...system access and all of its system assets are hard wired locally. These systems currently utilize Legacy Novell backbone to support its File Servers, Case Management System and it’s Directory Services. While connecting the two networks can be accomplished, there are some potential challenges facing the MAB network. A Windows Server 2008 Domain controller should be added to the Bellview side of the network. The MAB leadership must consider obtaining some immediate cross-training so that associates can obtain the knowledge to operate both case Management Systems. Future phase of this project will require upgrading from legacy Case Management Systems to a universal Case Management System to be used by all authorized MAB employees. Managing access control for user security also presents a challenge. First, determining authorization and security access and determining...
Words: 934 - Pages: 4
...• haQuestion 1 10 out of 10 points Proprietary information is information which may give an organization a competitive edge. Answer Selected Answer: True Correct Answer: True Response Feedback: Correct • Question 2 0 out of 10 points Integrity involves implementation of the necessary level of secrecy and prevention of unauthorized disclosure of sensitive information and resources. Answer Selected Answer: True Correct Answer: False Response Feedback: Incorrect • Question 3 0 out of 10 points Obtaining buy-in on an information security program can be difficult because it is difficult to quantify the return on investment. Answer Selected Answer: False Correct Answer: True Response Feedback: Incorrect • Question 4 10 out of 10 points Availability is concerned solely with providing reliable access to data to authorized individuals. Answer Selected Answer: False Correct Answer: False Response Feedback: Correct • Question 5 10 out of 10 points Integrity involves assuring that the users accessing the information are authorized to do so. Answer Selected Answer: False Correct Answer: False Response Feedback: Correct • Question 6 10 out of 10 points The main objective of information security is to preserve the availability, integrity, and confidentiality of information and knowledge of an organization. Answer Selected Answer: True Correct Answer: ...
Words: 356 - Pages: 2
...Ken Schmid Unit 3 Assignment 1 Remote Access Control Policy for Richman Investments Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge...
Words: 312 - Pages: 2
...Teach users to utilize their machine properly and you can effectively cut down on simple mistakes that leave the system open to attacks. Another point of security to look at is the user's ability to bring in and corrupt data using CDs, DVDs and USB drives. Automated virus scanning for files transferred from one of these devices or banning these items and disabling the use of them on the individual computers will fix most occurrences of this type of attack. Aside from the User domain another possible weak point is the Remote Access Domain, Being that the users are off site it is hard to say that the users password information has not been compromised. In such cases when abnormalities are spotted or data is accessed without proper authorization, data should be completely encrypted to prevent any sensitive materials from being sold or presented to the open market. To avoid people logging onto our systems remotely or by brute force attack, password delay and or denial after so many tries should be implemented, similarly real time lock out procedures should be taken in the event of theft of equipment. The workstation domain comes with its own problems such as unauthorized access to the system, the way to fix this...
Words: 474 - Pages: 2
...Magnetic tape backups will be performed every evening (except for Sunday when tape drives will be cleaned and maintained). All data backups will be perform only by an authorized member of McBride's in-house IT department. Another way that McBride will now protect sensitive data is through account access controls. Passwords, encryption, and pertinent classification of data are a few measures that will be implemented to ensure this protection. Every procedure and process within McBride will be group into separate access levels and assigned an id. In conjunction with this id, all employees will be assigned a user id and password for logging onto any and every system within the company. This user id will identify every employee’s personal authorizations within the company. This will limit and/or authorize there access within each application within the system....
Words: 663 - Pages: 3
...Check point TJX Company IT/205 MAY 24, 2012 Check point TJX Company Information security means protecting information systems from unauthorized access. To my understanding TJX failed to properly encrypt data on many of the employee computers that were using the wireless network, and did not have an effective firewall installed. In the reading it indicated that TJX was still using the old Wired Equivalent Privacy (WEP) encryption system, which is relatively easy for hackers to crack. The Wi-Fi equivalent privacy (WEP) was considered old, weak and ineffective, therefore I could say the security breach that TJX had experience was a resulted by using a cheap and inexpensive wireless Wi-Fi network like the Wired Equivalent Privacy (WEP) encryption system, which make it easy for hackers to navigate. This is why it is important that TJX should have invested in using the wireless Wi-Fi Protective access 2 (WPA2) The Wi-Fi Protected Access 2 (WPA2) standard in conjunction with a sophisticated encryption system could have been used to replace the WEP. In that situation an effective firewall would have prevent unauthorized users from accessing private networks, meaning firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network. An effective Firewall could have reduced the ability for hackers to gain access to sensitive information. A data security breach could result a variety of issues some of them could be loosing of confidence...
Words: 436 - Pages: 2
...TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges...
