Data Classifications Standards
Richman Investments
Data Classification Standards help Richman Investments to consistently define how this organization should handle and secure our various types of data. This report will focus on the internal use only data and how each of these domains are affected by these standards. Internal use only data refers to information that may or may not be confidential. It is imperative that our organization keep this information in house and away from the public and realize the Domains that need to be addresses with these rigid standards. The three standards that are at the top of the list for our company that will be directly affected are the User, Work Station, and LAN Domains.
The following “internal use only” data classification standards should be applied here at Richman Investments.
The User Domain is made up of the employees that have access to the organizations equipment and network and is the weakest link in any IT infrastructure, including the one here at Richman Investments. The amount of social networking and the errors that are made by employees may end be detrimental to the network and cause data to be lost, tampered with, or stolen. The best way to avoid this would be to implement an Acceptable Use Policy (AUP). This will inform the employees what they can and cannot do with company information, resources, and equipment. Anyone that abuses the AUP will be held accountable for their actions. Employees must have their individual permissions for what they can and cannot do in order to make them accountable. It is the responsibility of the HR to check the background of each employee thoroughly and follow with regular evaluations. It is also important that security control audits are performed to secure the system against risks and threats.
The Work Station Domain is important and is directly affected by the “internal use only” standard. The Work Station Domain is the place where the user can access the organizations network and all applications or data on the system. This Domain requires tight security and access controls. The system will need to be hardened, meaning that all computers will need to have the latest software revisions, security patches, and system configurations. It is also important to only allow company approved devices in or around the workstation. Our most secure response to the threat of devices around the work stations would be to completely deactivate all CD, DVD, and USB ports. We could also enable automatic antivirus scanning for CDs, DVDs, and USB devices, but I would rather deactivate the ports and not have these available at the workstations. It is important that each user have their own login and password information that is not accessible to anyone else. It is the job of the desktop support group to enforce and define standards to ensure integrity of the workstations and data. Having logins and passwords for each employee will also ensure that no one outside or within the organization will be able to access any information on their workstations, thus eliminating those threats. The only individuals that will be able to access the network will be those that have been added to the system by an IT administrator.
The LAN Domain is a collection of computers that are connected to one another or to a common medium such as wires, fiber optic cables, or radio waves. The LAN domain needs strong security and access controls. The threats to this domain include unauthorized access to hardware closets, switches, database servers, wireless keys, and routers from unauthorized personnel. This is a security risk to the server. In order to ensure these risks are avoided, equipment closets and server rooms must remain secure at all times whether through lock and key, or access locks or key cards. Wireless contingencies will be in place to prevent leaks of keys such as changes to access and MAC address tables to verify devices that are authorized. If the device is not authorized, access will be denied. Employees must register all new devices with IT administrator and these devices will be monitored to ensure maximum security. Backup and contingency plans will be in place for any mishap or disaster.
This report has outlined three of the domains from the IT infrastructure here at Richman Investments and has shown security issues and how they will be addressed. Strict policies must be put into place to protect the “internal use only” data as well as the network for the organization. This will only come with complete compliance from all parties involved. If the policies are not followed, training and further action will be necessary to prevent any preventable risk to vital data within this organization.
You May Also Find These Documents Helpful
-
Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to the local network will be secured by user authentication passwords. Users will be limited to only the system resources that they absolutely need to complete their work. Users’ passwords must be changed every 90 days.…
- 348 Words
- 1 Page
Satisfactory Essays -
You must demonstrate the various methods for using the runas utility to allow administrators to reduce the exposure of administrative accounts.…
- 322 Words
- 2 Pages
Satisfactory Essays -
1. Cut-through frame processing by a switch allows the switch to discard frames that fail the FCS check.…
- 1061 Words
- 5 Pages
Satisfactory Essays -
The purpose of this policy is to define standards for connecting to Richman Investments network from any host. These standards have been designed to minimize the potential exposure to Richman Investments from damages which may result from unauthorized use of Richman Investments resources. Damages include intellectual property, the loss of sensitive or company confidential data, damage to critical Richman Investments internal systems, damage to public image, etc.…
- 438 Words
- 2 Pages
Good Essays -
