...Richman Investments Introduction to Computer Security Richman Investments Hello, my name is Max and I’m here today to give you a brief on Richman Investments “Internal Use Only” data clarification standards. I will cover what this means to the company and to you. I will also cover three different information technology infrastructure domains that we use and how these are affected by the “Internal Use Only” standard. This also applies to you the end user working here at Richman Investments. This is a vital brief to safeguard and keep all of our client’s information safeguarded from all outside sources. So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization and it is intended to never go outside of this organization. If it does, it could cause many clients’ personal information to be used by other people. The bottom line is that you are responsible to safe guard all “Internal Use Only” information by following some simple security controls that I will now go over with you (Kim & Soloman, 2012). The weakest link in an...
Words: 940 - Pages: 4
...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for employees...
Words: 1029 - Pages: 5
...For Richman Investments the users are the biggest threats so I would give access keys in various levels and to various departments. With that being said I would set renewal of password anywhere from 28 days to 6 months apart depending on department and job in the company. Have basics such as firewall and full antivirus software as well as restricted upload and download abilities. Administrators could have the option of layering security by enforcing the use of PIN numbers, hardware tokens, client certificates and other forms of secure authentication on top of AD or LDAP (Lightweight Directory Access Protocol). After implementation of several security policies, I would create a SSL(Secure Socket Layer) VPN ( Virtual Private Network) network, a form of VPN that can be used with a standard Web browser. In the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. SSL VPN doesn’t require specialized client software on the user computer. For site to site we would just use VPN to secure the network data and encrypt it for security measure. An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs. SSL Portal VPN...
Words: 427 - Pages: 2
...Acceptable Use Policy (AUP) Greetings RI Security Officer, Richman Investments expresses the acceptable and unacceptable use of the Internet and e-mail access. The following report will address the “Acceptable Use Policy” (AUP) standard at Richman Investments. All users of Richman Investments agree to and must comply with this Acceptable Use Policy (AUP). Richman Investments does not control or review the content of any Web site. However, Richman Investments may block or remove any materials that, in Richman Investments sole discretion, may be illegal, or which may violate this AUP. Richman Investments may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong. Violation of this AUP may result in the suspension or termination of either access to the Services and/or Richman Investments account or other actions as deemed appropriate. User Responsibilities: These guidelines are intended to help you make the best use of the Internet resources at your disposal. You should understand the following. 1. Richman Investments provides Internet access to staff to assist them in carrying out their duties for the Company. It is envisaged that it will be used to lookup details about suppliers, products, to access client information and other statutory information. It should not be used for personal reasons. 2. You may only access the Internet by using the Richman Investments content scanning software, firewall and router. 3. You...
Words: 621 - Pages: 3
...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to log...
Words: 461 - Pages: 2
...Here is an outline of the general security solutions plan for the data and safety information for Richman Investments. This plan can be presented to senior management who needs this report for the month. This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and logical...
Words: 479 - Pages: 2
...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion...
Words: 308 - Pages: 2
...The article that I read was about the FBI and how it blew $170 million dollars trying to modernize the FBI’s technology. They had a $581 million dollar budget on this transformation which they called “Trilogy”. They referred to this project as “Tragedy” because the new software that they were trying to use which is called Virtual Case File, was not in production and was said to probably never be in production. With that being said, the September 11 attacks dropped a heavy load of pressure onto the project and derailed the course that they were taking on it. I think that the information provided was great considering that this was an FBI project. There was some information that could not be released and some details that could not be discussed. Overall the article was presented in a very professional manner and I was actually kind of surprised that any issues that occur in the FBI could be discussed. It was an article that they could make a one hour show about on television. The one thing that kind of had me confused was how they could have IT workers whom they considered “not capable” of doing what they were asked to do as far as modernizing the technology infrastructure. After years of failure they did ultimately decide to take the project in another direction but to think that they wasted so much money on software that did not hold up, is just crazy. In my opinion, this article was very informational but at the same time it gives a little insight as to just how much technology...
