Nt2580- Project Part 1

In: Computers and Technology

Submitted By mads0n69
Words 779
Pages 4
Project Part 1 Multi-Layered Security Plan Outline
The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month.

1. User Domain
a. This Domain includes Individuals within an organization who access its information.
b. An acceptable use policy to define what users can and cannot do with company IT information will be created.
c. Managers should review security awareness training and review acceptable use policies with employees periodically.
d. Internal CD drives and USB ports will be disabled.
e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup.
f. Restrict access for users to only applications, data and systems needed to perform their job.
g. Monitor and track employee behavior and their use of IT infrastructure during off hours.
2. Workstation Domain
a. Systems where most users connect to the IT infrastructure.
i. Workstations can be any desktop, laptop, or other device that connects to an organizations network.
b. Password protection on all workstations.
c. Auto screen lockout for inactive times.
d. Strict access control procedures, standards, policies, and guidelines.
e. All CD, DVD, and USB ports will be disabled.
f. Automated antivirus solution that updates and scans each workstation automatically.
g. Vulnerability policies for workstation operating systems and application software
3. LAN Domain
a. LAN domain includes both Logical configuration and physical network components.
b. Wiring closets, data centers, and computer rooms need to be secured.
c. Strict access control procedures, standards,…...

Similar Documents

Nt2580 Project 1 Multi Layered Security Plan

...NT2580 Project Part 1: Multi-Layered Security Plan When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has antivirus and malware protection installed on them. Laptops are very vulnerable for loss or theft, so all company laptops should have an encrypted hard drive so that if they are stolen, the data contained on them is not recovered by anyone but the owner. For the LAN domain, we need to have training about email scams. Most users know not to access suspicious emails when on our system but a quick training course will help. Also, adding spam filters will help get rid of most of the junk email, so there is much less risk of employees opening emails containing malware. In the LAN-to-WAN......

Words: 505 - Pages: 3

Nt2580 Project 1

...Running head: Solution to multi-layered security Solution to multi-layered security Chris Condon NT2580 09/28/2013 Abstract We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain - Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or......

Words: 395 - Pages: 2

Project Part 1 Nt2580

...Multi-Layered Security Plan The general IT Infrastructure has seven layers: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and the System/Application Domain. All of the different layers are different aspects of your network that need to be protected against malicious attacks and vulnerabilities. In the following I have highlighted each domain and my best suggestions for security solutions. Starting with the user domain the most important thing here is to make sure that all users are trained and knowledgeable of acceptable usage of the equipment at work and their access to the employer’s network. The best way is to train them on an acceptable use policy (AUP) which outlines the dos and don’ts of using software application, email and web-access, along with their access to physical equipment. This policy should not only out line all of the above but it should also have an outline of disciplinary actions as well so the employees take the training seriously. They should also have each employee sign the AUP to recognize that they have read and understand what it means and what is expected of them. The workstation domain is where you need to start implementing login ID’s and passwords for all users and visitors. This helps to validate anyone who needs access to the systems to make sure that they have the credentials to login and also to provide the information to the system of what level of access they can have. For example,...

Words: 1187 - Pages: 5

Nt2580 Project 1 Multi Layered Security Plan

...Nt2580 Project 1 Multi Layered Security Plan Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. Project Part 1 Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b....

Words: 489 - Pages: 2

Nt2580 Project Part 1

...PART 1 The following document outlines Richman Investments security measures for IT infrastructure. There are many components that make up the Richman Investments network, and so there should be a multi-layered security solution to protect it. The server room has been located in the central part of the building, and will be physically protected by electronic door locks with keypad combination access. There are a limited number of personnel who will have access to this room in order to decrease the potential for tampering. Each of these personnel will have their own access code, and a digital log will be kept of all access. All of the servers will be virtual, and a backup of each server will be refreshed weekly and saved to cloud storage. All company data will be backed up and saved to cloud storage daily. All users requiring remote access will have a VPN set up with strict login requirements. These users will also have their laptops checked by the IT department on a monthly basis to ensure that they are in compliance with company security policy. Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access......