The Internal Use Only data classification standard of Richman Investments has many different infrastructures domains that are affected via internal use only data classification. More than all others, the three infrastructures that are affected the most are the User Domain, Workstation Domain and the LAN Domain.…
- 285 Words
- 2 Pages
Satisfactory Essays -
In a computer network internet protocol is used for communication, to each device such as printers and computers a numerical label called an IP (Internet Protocol) Address is assigned. There are two functions of an IP Address a host or network interface identification, and also provides a location addressing. The basic elements of a network are the IP Address and Subnet Mask. There is also switching and routing which after you connect devices to switches and routers, data packets can be moved across the network. The Internet Protocol Version 4 (known as IPv4) is a protocol highly used even today, this IP Address consist of a 32-bit number in decimal or binary in four parts. In 1995 Internet Protocol Version 6 (known as IPv6) was created due to a high growth of the Internet, and the reduction of…
- 413 Words
- 2 Pages
Satisfactory Essays -
Statements such as “highest standards” and “particular precautions” are not clear on how they apply to this specific case. Each company should have specific standards, all agreed upon, on how they will interact and handle the shared data, and communications involved with it. This is one small step in protecting Finman’s patents, copyrights and intellectual…
- 1235 Words
- 5 Pages
Better Essays -
In regards to the Internal Use Only data classification field, there are different IT infrastructure domains that can be affected. After researching I have decided that these are at the top of that list: the User Domain, the Workstation Domain, and the LAN Domain. I will identify each domains weaknesses individually.…
- 501 Words
- 3 Pages
Satisfactory Essays -
Three IT infrastructure domains that would be mostly affected by the “Internal Use Only” data classification standard would be the User Domain, the Workstation Domain, and the LAN domain.…
- 578 Words
- 3 Pages
Good Essays -
IS Ch 1, Lecture: Introduction to management information systems and enterprise Ch 5 & Ch technology management 10 Lecture: Technology fundamentals Reading: A conversation about information technology 1. In your experience, does this conversation ring true? 2. Why are many business managers frustrated with organizational IT? 3. Why are many IT managers frustrated with ‘the business side’? 4. What can be done to improve relations between the two sides? Activity: A group discussion of Open versus Closed systems models. Session 2 Key question: How can you use information systems to get the Mar 5 most out of organizations? IS Ch 11 Lecture: Organizational information systems & Enterprise systems Case: Business Intelligence Software at SYSCO Activity: Information structures & organizational effectiveness Session 3 How can you manage the balance between security and privacy, Mar 12 openness and access? IS Ch 6, Ch 12, & Ch 13 Lecture: IS ethics, privacy, computer crime, and security Case: ChoicePoint (A) 1. What is your appraisal of ChoicePoint’s business model? 2. How legitimate are the concerns voiced by the industry critics? 3. In Derek Smith’s position, what internal changes, if any, would you make to address the issues discussed in the case? 4. In Derek Smith’s position, what would you recommend to the U.S. Congress regarding regulation of the personal data industry? Discussion: Information security vs…
- 2205 Words
- 9 Pages
Powerful Essays -
Understanding the issues around regulatory compliance can be a difficult and frustrating endeavor. Financial data must be kept confidential and unmolested at all costs. With data reporting, security and privacy gaining importance, companies world-over are under increasingly complex requirements for regulatory compliance. The intent of these multiple regulations and industry standards is to ensure the security, availability and integrity of business information. Companies which don’t comply with these regulations risk legal action as well as fines and restrictions.…
- 704 Words
- 3 Pages
Satisfactory Essays -
References: Bott, F. (2005), Professional Issues in Information Technology, The British Computer Society, Wiltshire. Data Protection (n.d.), http://www.bcu.ac.uk/health/research/ethics-and-indemnity/ethicsapplications/data-protection. Accessed: 05/01/2013. Lee, M. (2012), ‘Professional Computing module’, http://www.cs.bham.ac.uk/ mgl/profcomp/lectures/. Filetype: Pdf, Accessed: 02/01/2013.…
- 434 Words
- 2 Pages
Satisfactory Essays -
1.3 Standardized office environment maintained globally: unique office environment for Regus, Customer service and technological infrastructure.…
- 1489 Words
- 7 Pages
Good Essays -
All company property including desks, storage areas, work areas, lockers, file cabinets, credenzas, computer systems, office telephones, cellular telephones, modems, facsimile machines, and duplicating machines must be used properly and maintained in good working order.…
- 1661 Words
- 7 Pages
Good Essays -
First of all, prohibiting social websites at work facilitates companies to protect from the danger of information leakage. Some users of social websites such as Face-book or Twitter usually send links to their friends to share interesting news or funny video clips. Being aware of this, hackers start to make friends with the employees using Face-book or twitter, and then send them links, which probably contain viruses or spywares. If they succeed, those hackers will be able steal all of the secret information and new business strategies of the company. It is obvious that employers do not want their company’s secret plans lost, so the banning of social websites at work is an essential measure.…
- 502 Words
- 3 Pages
Good Essays