Preview

Unit 4 Assignment 1: Enhance and Existing It Security Policy Framework

Good Essays
Open Document
Open Document
399 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Unit 4 Assignment 1: Enhance and Existing It Security Policy Framework
Unit 4 Assignment 1: Enhance and Existing IT Security Policy Framework
Richman Investments Remote Access Standards
Purpose:
This document is designed to provide definition of the standards for connecting remotely to Richman Investments’ network outside of the company’s direct network connection. The standards defined here are designed to mitigate exposure to potential damage to Richman Investments’ network, resulting from the use of unauthorized use of network resources.
Scope:
All Richman Investments agents, vendors, contractors, and employees, who use either Richman Investments company property or their own personal property to connect to the Richman Investments network, are governed by this policy. The scope of this policy covers remote connections, used to access or do work on behalf of Richman Investments, including, but not limited to, the viewing or sending of e-mail, and the viewing of intranet resources.
Policy:
Richman Investments agents, vendors, contractors, and employees with privilege to remote access to Richman Investments’ corporate network are responsible for ensuring that they adhere to these standards, whether using company-owned or personal equipment for data access, and that they follow the same guidelines that would be followed for on-site connections to the Richman Investments network.
General access to the Internet by household members via the Richman Investments network will be permitted, and should be used responsibly, such that all Richman Investments standards and guidelines are enforced for the duration of Internet activity. The Richman Investments agent, vendor, contractor, or employee will bear any responsibilities and consequences for any misused access.
Requirements:
* Remote access must be secure and strictly controlled. Enforcement of control will be via password authentication or private/public keys with strong pass-phrases. * Richman Investments employees should, at no time, provide their security



Cited: Stephen. "SANS Remote Access Policy." SANS Institute. N.p., 2006. Web. 21 Jan. 2013. <http://www.sans.org/security-resources/policies/Remote_Access_Policy.pdf>.

You May Also Find These Documents Helpful

  • Satisfactory Essays

    NT2580 Project Part 1

    • 348 Words
    • 1 Page

    Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to the local network will be secured by user authentication passwords. Users will be limited to only the system resources that they absolutely need to complete their work. Users’ passwords must be changed every 90 days.…

    • 348 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Router Management Out-of-Band Management Username and Password Authentication. Traffic VPN and Tunnel Based Traffic ACL and Tunnel Traffic Established Between Trusted End Points. UDP and TCP Protocol Enforcement with Stateful Firewall Access list Source and Destination, Address and Session established with Layer 7 Firewall Protection.…

    • 155 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Nt1310 Unit 8 Lab 1

    • 421 Words
    • 2 Pages

    3. Who will have access to the systems and how will this access be monitored?…

    • 421 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    This multi-layered security plan for Richman Investments will provide a short overview of the security tactics that will be applied at each level of the IT infrastructure.…

    • 1234 Words
    • 5 Pages
    Better Essays
  • Powerful Essays

    Main Security Concerns: As a rapidly growing business that primarily utilizes IT resources for intranet company communications between and among a single home office and three satellite offices; internal network access controls and remote employee user’s access controls seem to be of primary importance. Priority number one should be hardening and the safeguarding of access and data integrity of the Oracle database servers housed as the main office in Reston, VA. And separately at the San Diego satellite office A comprehensive security policy will be developed and approved by management that will detail the specific guidelines administrators must follow when allowed admin access to company IT resources and services, and when and how those permissions should be denied or allowed. Additionally, auditing and logging of critical events should be implemented utilizing a reliable SEIM (Security Information and Event Management) system. Moreover, control of user access from remote sites via the company intranet via VPN’s and remote access via RADIUS should be strengthened and monitored for both qualitative and quantitate analysis and measuring. Cryptographic techniques will be enhanced and login and password requirements will be strengthened. Of significant importance is the company web presence and corporate access to its knowledge base portal within the company intranet. The company web presence is of vital importance to allow customers to access information concerning the company’s products and services. The knowledge portal is vital for company employees to have access to propriety information while protecting their confidentiality, integrity, and availability of the data. We will separate and hardened both the web server and the knowledge portal via…

    • 2606 Words
    • 11 Pages
    Powerful Essays
  • Satisfactory Essays

    This model would support Role based access controls and allow mandatory access control to be governed by remote access. The IS Dept. is responsible for maintaining the access and access rights and prividgles and restricted as needed by user roles in the organization. All data is encrypted and transmitted via remote and encrypted and used by the vpn tunnel. VPN access will be terminated on a 3 month basis and must be renewed by revisiting based on your access role and…

    • 297 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Richman Investment needs and new enterprise encryption strategy. This is for a more secure network. They are wanting to grow to 10,000 employees worldwide. Richman Investment wants to operate out of 20 different countries in the future. This is very easy to do but to have a secure network there are many things that would have to happen which will make this more difficult to do. Have a secure network takes a lot of work and has to be monitored 24 hours a day 7 days a week. There are many different ways to go about this topic the one I am going to pick is a public key infrastructure (PKI).…

    • 444 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Unit 9 Assignment 1

    • 582 Words
    • 2 Pages

    - Ensure compliance requirements of this policy concerning data at rest and role-holders access to managed networks, systems and servers…

    • 582 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Employees will be also using the workstation domain is where they will connect to the company’s network. Tight security and access controls will be enforced on company equipment and users must have proper access rights…

    • 539 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Az Well

    • 802 Words
    • 4 Pages

    3. In what other ways might the company use the Internet for its own benefit?…

    • 802 Words
    • 4 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit 3 Ip

    • 732 Words
    • 3 Pages

    3. In what other ways might the company use the Internet for its own benefit?…

    • 732 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    The company’s computer network, including its connection to the Internet, is to be used for business-related purposes. Any unauthorized use of the Internet is strictly prohibited. Unauthorized use includes, but is not limited to, connecting, posting, or downloading pornographic material; engaging in computer “hacking” and other related…

    • 696 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH.…

    • 848 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    lab 4

    • 451 Words
    • 2 Pages

    Internet use at Richman is only authorized to conduct Company business only. Internet use can easily allow hackers to see confidential Company information and allow viruses. This allows the hackers to get passwords and other important things. Which is why we want the staff at Richman’s to only use the internet for business only and business only sites. Employees can only check their business…

    • 451 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    I have reviewed your needs and circumstances and have designed a remote access control policy that will work for you and your company.…

    • 775 Words
    • 4 Pages
    Better Essays