...Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion detection on inbound IP...
Words: 501 - Pages: 3
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...Following are three important “Internal Use Only” data classification standards of Richman Investments: 1. User Domain – This layer is by far the most vulnerable portion of any IT infrastructure. Without restrictions and education a user would have free rein to expose a network to a myriad of security risks. Richman Investments is not immune to this blight. For this reason, special attention is given to precautions for and education of users. Domain administrators have processes in place to monitor user activity and limit access to portions of the domain. These rules are defined under the acceptable use policy. This policy outlines what users are allowed to do with the company data that they have access to. Above all, users are accountable for their own actions. They are expected to secure their physical and virtual environment to the best of their abilities. 2. Workstation Domain – Another integral part of the overall security of any network. This domain is the access to the local area network via something like a NIC card. It is accomplished through some type of verification as a deterrent to hackers. Here is Richman Investments we have a multi-level security system in place. First, to access any area that contains a workstation at least one door requiring a key card will need to be entered. Next, at the workstation your username has been replaced by biometrics via your thumbprint. With the print you will have to enter your password. Password requirements include: at least...
Words: 454 - Pages: 2
...E-mail Acceptable Use Policy Purpose E-mail is a critical mechanism for business communications at Richman Investments. However, use of Richman Investments’ electronic mail systems and services are a privilege, not a right, and therefore must be used with respect and in accordance with the goals of Richman Investments. The objectives of this policy are to outline appropriate and inappropriate use of Richman Investments’ e-mail systems and services in order to minimize disruptions to services and activities, as well as comply with applicable policies and laws. Scope This policy applies to all e-mail systems and services owned by Richman Investments, all e-mail account users/holders at Richman Investments (both temporary and permanent), and all company e-mail records. Account Activation/Termination E-mail access at Richman Investments is controlled through individual accounts and passwords. Each user of Richman Investments’ e-mail system is required to read and sign a copy of this E-mail Acceptable Use Policy prior to receiving an e-mail access account and password. It is the responsibility of the employee to protect the confidentiality of their account and password information. All employees of Richman Investments will receive an e-mail account. E-mail accounts will be granted to third-party non-employees on a case-by-case basis. Possible non-employees that may be eligible for access include: • Contractors. • Employees. • Interns. Applications for these temporary...
Words: 1904 - Pages: 8
...this policy is to define standards to be met by all equipment owned and/or operated by Richman Investments located outside Richman Investment's corporate Internet firewalls. These standards are designed to minimize the potential exposure to Richman Investment from the loss of sensitive or company confidential data, intellectual property, damage to public image etc., which may follow from unauthorized use of Richman Investment resources. Devices that are Internet facing and outside the Richman Investment firewall are considered part of the "de-militarized zone" (DMZ) and are subject to this policy. These devices (network and host) are particularly vulnerable to attack from the Internet since they reside outside the corporate firewalls. The policy defines the following standards: * Ownership responsibility * Secure configuration requirements * Operational requirements * Change control requirement 2.0 Scope All equipment or devices deployed in a DMZ owned and/or operated by Richman Investment (including hosts, routers, switches, etc.) and/or registered in any Domain Name System (DNS) domain owned by Richman Investment, must follow this policy. This policy also covers any host device outsourced or hosted at external/third-party service providers, if that equipment resides in the "RichmanInvestment.com" domain or appears to be owned by Richman Investment. All new equipment which falls under the scope of this policy must be configured...
Words: 1219 - Pages: 5
...for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to Richman Investments headquarters and its satellite properties. Each employee, contractor, client, visitor or partner is expected to exercise good judgement and use the property of Richman Investments for business appropriate reasons. All property including but not limited to internet service...