Words: 295 - Pages: 2
...General Security Plan for Richman Investments The SSCP (Systems Security Certified Practitioner) consists of the following seven domains: 1. Access Controls – policies, standards and procedures that define who users are, what they can do, which resources and information they can access, and what operations they can perform on a system. • Software - PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks. 2. Security Operations and Administration – identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. • Software - Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. • AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats (e.g. dump and/or GNU tar) and can back up a...
Words: 1010 - Pages: 5
...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the...
Words: 726 - Pages: 3
...Internal use only data classification would include the User domain, the workstation domain, and the LAN domain. These domains are the basic IT infrastructure domains, and they will cover all the users and workstations in the company. The Internal use only classification will cover info such as telephone directory, internal policy manuals, and new employee training material. The user domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. The Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something like this from happening, the Richman Investments can hire a professional to train all employees for a security awareness campaign and programs throughout the year The LAN domain includes all data closets and physical as well as logical elements of the LAN. This domain needs strong security, being that it is the entry and exit points to...
Words: 300 - Pages: 2
...Three IT infrastructure domains that are affected by the standard and are affected by “Internal Use Only” are the User, Workstation and LAN domain. The user domain is made up of the people who can access the information with an AUP. This domain is considered one of the weakest and most affected for several reasons, but mostly the lack of user awareness. The second is the workstation domain. This domailn is made up of the devices that employees use to connect to the IT infrastructure. This domain requires a strong security and controls because this is where users first access the system. If you can have unauthorized user access situation; make sure you have a strong password and screen lockout policy in place. If you have any software vulnerabilities or software patch updates that are needed; make sure you have the workstation OS vulnerability window policy in place so to it can be consistently monitored and updated. And the third domain is the Local Area Network domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel and requires a strong security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN support group is in charge maintaining and securing this domain. The biggest threat to the LAN domain is Un-authorized...
Words: 286 - Pages: 2
...Unit 7 Assignment 2: Design an Encryption Strategy One security option that should be used is the Privacy option for confidentiality. This will help keep information from prying eyes unless the user is authorized. Sensitive information such as SSN (social security numbers), personal home addresses and phone numbers, or other personal information will be kept from employees that do not have the permissions to see this. This should be implemented on all of the managed networks/domains. Richman Investments should use the Access control feature. Using access control will restrict access to network resources and would require the user to have rights/privileges to the information. Used alongside the first feature, this gives the users proper permissions to information and this will help keep users out that don’t need or have access to those sections. Finally, would be to use the Receipt feature. This will help ensure the user that the item they are emailing is getting to the proper user and destination. The user sending the email will receive a receipt stating that the person has received the email. This helps the sender knows that the user got their email and not someone else. It should also be set up once the email is opened, depending on the content of the email; a second conformation receipt is sent stating a time stamp of exactly when the email was read. All emails should include a digital signature so that users know that it came from someone in the company. Many...
Words: 285 - Pages: 2
...RICHMAN FINANCIAL INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security...
Words: 751 - Pages: 4
...Timothy Hicks IS4680 Lab7 Auditing the LAN-to-WAN Domain for Compliance 1. People threats, Viruses and related threats, physical threats, pc vulnerability, the pc virus, lan access and internetworking. 2. An access control list (ACL) is a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. ACLs contain access control entries (or ACEs) that describe the permissions associated with objects and object properties. For a security principal, an ACE defines the rights which are denied, allowed and audited for a particular security principal. 3. A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. An example of this is a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers. 4.Two examples of an enclave requirement are 1) a set of resources requires uninterrupted 24/7 availability. And 2) Proprietary information must be shared must be shared among several computers. 5.SPI is a basic firewalling feature...
Words: 653 - Pages: 3
...Abstract Access control systems were examined to determine if a network based system would be more reliable and beneficial. Two major systems were determined to be very beneficial to the company. In contrast, the systems would consume a great deal of resources in order to be put into full working order at all sites worldwide. Together these findings suggest that using a network based system can ultimately serve the company better and create a more secure environment for the research and the employees. Keywords: Access control, CCURE, Locknetics, security, networking Network Based Access Control Systems: What Are They? Personal and confidential information can easily be accessed at sites if the access to the specific areas is not updated quickly enough. To secure and protect this data, technology must adapt to mitigate the threats and risks. Applications and services are becoming mobile across multiple resources, sometimes in a dynamically allocated way, necessitating the migration of sensitive and private data. I propose a network based access control system to address the inadequacies of current technological solutions in preserving the confidentiality and privacy of data, along with the safety and security of the site. More specifically, I describe a solution for securing all Bristol-Myers Squibb sites throughout the world. Access control systems have become a basic way of life for many businesses, especially large businesses. There are many different variations...
Words: 2919 - Pages: 12