...User Domain: The first layer of security in a multi-layer security plan. It’s also the weakest in the IT Infrastructure. Certain protocols and procedures need to be followed. • Implement and Conduct Security Awareness Training. • Implement Acceptable Use Policy (AUP). • Monitor employee behaviors. • Restrict access to users to certain programs and areas. Workstation Domain: The second layer of security in a MLS plan. This is where most users connect via Workstation computers, PDA’s, Laptops and smartphones. • Admins create a strong password policy, by making a minimum amount of characters with capitalization and numbers • Enable Up to date anti-virus programs. • Implement a mandated Employee Security Awareness Training. • Limit access to company approved devices only. • Disable CD drives and USB ports. LAN Domain: The third layer of security in the MLS plan. This is the collection of computers in an area to one another or to a common connection medium. To prevent the unauthorized access, recommend implementing the following: • Physically secure the wiring closets and data centers. • Implement encryption procedures. • Implement strict access policies and second-level authentication. • Implement WLAN network keys that require a password for wireless access. • Implement LAN server and configuration standards, procedures, and guidelines. LAN-to-WAN Domain: The fourth layer in the MLS plan. This is where the IT infrastructure is linked to a wide area network and the...
Words: 574 - Pages: 3
...Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations will have up-to-date application software and security patches conferring to company guide lines...
Words: 779 - Pages: 4
...wanted to create a plan that created strategies that would separate or let you know who users in which groups using Windows material are. I want to show that nesting a plan like this will be easier on the user, administrator, and company. Groups these days are used to keep users, connected parts, and everyone that is part of the domain. The administrator or Point of Contact can make things a lot easier when they use groups or grouping. Everything that is stored in the computer’s system from employee start date to age to termination, etc. is stored in the groups. (Microsoft TechNet, 2007) All the groups and users will have the same setting for security and permissions. There are a few groups that can be used. The types of groups we will use here are distribution groups and Security groups. The distribution groups will be used with all email applications for emails to be sent/received to all other users in that email list. Each group will be allowed to access the network. They can also give rights to users in the Active Directory and set different security issues on the network. Distribution and groups are made by the scope with a domain. The groups for Riordan will be local. It gives access to domains and security. (Cooper, 2011) An example of this would be any user or member using the domain. Usually members of this group do not change. The other groups usually only have access to minimal things like resources in that local domain. These users should have and will...
Words: 499 - Pages: 2
...1. How does a security awareness & training policy impact an organization’s ability to mitigate risks, threats, and vulnerabilities? Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset. 2. Why do you need a security awareness & training policy if you have new hires attend or participate in the organization’s security awareness training program during new hire orientation? An employee security awareness program can alleviate the problem of employee security breaches by clarifying why security is important. 3. What is the relationship between an Acceptable Use Policy (AUP) and a Security Awareness & Training Policy? An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or large computer system. Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology. 4. Why is it important to prevent users from engaging in downloading or installing applications and software found on the Internet? There are hundreds...
Words: 717 - Pages: 3
... When implementing a security policy many elements should be considered. For example, the size of the organization, the industry, classification of the data processed, and even the organization’s work load must be taken into account. As with any industry, selecting the proper security framework for an insurance organization should be done cautiously. This is because having too strict of a policy may inconvenience the employees or even their customers. Because of this, consultants must bear in mind that the information handled by insurance organizations is not as sensitive as a healthcare organization, for example. Nonetheless, establishing compliance is important to protect customer information and abide by U.S laws and regulations. Organizations must also identify and address some of the framework implementation challenges that may arise. These challenges are not exclusive to one organization, but all who develop a security policy framework. It is up to the organization to be able to overcome these issues with the proper strategies. IT Security Framework for the Insurance Company An ideal security framework the insurance company should abide by is the International Organization for Standardization (ISO) 27001. This standard explains the requirements for companies to meet their Information Security Management System (ISMS) needs. It provides companies with guidance to establish, implement, maintain, and improve their information security (“An introduction to ISO...
Words: 1329 - Pages: 6
...Assignment 2 A sound security plan is the first step towards a multi-layer defense. To develop a plan, the company must access its most important assets; identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan in action. Emails are prime examples. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting emails against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These antivirus and antispyware software, content filtering, and firewalls. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection against malicious code. The User Domain defines the people...