Words: 689 - Pages: 3
...IT-255 Part 1 Multi-Layer Security Outline Task at hand: Richman Investments Network Division has been handed the task of creating a general solutions outline for safety of data and information that belongs to their organization. This following outline will cover the security solutions of the seven domains that the IT infrastructure is made of. User Domain | The User Domain being the weakest link of the seven layers. This is from lack of users not aware of security policies and procedures. | To secure this link to its fullest. The employees should be trained and updated with security policies and procedures. The system should have firewall and antivirus software installed as well. | Workstation Domain | The Workstation Domain can be made up of desktops, laptops, iPods and or personal assisting tools like Smartphone’s. | The common threat to the Workstation is the unauthorized access to the system. The solution would be to enable password protection and automatic lockout during time of inactivity. | LAN Domain | LAN being a collection of computers connected to each other. The links can use several tools direct connected with a switch and wireless with a router being the most common. | Unauthorized access can tap into and work its way into workstations, data centers (servers). To put a block and set-up counter measures a Firewall and OS Security Software installed and monitored. | LAN-TO-WAN Domain | LAN-to-WAN is where the IT infrastructure links to a wide...
Words: 779 - Pages: 4
...Richman Investments Security Outline Richman Investments has experienced an increase in security breaches that have resulted in the loss of company proprietary information and damage to systems due to many virus and Trojan Horse infections. The following outline contains some of the security mitigation proposals to be implemented shortly. This is just a basic plan for the moment and if security breaches continue, more stringent policies will be installed. The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain. 1.) User domain proposal: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on Acceptable use policy (AUP) monitoring and compliance. 2.) Workstation Domain proposal: Use workstation antivirus and malicious code polices, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 3.) LAN Domain (including wireless LANs) proposals: Implement encryption between workstations and Wireless Access Points (WAPs) to maintain confidentiality. 4.) LAN-to-WAN Domain proposal: Conduct post configuration penetration tests of the layered security solution within the LAN-to WAN Domain. Test inbound and outbound traffic and fix any gaps. 5.) Remote Access Domain proposal: Apply first-level (i.e., user ID and password) and...
Words: 335 - Pages: 2
...Part I The following outline presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions...
Words: 779 - Pages: 4
...RICHMAN FINANCIAL INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security...
Words: 751 - Pages: 4
...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion...
Words: 308 - Pages: 2
...Project Part 1 Multi-Layered Security Plan Outline The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. ...
Words: 779 - Pages: 4
...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...
Words: 340 - Pages: 2
...Multi-Layered Security Outline Task The Networking Division for Richman Investments, has been tasked with creating a general solutions outline for safety and data information that belongs to the organization. The following outline will discuss security solutions for each of the seven domains of the IT infrastructure. User Domain The User Domain is the weakest. The most common vulnerability is the lack of user awareness and user apathy toward security policies. This risk is avoided by conducting security awareness training and consistent reminders of the security policies via emails or banner greetings. Conducting annual training and updating the staff manual will go a long way to help avoid this risk. User media, as well as, personal USB’S are another security risk to the User Domain. This risk is protected by disabling the internal CD drives and USB ports, and enabling automatic antivirus scans for inserted media drives, files, and email attachments. Content filtering network devices are configured to permit or deny specific domain names in accordance with AUP definition. The last way to protect the User Domain will be to restrict access to only those systems, applications, and data needed to perform the employee’s particular job requirement, this will help protect user destruction of systems. Workstation Domain The Workstation Domain consists of desktops, laptops, and or personal data assistants (smartphones). The following will list some...
Words: 992 - Pages: 4
...PART 1 The following document outlines Richman Investments security measures for IT infrastructure. There are many components that make up the Richman Investments network, and so there should be a multi-layered security solution to protect it. The server room has been located in the central part of the building, and will be physically protected by electronic door locks with keypad combination access. There are a limited number of personnel who will have access to this room in order to decrease the potential for tampering. Each of these personnel will have their own access code, and a digital log will be kept of all access. All of the servers will be virtual, and a backup of each server will be refreshed weekly and saved to cloud storage. All company data will be backed up and saved to cloud storage daily. All users requiring remote access will have a VPN set up with strict login requirements. These users will also have their laptops checked by the IT department on a monthly basis to ensure that they are in compliance with company security policy. Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to...
Words: 353 - Pages: 2