Words: 316 - Pages: 2
...A controversial issue about the Dallas Cowboys being Americas Team. A controversial issue about the Dallas Cowboys being Americas Team. DALLAS COWBOYS AMERICAS TEAM By Daniel Alvarado Jr. DALLAS COWBOYS AMERICAS TEAM By Daniel Alvarado Jr. ITT Tech Comp I Shelly Dwelly August 31, 2012 DALLAS COWBOYS then and now How the Dallas Cowboys Became Known as “America's Team” The Dallas Cowboys were dubbed, “ America’s Team” however as time passed from the 1960’s to present date there has been so much controversy over why they continue with that crown. The Dallas Cowboys originated in Kansas, the team was known as the “Steers.” After a few weeks, however, the name was changed to “Rangers.” At the same time, a baseball team operated in Dallas under that name, but was supposed to fold before the 1960 football season. However,” when the baseball team decided to play one more season, Clint Murchison Jr. and Bedford Wynne, owners of the new NFL (National Football League) team, selected the name of Cowboys to avoid confusion. Most games in that time were being played in Florida where the Steelers and the Cowboys met for the Cotton Bowl. “(Chris Creamer's December 5, 2011Dallas Cowboys 1960’s to present.) Now that the Dallas Cowboys were created there would be no confusion and it would now distinguish who was who. The Cowboys have been in the NFL for many years, under different ownership to different management. One thing that many fans look at today when it comes to the...
Words: 1621 - Pages: 7
...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...
Words: 340 - Pages: 2
...Richman Investments Security Outline Welcome to Richman Investments (RI) where we strive to bring you the most secure, reliable, and available resources that we can offer. We know that work needs to be done and that most of you aren’t aware of the security procedures taking place behind the scenes. We have devised a summary of the seven domains of the company and its security model. Please take the time to read this over and understand the implications of not following company guidelines, procedures, and policies. The user domain contains the users and/or employees that will be accessing resources within the organizations information system. A user can access systems, applications and data within the rights and privileges defined by the AUP (acceptable use policy). The AUP must be followed or the user may be dismissed or have their contracts terminated. With the user domain being one of the most vulnerable aspects of any organization, there are a wide variety of user related threats ranging from lack of awareness to blackmail and extortion. Employees are responsible for their own actions when using company assets and the HR department will be doing background checks on all employees within the company to ensure integrity within the workforce. Enforcement of the user level domain will include the use of RFID badges and pins for all areas of the facility and rooms that require special access. The workstation domain is where most users connect to the organizations infrastructure...
Words: 1016 - Pages: 5
...Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion detection on inbound IP...
Words: 501 - Pages: 3
...Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge, or token. Using a combination of ownership authentication and knowledge authentication...
Words: 298 - Pages: 2
...David Girten Jr 05 Aug 2013 Multi-Layered Security Plan for Richman Investments User Domain: Main concern at this domain is lack of user knowledge on what different attacks look like and proper response protocols. Here are a few solutions: A) Training: send emails on security best practices; alerts on common and new attack vectors; hold company-wide training segmented throughout the day; place Infosec, Opsec posters and incident response procedures in every space B) Auditing of user activity: Setup a script to run on the proxy server utilizing a dirty word list to search user internet usage Workstation Domain: Main concern here is unauthorized access and out-of-date anti-virus software. Here are some solutions: A) Anti-virus/Anti-malware: Keep up-to-date with latest patches from vendor websites B) Passwords; Technical Controls: Enable password policies through GPO’s and screen-saver passwords for extra access protection LAN Domain: Main concern here is physical access to network assets. Here are some solutions: A) Securing high-priority systems: Establish access lists; combo/cipher locks for server and switch rooms; also have a sign-in sheet for contractors and tech-reps working on-site B) Implement Kerberos as another secure means of identifying users over a non-secure network LAN to WAN Domain: Main concern here is the attempt for attackers to scan the network. Here are some solutions: A) Install IDS/IPS on the network to monitor and combat network anomalies; also...
Words: 390 - Pages: 2
...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an equal...
Words: 2211 - Pages: 9