Words: 353 - Pages: 2

Curse Project Part 1

...Course Project – Part I Introduction The Course Project is an opportunity for you to apply concepts learned to a real-life simulation experience. Throughout the Course Project, you will assume that you work as a financial analyst for AirJet Best Parts, Inc. The Course Project is provided in two parts as follows: Part I – In Part I, you work with AirJet Best Parts, Inc. staff to identify the best loan options, as well as to evaluate stocks and bonds. Part II – In Part II, you will provide the company with a recommendation for purchasing a new machine. You will base your recommendation on the Net Present Value (NPV) of the capital investment project using the cost of capital (WACC) as your discount rate. About AirJet Best Parts, Inc. AirJet Best Parts, Inc. is a company dedicated to the design and manufacturing of aviation and airplane technologies and parts. The company has commercial and military clients worldwide. Task 1: Assessing loan options for AirJet Best Parts, Inc. The company needs to finance $8,000,000 for a new factory in Mexico. The funds will be obtained through a commercial loan and by issuing corporate bonds. Here is some of the information regarding the APRs offered by two well-known commercial banks. Bank | APR | Number of Times Compounded | National First | Prime Rate + 6.75% | Semiannually | Regions Best | 13.17 | Monthly | 1. Assuming that AirJet Parts, Inc. is considering loans from National First and Regions Best, what......

Words: 1015 - Pages: 5

Project Part 1

...Project Part 1 I am the project manager for Global Communications, a multinational company that installs communication systems using a wide variety of communication technologies, ranging from stringing wire to fiber optics. While the corporate offices of Global Communications are located in the U.S., there are other divisions operating in the UK, Russia, Germany, France, Italy, China, India, Japan, Egypt, Mexico, and Argentina. The composition of project teams in Global Communications varies depending upon the project. However, a typical project team comprises a hardware engineer, a software engineer, a testing engineer, a network administrator, human resources for training, administrative support personnel, and computer programmers. A typical project involves drafting and design, procurement, and transportation and logistics. Recently, the Ministry of Communication of a small country in the Caribbean has approached Global Communications. The country has had a communication hardware failure that caused a breakdown of its entire communication system. My task as a project manager is to put together a project team that will ascertain the extent of the damage and recommend a course of action for the country to follow. I will begin this project by identifying the critical success factors (CSFs) necessary for the success of the project. Virtual teams are more complex because they cross boundaries related to time, distance, and organization (Duarte & Snyder, p.......

Words: 585 - Pages: 3

Nt2580 Project Part 1

...implemented through the seven domain layers of our IT infrastructure. 1. User a. Education – use of strong passwords, locking work stations b. restrict access to critical user files only – principle of least privilege 2. Workstation a. Access control – password protected workstations and auto screen locking b. Antivirus-Strong, automatic programs that scan for threats 3. LAN a. Physical security – All wiring closets and server rooms should be locked b. Set up encryption between workstations and wireless access points. 4. LAN to WAN a. Disable unused ports, ping, and port scanning on exterior devices b. Strict zero-day policy for patching c. Strict security monitoring for intrusion detection Tyler Straub 3 5. WAN a. Use encryption and VPN tunnels to secure sensitive data on the internet b. Use anti-virus to scan all e-mails for malicious attachments 6. Remote access a. Encrypt all portable data devices that connect remotely to secure sensitive data b. Apply stringent password policies so remote devices only connect with authorized and authenticated users. 7. System/Application a. Data backup shall be used with daily, incremental backups and will be kept off site b. A business continuity plan shall be implemented and tested to keep critical services running in the event of a disaster. Tyler Straub 4 Citation Page (1)......

Words: 345 - Pages: 2

Nt2580 Research Project Part 2

...Project Part 2: Security Domain and Strategies Now that Richman Investments has expanded with more offices, locations and clients, the need for protection of assets are greater. We have decided to implement the following policy for removable media: Richman Investments staff may only use Richman Investments’ removable media in their work computers. Richman Investments removable media may not be connected to or used in computers that are not owned or leased by the Richman Investments without explicit permission of the Richman Investments IT manager. Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or federal agencies. When sensitive information is stored on removable media, it must be encrypted in accordance with the Richman Investments’ Acceptable Encryption Policy. Security assurance and user-friendly sites are required if Richman Investments is to be successful at attracting customers to their Internet sites. It is therefore important to be able to understand the business requirements and be able to translate these into a public network presence with security in mind. The Digital revolution of the 21st Century has not been achieved without its consequences. Real time business requirements and economic drivers have forced rapid changes to the methods used to conduct business-to-business and business to client communication. The Internet has now......

