Premium Essay

Richman Investments Part 1

In:

Submitted By rottencorpsman
Words 340
Pages 2
Richman Investments Multi-Layered Security Plan
By Elssie Farnes

Objective
To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced p) Software found to be malicious will be isolated q) To maximize availability, redundant internet connections should be deployed 6) Remote Access Domain r) Corporate hard drives will be encrypted to minimize sensitive material loss s) Establish strict password policies, including lockout procedures to defend against Brute Force Attacks t) Implementation of

Similar Documents

Premium Essay

Itt It255 Unit 4 Aup

...Section 1 - Introduction Information Resources are strategic assets of the Richman Investments and must be treated and managed as valuable resources. Richman Investments provides various computer resources to its employees for the purpose of assisting them in the performance of their job-related duties. State law permits incidental access to state resources for personal use. This policy clearly documents expectations for appropriate use of Richman Investments assets. This Acceptable Use Policy in conjunction with the corresponding standards is established to achieve the following: 1. To establish appropriate and acceptable practices regarding the use of information resources. 2. To ensure compliance with applicable State law and other rules and regulations regarding the management of information resources. 3. To educate individuals who may use information resources with respect to their responsibilities associated with computer resource use. This Acceptable Use Policy contains four policy directives. Part I – Acceptable Use Management, Part II – Ownership, Part III – Acceptable Use, and Part IV – Incidental Use. Together, these directives form the foundation of the Richman Investments Acceptable Use Program. Section 2 – Roles & Responsibilities 1. Richman Investments management will establish a periodic reporting requirement to measure the compliance and effectiveness of this policy. 2. Richman Investments management is responsible for implementing...

Words: 1330 - Pages: 6

Free Essay

Iss Project

...Richman Investments Security Policies 1. Statement of Intent Richman aims to conduct its affairs in an open and transparent manner and make information publicly available unless there are justifiable reasons for withholding it. The purpose of this policy is to set out Richman’s approach to openness but also to recognise the importance of respecting confidentiality. It is important for Richman to demonstrate openness and accountability and a real commitment to providing opportunities for stakeholders to be involved in or influence decision making, and to uphold the principles and practice of equality and best value. Richman believes it is important to promote the aims, values and activities of the organisation to a wider public and be accountable to our stakeholders. Richman is committed to the principles of sustainability and will endeavour to develop fair and consistent policies, procedures and practices. 2. General Principles All employees and Committee Members are required to comply with this policy. Richman will comply with all relevant legislation in applying this policy. For the purposes of this policy, stakeholders are people or organisations with a direct involvement and interest in the operation and performance of Richman. The main stakeholders include: * Members; * Branches ...

Words: 1140 - Pages: 5

Premium Essay

Aup N

...Introduction Richman Investments is at all times committed to complying with the laws and regulations governing use of the Internet, e-mail transmission and text messaging and preserving for all of its Employee’s the ability to use RICHMAN INVESTMENTS 's network and the Internet without interference or harassment from other users. The Richman Investments AUP ("AUP") is designed to help achieve these goals. By using IP Service(s), as defined below, Employee(s) agrees to comply with this Acceptable Use Policy and to remain responsible for its users. Richman Investments reserves the right to change or modify the terms of the AUP at any time, effective when posted on Richman Investments web site at www. Richman Investments .com/aup. Employees’ use of the IP Service(s) after changes to the AUP are posted shall constitute acceptance of any changed or additional terms. Scope of the AUP The AUP applies to the Richman Investments services that provide (or include) access to the Internet, including hosting services (software applications and hardware), or are provided over the Internet or wireless data networks (collectively "IP Services"). Prohibited Activities General Prohibitions: RICHMAN INVESTMENTS prohibits use of the IP Services in any way that is unlawful, harmful to or interferes with use of RICHMAN INVESTMENTS’s network or systems, or the network of any other provider, interferes with the use or enjoyment of services received by others, infringes intellectual property...