Words: 1445 - Pages: 6
...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and confidential...
Words: 3283 - Pages: 14
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...MECHANISM 3 AUTOMATIC IP-ADDRESSING SCHEME FOR THE UWS NETWORK 3 INSTALLING AND AUTHORIZING A DHCP SERVER 4 CREATING AND CONFIGURATION OF DHCP SCOPES 8 CREATING AND TESTING DHCP CLIENT RESERVATIONS 10 IMPLEMENTING DHCP RELAY AGENTS 12 DOMAIN NAMING STRATEGY 16 DOMAIN NAME SERVICE INSTALLATION 17 DOMAIN NAME SERVICE LOOK UP ZONES 18 ZONE AUTHORITY DELEGATION 23 DNS DYNAMIC UPDATES 25 DNS RESOURCE RECORDS 25 NETBIOS NAME RESOLUTION 27 INSTALLATION OF WINS 27 STATIC WINS RECORD 28 CONFIGURING REPLICATION PARTNERS 30 ALTERNATIVE IP ADDRESSING STRATEGY 31 ALTERNATE NAME RESOLUTION TECHNIQUES 32 NETWORK PLAN FOR THE UWS GLASGOW SITE 32 NETWORK PLAN FOR THE UWS CLYDE SITE 33 NETWORK PLAN FOR THE UWS HEAD OFFICE SITE 33 OVERVIEW OF THE UWS NETWORK INFRASTRUCTURE AS A WHOLE 34 TROUBLESHOOTING STRATEGY FOR UWS NETWORK 34 BACK UP AND FAULT TOLERANCE STRATEGY FOR NETWORK SERVICES 38 NETWORK HEALTH MONITORING AND ANALYSES 38 CONNECTIVITY SOLUTIONS FOR MULTI-VENDOR -ENVIRONMENT 40 REMOTE CONNECTIVITY TO UWS NETWORK USING VPN 41 CONFIGURING INBOUND VPN CONNECTION 41 CONFIGURING REMOTE ACCESS POLICIES 45 CONFIGURING OUTBOUND VPN CONNECTION 48 NETWORK COUNTERACTIVE APPROACHES WITH REGARDS TO SECURITY THREATS 50 IMPLEMENTATION OF CERTIFICATE SERVICES 51 IPSEC IMPLEMENTATION 56 References 62 INTRODUCTION This is a case study about a company called United Wholesale Scotland (UWS) based in Scotland with its head office in Edinburgh and...
Words: 5792 - Pages: 24
...IS 471 Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: • Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Determine which domain is impacted by the risk, threat, or vulnerability. Determine...
Words: 1159 - Pages: 5
...Top Threats to Cloud Computing V1.0 Prepared by the Cloud Security Alliance March 2010 Top Threats to Cloud Computing V1.0 Introduction The permanent and official location for the Cloud Security Alliance Top Threats research is: http://www.cloudsecurityalliance.org/topthreats © 2010 Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance “Top Threats to Cloud Computing” at http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf subject to the following: (a) the Guidance may be used solely for your personal, informational, non-commercial use; (b) the Guidance may not be modified or altered in any way; (c) the Guidance may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the Guidance as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance “Top Threats to Cloud Computing” Version 1.0 (2010). Copyright © 2010 Cloud Security Alliance 2 Top Threats to Cloud Computing V1.0 Table of Contents Introduction................................................................................................................................... 2 Foreword........................................................................................................................................ 4 Executive...
Words: 3759 - Pages: 16
...Security Domains & Strategies Here a Richman Investments there are several elements that are involved in our multi-layered security plan. I'm a little new at this so bear with me. I know that there seven domains of a typical IT infrastructure. I will discuss a few general security problems and solutions to those problems. I know that the user domain is by far the weakest link. User's are responsible for their use of IT assets. A good way to avoid this is to give users proper security awareness training and enforce strict policy violations. Another domain is the workstation domain. The desktop support group is responsible for the workstation domain. Ways to improve things would be to enable password protection on workstation for access and using good antivirus and malicious code policies. Up next is the LAN domain. The LAN support group is in charge of the LAN domain. This could be improved by making sure that the wiring closets, data centers, and computer rooms are locked and secure. You would have to keep in mind of your LAN-to-WAN domain. The network security group is solely responsible for the LAN-to-WAN domain. Ways to fix this would include applying strict security monitoring controls for intrusion detection and prevention and also disabling pinging, probing, and port scanning on all exterior IP devices within the LAN-to-WAN domain. Now let's talk about the WAN domain. the network engineer or WAN group is responsible for the WAN domain. Ways we could...