Words: 1544 - Pages: 7

Economics Project Part 1

...Project Part 1 Matthew Gist ITT Microeconomics ES2550 Roger Lignugaris April 19, 2015 Project Part 1 A. Does the United States have a comparative advantage in wingdings? Explain. It is cheaper to import wingdings than it is to produce them. If the US had a comparative advantage in wingdings, we would export them. Comparative advantage is that the countries with a comparative advantage in a certain good will specialize in and export that good. B. Discuss the effect of the tariff on the number of imports. The tariff decreases the import from 20 at the world price to 6 after the tariff.   The price increases from $6 to $8 for someone to buy a wingding in the US, which means the quantity demanded domestically is now 18 and the quantity supplied domestically is 12, which is only a shortage of 6 units that needs to be supplied. C. How did the imposition of the tariff change consumer surplus? The tariff decreased consumer surplus by the area with height 8-6 and base y = 26 and base z= 18. The area of this can be calculated by splitting the area into a rectangle and a triangle. The rectangle has an area of (8-6)x18=36 and the triangle has an area of (1/2)x(26-18)x2=8. Adding the two the consumer surplus went down by 44. D. How did the imposition of the tariff change producer surplus? Producer surplus increased after the tariff, by the area with height 8-6 and base y=6 and base z=12. The area of a trapezoid is just [(b1+b2)/2]xh, which is......

Words: 396 - Pages: 2

Nt2580:Project Part 1

...The following is a multi-layered security plan outline for Richmond Investments that will address general security solutions for the safety of the company’s data and information. The outline will state recommended security solutions for each of the seven domains of the IT infrastructure. User Domain One of the most common vulnerabilities within the User domain is the lack of awareness or concern for employees towards the security policies of the company. To minimize this vulnerability Richmond investment is requiring that all company employees participate in a mandatory refresh security awareness training every four months. These mandatory refresh classes are aimed at educating employees regarding the best practices for opening email, password creation, reminding employees of security policies that might have been overlooked the first time they received their training, and other policies that ultimately can help prevent malicious threats. Workstation Domain The most common vulnerabilities in the workstation domain include unauthorized user access, weaknesses in the software currently installed, and possible introduction to malicious software. To help minimize the risk of unauthorized access, the company will enable password protection on all the devices and recommend that all users lock the computers every time they step of the workstation. In addition, the company’s network administrator will be responsible to keep all software and applications up to date with the......

Words: 725 - Pages: 3

Nt 2580 Project Part 1

...David Ruark NT2580 Introduction to Information Security Project Part 1 Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, IT is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in: 1  Atlanta, Georgia 2  Chicago, Illinois 3  Cincinnati, Ohio 4  Denver, Colorado 5  Los Angeles, California 6  Montreal, Canada 7  New York City, New York 8  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an...

Words: 639 - Pages: 3

Nt2580 Project Part 1

...1. Network firewall The first line of defense against unwelcomed users would surely be the firewall. At one point, the use of dual firewalls from different vendors was all the rage, but DMZ is more popular today. There are actually a few different types of firewall implementations. For example, consumer-grade routers typically make use of Network Address Translation (NAT), because the identity of hosts is complicated, NAT is often said to offer firewall capabilities. 2. Virtual Private Network Employees who need to access company resources from unsecured locations such as public Wi-Fi hotspots are a mainly exposed group. A VPN channels all network traffic through an encrypted channel back to the trusted corporate network. VPN’s can be complex and is costly to support due to the overheads of authentication, processing and bandwidth. 3. IDS and IPS An intrusion detection system (IDS) is a network-centric strategy that involves monitoring traffic for suspicious activities that may indicate that the corporate network has been compromised. This may require the detection of port scans being created from within the network or excessive attempts to log into a server. The intrusion prevention system (IPS) is usually deployed in-line in order to actively prevent or block intrusions as they are detected. A specific IP address could be automatically blocked. 4. Malware Detection Malware scanning performed on client devices relies on the processing capabilities of individual......

Words: 517 - Pages: 3

Project Part 1 Nt2580

...Michael Williams Nt2580 Project Security Domains and Strategies Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. This plan will give an overview of the security strategies that will be implemented at each level of the IT infrastructure for Richman Investments. 1) User Domain   a. Use security awareness training to instruct employees of Richman Investments security policies.   b. Audit user activity. 2) Workstation Domain  ......

Words: 470 - Pages: 2

Nt2580 Project 1

...NT2580 Roxana Project 1 Multi Layered Security Plan Keeping information assets secure is challenging for any business, regardless of its size. It seems there’s no limit to the ingenuity and maliciousness of today’s cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains will increasing the security on each of those seven domains will increase the overall security of the system and create a multi layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower cases and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. Project Part 1 Multi Layered Security Plan. Richman Investments 1 General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2 User Domain A) The usage of security awareness training to instruct employees of Richman investments......

Words: 479 - Pages: 2

Wing Commander Academy (13) | windev mobile 23 | Gold Bond Ultimate Healing Lotion 14 oz