Words: 2687 - Pages: 11

Premium Essay

Business Continuity Plan

...Richman Investments Business Continuity Plan Implementation Planning By Quentin Ward Introduction Richman Investments is emerging as one of the top e-commerce businesses. In order to better protect our great company I have created a BCP or Business Continuity Plan to be able to offset any problems that may arise and threaten our company’s functions and activities. Included in this BCP will be a BIA (Business Impact Analysis) and a RA (Risk Analysis). Overview 1.1 Policy Statement It is the policy of Richman Investments to always have a Business Continuity Plan in place for all non-critical and critical functions. To ensure that the BCP is implemented each department manager is asked to see to it that the plan is carried through. 1.2 Introduction This is a Business Continuity Plan for Richman Investments located at 834 Harrison Lane Beverley Hills, CA 90210. It has been developed in compliance with the National Fire Protection Association (NFPA) Standard 1600. This plan was created in order to aid Richman Investments in any type of recovery effort needed. Employees should read and adhere in conjunction to the Business Continuity Plan to ensure their safety and the company’s well being. 1.3 Confidentiality Statement This document is classified as confidential property of Richman Investments. The sensitivity of the information contained in this document is only intended for the viewing and use of Richman Investment employees. Unauthorized use...

Words: 794 - Pages: 4

Free Essay

Nt2580 Final Project

...Richman Investments | Richman Internet Infrastructure Security Management Upgrade | ITT Technical Institute NT2580 Course Project | | Jason R Spitler | 5/30/2014 | Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. | Final Project I. Richman Internet Infrastructure Security Management Upgrade A. Purpose Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. II. Basic Authentication Procedures and Standards, (Who users are.) A. Trinity-Three-factor Authentication Method replaces Basic Authentication It is my view the Administrator’s responsibility is to provide secure communications by adding layers of security at all levels to assure the amount of protection for company’s valuable assets. Richman will provide its employees a new method of authentication I call Trinity. It is a three-factor authentication method requiring updated laptops...

Words: 1901 - Pages: 8

Free Essay

Removable Media Policy

...removable media to any infrastructure within Richman Investments internal network or related technology resources. This removable media policy applies to, but is not limited to all devices and accompanying media that fit the following device classifications: • Portable USB-based memory sticks, also known as flash drives, thumb drive, jump drives, or key drives. • Memory cards in SD, CompactFlash, Memory Stick, or any related flash-based supplemental storage media. • USB card readers that allow connectivity to a PC. • Portable MP3 and MPEG-playing music and media player-type devices such as IPods with internal flash or hard drive based memory that supports a data storage function. • PDAs, cell phone handsets, and smart phones with internal flash or hard drive based memory that support a data storage function. • Digital cameras with internal or external memory support. • Removable memory based media, such as DVDs, CDs, and floppy disks. • Any hardware that provides connectivity to USB devices through means such as wireless (Wi-Fi, WiMAX, IrDA, Bluetooth, among others) or wired network access. This policy applies to any hardware and related software that could be used to access corporate resources, even if said equipment is not corporately sanctioned, owned, or supplied. The overriding goal of this policy is to protect the confidentiality, integrity, and availability of resources and assets that reside within Richman Investments technology infrastructure. A breach could result...

Words: 1274 - Pages: 6

Premium Essay

It255

...this policy is to define standards to be met by all equipment owned and/or operated by Richman Investments located outside Richman Investment's corporate Internet firewalls. These standards are designed to minimize the potential exposure to Richman Investment from the loss of sensitive or company confidential data, intellectual property, damage to public image etc., which may follow from unauthorized use of Richman Investment resources. Devices that are Internet facing and outside the Richman Investment firewall are considered part of the "de-militarized zone" (DMZ) and are subject to this policy. These devices (network and host) are particularly vulnerable to attack from the Internet since they reside outside the corporate firewalls. The policy defines the following standards: * Ownership responsibility * Secure configuration requirements * Operational requirements * Change control requirement 2.0 Scope All equipment or devices deployed in a DMZ owned and/or operated by Richman Investment (including hosts, routers, switches, etc.) and/or registered in any Domain Name System (DNS) domain owned by Richman Investment, must follow this policy. This policy also covers any host device outsourced or hosted at external/third-party service providers, if that equipment resides in the "RichmanInvestment.com" domain or appears to be owned by Richman Investment. All new equipment which falls under the scope of this policy must be configured...

Words: 1219 - Pages: 5

Premium Essay

Richman Investment Remote Access Control Policy

...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an equal...

