Preview

Nt2580 Unit 4 Assignment 1 Enhance An Existing IT Security Policy Framework

Good Essays
Open Document
Open Document
438 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Nt2580 Unit 4 Assignment 1 Enhance An Existing IT Security Policy Framework
Enhance an Existing IT Security Policy Framework The purpose of this policy is to define standards for connecting to Richman Investments network from any host. These standards have been designed to minimize the potential exposure to Richman Investments from damages which may result from unauthorized use of Richman Investments resources. Damages include intellectual property, the loss of sensitive or company confidential data, damage to critical Richman Investments internal systems, damage to public image, etc. Scope this policy applies to all Richman Investments employees, contractors, vendors and agents with a Richman Investments-owned or personally-owned computer or workstation used to connect to the Richman Investments network. This policy applies to remote access connections used to do work on behalf of Richman Investments, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to: frame relay, DSL, ISDN, SSH, VPN, dial-in modems, and cable modems, etc.
It is the responsibility of Remote Users to make sure that reasonable measures have been taken to secure the Remote Host used to access Richman IT Resources. This standard applies to all Remote Users of Richman IT Resources including staff, outside contractors, vendors, and other agents. Remote Access Security Standards All Remote Users must follow the security requirements set forth in this standard for any Remote Host accessing IT Resources prior to such access, as well as any guidelines, procedures, or other requirements issued by their departmental IT units and the owners of the IT Resource which are to be remotely accessed. Remote User responsibilities are described below: Remote User Requirements: Remote Users must make sure that their Remote Hosts used to access Richman IT Resources meet all security expectations specified in the End User Guidelines Security prior to accessing any Richman IT

You May Also Find These Documents Helpful

  • Satisfactory Essays

    NT2580 Project Part 1

    • 348 Words
    • 1 Page

    Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to the local network will be secured by user authentication passwords. Users will be limited to only the system resources that they absolutely need to complete their work. Users’ passwords must be changed every 90 days.…

    • 348 Words
    • 1 Page
    Satisfactory Essays
  • Better Essays

    This multi-layered security plan for Richman Investments will provide a short overview of the security tactics that will be applied at each level of the IT infrastructure.…

    • 1234 Words
    • 5 Pages
    Better Essays
  • Powerful Essays

    Main Security Concerns: As a rapidly growing business that primarily utilizes IT resources for intranet company communications between and among a single home office and three satellite offices; internal network access controls and remote employee user’s access controls seem to be of primary importance. Priority number one should be hardening and the safeguarding of access and data integrity of the Oracle database servers housed as the main office in Reston, VA. And separately at the San Diego satellite office A comprehensive security policy will be developed and approved by management that will detail the specific guidelines administrators must follow when allowed admin access to company IT resources and services, and when and how those permissions should be denied or allowed. Additionally, auditing and logging of critical events should be implemented utilizing a reliable SEIM (Security Information and Event Management) system. Moreover, control of user access from remote sites via the company intranet via VPN’s and remote access via RADIUS should be strengthened and monitored for both qualitative and quantitate analysis and measuring. Cryptographic techniques will be enhanced and login and password requirements will be strengthened. Of significant importance is the company web presence and corporate access to its knowledge base portal within the company intranet. The company web presence is of vital importance to allow customers to access information concerning the company’s products and services. The knowledge portal is vital for company employees to have access to propriety information while protecting their confidentiality, integrity, and availability of the data. We will separate and hardened both the web server and the knowledge portal via…

    • 2606 Words
    • 11 Pages
    Powerful Essays
  • Satisfactory Essays

    When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems.…

    • 651 Words
    • 3 Pages
    Satisfactory Essays
  • Better Essays

    SANS - Information Security Resources | Information Security Policy Templates |. (n.d.). Retrieved from http://www.sans.org/security-resources/policies/…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Good Essays

    The Remote Access Domain- connects remote users to the organization’s IT infrastructure. Remote access is critical for staff members who work in the field or from…

    • 801 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    The Internal Use Only data classification standard of Richman Investments has many different infrastructures domains that are affected via internal use only data classification. More than all others, the three infrastructures that are affected the most are the User Domain, Workstation Domain and the LAN Domain.…

    • 285 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Unit 9 Assignment 1

    • 582 Words
    • 2 Pages

    - Ensure compliance requirements of this policy concerning data at rest and role-holders access to managed networks, systems and servers…

    • 582 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH.…

    • 848 Words
    • 4 Pages
    Good Essays
  • Good Essays

    All laptops and desktops should be running Windows 7. Windows XP will not be supported after May 2014. Also, they should be running some type of Anti-Virus software and laptops should be encrypted in case of the laptop being stolen. (Dell, 2011)…

    • 746 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    lab 4

    • 451 Words
    • 2 Pages

    Internet use at Richman is only authorized to conduct Company business only. Internet use can easily allow hackers to see confidential Company information and allow viruses. This allows the hackers to get passwords and other important things. Which is why we want the staff at Richman’s to only use the internet for business only and business only sites. Employees can only check their business…

    • 451 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    This course covers the managerial and technical considerations related to access controls, authentication, external attacks, and other risk areas facing the enterprise. This course will also survey the techniques to prevent unauthorized computer and facility access as well the concepts for protecting the hardware and software assets of the enterprise.…

    • 2331 Words
    • 10 Pages
    Satisfactory Essays
  • Powerful Essays

    Paper on Physical Security

    • 4681 Words
    • 19 Pages

    An important consideration of an information or operating system of a business or organization is to have a security system that protects information, data, and integrity of the company’s sensitive information and records. If a business or company does not have adequate security, financial, sensitive, and classified information may be compromised and prone to possible viruses and malware, hacking, or at risk of a cyber-attack to the company’s data resulting in possible financial loss. If this scenario is the case, extensive resources most likely will be required to repair or undo the damage caused by the breach of security or virus. This essay will discuss the Service Request SR-rm-013 for Riordan Manufacturing and address security issues and concerns. In addition, this document proposes solutions, methods, and options, and provide information that would best suit the company’s needs and requirements for the security and integrity of sensitive data, based on Riordan’s current security, operating system, and database.…

    • 4681 Words
    • 19 Pages
    Powerful Essays
  • Better Essays

    Program policies: addresses overall IT security goals and it should apply to all IT resources within an institution. The institution’s president or an appointed representative must direct policy development to ensure that the policies address the IT security goals of all systems operating within the institution. For instance, program policies can address confidentiality or service availability. All program policies should meet the following criteria: Comply with existing laws, regulations, and state and federal policies. Support and enforce the institution’s mission statement and organizational structure. The components of an adequate program policy are defined as System-specific policies: addresses the IT security issues and goals of a particular system. Large facilities may have multiple sets of system-specific policies that address all levels of security from the very general to the particular (system permissions that reflect the segregation of duties among a group of employees). Issue-specific polices will address particular IT security issues such as, Internet access, installation of unauthorized software or equipment, and sending/receiving e-mail attachments. Complying with regulations such as: The Health Insurance Portability and Accounting Act, The Gramm-Leach-Bliley Act , The Sarbanes-Oxley Act , and Massachusetts 201 CMR 17.00,…

    • 1375 Words
    • 6 Pages
    Better Essays
  • Powerful Essays

    Domain 5 of CISA Exam

    • 2217 Words
    • 7 Pages

    Domain 5 of the CISA exam covers protection of information assets and includes eight areas of competence. This part of the CISA exam is weighted 30 percent of the overall score, which is the most of any domain. This emphasizes the importance of information asset protection to CISA and to organizations. This research considers each of those eight aspects.…

    • 2217 Words
    • 7 Pages
    Powerful Essays