 3