Words: 2211 - Pages: 9

Premium Essay

Impact of a Data Classification Standard

...Following are three important “Internal Use Only” data classification standards of Richman Investments: 1. User Domain – This layer is by far the most vulnerable portion of any IT infrastructure. Without restrictions and education a user would have free rein to expose a network to a myriad of security risks. Richman Investments is not immune to this blight. For this reason, special attention is given to precautions for and education of users. Domain administrators have processes in place to monitor user activity and limit access to portions of the domain. These rules are defined under the acceptable use policy. This policy outlines what users are allowed to do with the company data that they have access to. Above all, users are accountable for their own actions. They are expected to secure their physical and virtual environment to the best of their abilities. 2. Workstation Domain – Another integral part of the overall security of any network. This domain is the access to the local area network via something like a NIC card. It is accomplished through some type of verification as a deterrent to hackers. Here is Richman Investments we have a multi-level security system in place. First, to access any area that contains a workstation at least one door requiring a key card will need to be entered. Next, at the workstation your username has been replaced by biometrics via your thumbprint. With the print you will have to enter your password. Password requirements include: at least...

Words: 454 - Pages: 2

Free Essay

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2

Premium Essay

Meow Investments Meow Documents

...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Reading  Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work:  Data Classification Standard  Information System  Information Systems Security  Layered Security Solution  Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes  You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...

Words: 1409 - Pages: 6

Free Essay

Aup Definitions

...Unit 4 Assignment 2: Acceptable Use Policy (AUP) Definition AT&T: Spam/E-mail/Usenet Abuse: Violation of the CAN-SPAM Act of 2003, or any other applicable law regulating e-mail services, constitutes a violation of this AUP. Spam/E-mail or Usenet abuse is prohibited using IP Services. Examples of Spam/E-mail or Usenet abuse include but are not limited to the following activities: * sending multiple unsolicited electronic mail messages or "mail-bombing" - to one or more recipient; * sending unsolicited commercial e-mail, or unsolicited electronic messages directed primarily at the advertising or promotion of products or services; * sending unsolicited electronic messages with petitions for signatures or requests for charitable donations, or sending any chain mail related materials; * sending bulk electronic messages without identifying, within the message, a reasonable means of opting out from receiving additional messages from the sender; * sending electronic messages, files or other transmissions that exceed contracted for capacity or that create the potential for disruption of the AT&T network or of the networks with which AT&T interconnects, by virtue of quantity, size or otherwise; * using another site's mail server to relay mail without the express permission of that site; * using another computer, without authorization, to send multiple e-mail messages or to retransmit e-mail messages for the purpose of misleading recipients as to...

Words: 1017 - Pages: 5

Premium Essay

Macroeconomics: the Study of Our National Economy

...symbiotic relationships between growth and investment, and people and infrastructure”. (Brown) As we have seen here in the past few years, but more so in the last year, the economy is ever changing. Macroeconomics is the backbone of America and without a stable economy we have serious hurdles in front of us to overcome. John Maynard Keynes developed the Keynesian Theory, which has become the foundation of our government’s economic decisions. During the course of this paper I will outline Keynesian Theorists and Monetary Theorists approach to promote long-run macroeconomic stability, the impact of persistent budget deficits on the trade deficit, options available to policy makers when national savings presents opportunity to improve the trade deficit, appraise the position of the supply side as it relates to government deficits and evaluate recent national economic policies as they relate to the magnitude of the trade deficit. In essence, the inner workings and use of macroeconomics as a financial tool of study to determine how a national economy is managed and sustained. To begin, Keynesian theorists approach to promote long-run macroeconomic stability is somewhat unique. Economist who agree with Keynes’ theories believe that we live in the short run, that what occurs in the short run does not mean it will occur in the long run. Keynes’ stated, “In the long run, we are all dead”. Obviously, spending, whether public or government, plus investments would change the output. If output...

Words: 1208 - Pages: 5

Premium Essay

Multi-Layered Security

...Multi Layered Security Plan Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network...

Words: 302 - Pages: 2

Premium Essay

Nt2580 Project Part 1

...PART 1 The following document outlines Richman Investments security measures for IT infrastructure. There are many components that make up the Richman Investments network, and so there should be a multi-layered security solution to protect it. The server room has been located in the central part of the building, and will be physically protected by electronic door locks with keypad combination access. There are a limited number of personnel who will have access to this room in order to decrease the potential for tampering. Each of these personnel will have their own access code, and a digital log will be kept of all access. All of the servers will be virtual, and a backup of each server will be refreshed weekly and saved to cloud storage. All company data will be backed up and saved to cloud storage daily. All users requiring remote access will have a VPN set up with strict login requirements. These users will also have their laptops checked by the IT department on a monthly basis to ensure that they are in compliance with company security policy. Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to...

Words: 353 - Pages: 2