Words: 399 - Pages: 2
...Multi-Layered Security Outline To: Richman Investments Senior Management Outline includes: Security solutions for each of the seven domains. User Domain: This is where the first layer of defense starts for a layered security strategy. We will conduct security awareness training, restrict access for users to specific systems and programs, create an acceptable use policy, and track and monitor employee behaviors. Workstation Domain: Start by creating strong passwords to protect workstation access, then enable antivirus protections, and mandate security awareness training to all employees. This domain is almost as vulnerable as the user domain and also needs constant monitoring. LAN Domain: To prevent unauthorized access we can physically secure wiring closets and data centers, implement encryption protection, define strong access control policies and strong second-level authentications. LAN-to-WAN Domain: Disable ping, probing and port scanning, apply strict security monitoring controls, and update devices with security fixes and software patches right away are excellent measures to take. WAN Domain: Use encryption and VPN tunnels for end-to-end secure IP communications, and scan all e-mail attachments for type, antivirus, and malicious software. Back up and store data in off-site data vaults. Remote Access Domain: Establish user ID and password policies requiring periodic changes, set automatic blocking for attempted logon retries, and encrypt all data within the...
Words: 257 - Pages: 2
...Multi-Layered Security Outline To: Richman Investments Senior Management Outline includes: Security solutions for each of the seven domains. User Domain: This is where the first layer of defense starts for a layered security strategy. We will conduct security awareness training, restrict access for users to specific systems and programs, create an acceptable use policy, and track and monitor employee behaviors. Workstation Domain: Start by creating strong passwords to protect workstation access, then enable antivirus protections, and mandate security awareness training to all employees. This domain is almost as vulnerable as the user domain and also needs constant monitoring. LAN Domain: To prevent unauthorized access we can physically secure wiring closets and data centers, implement encryption protection, define strong access control policies and strong second-level authentications. LAN-to-WAN Domain: Disable ping, probing and port scanning, apply strict security monitoring controls, and update devices with security fixes and software patches right away are excellent measures to take. WAN Domain: Use encryption and VPN tunnels for end-to-end secure IP communications, and scan all e-mail attachments for type, antivirus, and malicious software. Back up and store data in off-site data vaults. Remote Access Domain: Establish user ID and password policies requiring periodic changes, set automatic blocking for attempted logon retries, and encrypt all data within the...
Words: 257 - Pages: 2
...Keith Brown (12110924) Mr. Marquez Security Policies Lab 4 Assessment Questions 1. Answer: * User Domain- AUP, Confidentiality Agreement, Background Checks on Employees, Disciplinary Actions * Workstation domain- Vulnerability Management, configuration Management, Security controls * LAN Domain- Vulnerability Management, Configuration Management, Security Controls, Data Back-up, Business Continuity/Disaster Recovery, Networking * LAN-to-WAN Domain- IP Networking, DNS, E-mail, Web, Remote Access via Internet, Internet Access, DMZ, VPNs, Secure Connectivity * WAN Domain- Service Providers SLAs, Managed Security Services, Monitoring, Reporting, etc. * Remote Access Domain- Secure Remote Access through Internet, Remote from Home, etc * Systems/Application Domain- Vulnerability Management, Configuration Management, Security Controls, Data Back-up, Business Continuity/Disaster Recovery, Networking 2. Answer: The User Domain- Human Resources personnel and the CEO or president of the organization are required to provide proper authority and disciplinary roles and responsibilities for policy implementation and enforcement. 3. Answer: Separation of duties is a security control put in place by accounting and IT professionals whereby the same person cannot define, approve, and implement and action of the organization. 4. Answer: This helps mitigate risk by eliminating the possibility that the same person can perform and hide...
Words: 459 - Pages: 2
