Free Essay

7 Domains of a Typical It Infastructure

In: Computers and Technology

Submitted By Evol
Words 493
Pages 2
Week 1 Assignment 2 The “Internal Use Only” data classification standard protects the company by limiting outside access to company information such as internal memos, meetings times/lengths, or internal project reports. Where the loss of such things would likely not result in serious financial loss to the company but would in convince management and might tarnish the company’s reputation. This security policy will touch 3 main domains: User, Workstation, and Lan Domains. The “Lan Domain”, this domain will be protected by limiting access to the companies infrastructure. This will include but will not be limited to: Background checks on any and all field support technicians, and limited access for all employees to data closets and server rooms (i.e. locked doors, fingerprint scanners, etc.). These precautions will help insure the integrity of the network at the lowest level. The “Workstation Domain”, this domain includes all company workstations. Only workstations approved by and set up by the company will be allowed on the network. Absolutely NO PERSONAL DEVICES will be allowed on the network without explicet permission from IT and these devices will be set up as to allow IT full access to all files and folders on the device at any given time should the need arise. All workstations will be updated, patched, and scanned regularly. All users using these workstations will be required to first be approved by management to have an account set up. Then the user will be given a username and passcode that must meet standard strong password parameters. Removable media will not be permitted unless provided by the company for official use only. Lastly AD groups will be used to control which users have access to what data on the network to ensure only users with proper authorization will have access to data in question. The “User Domain” will use an “Acceptable Use Policy” to define what users and vendors can or cannot do with any company data they have access to. This policy will be signed and acknowledged before anyone (non-negotiable) is to gain access to any part of the company’s network. This policy will also cover what users are allowed to do on company workstations such as which websites are acceptable to use at work, media streaming, social networking, etc. This will protect the company’s network at the most vulnerable level, the user level. With these policies in place the company’s network will be protected from both internal and external threats to misuse of internal data. Any violation of these policies will be handled as needed by administration depending on the severity of the infraction and could result in termination of the user. IT is solely responsible for enforcing the polices at the LAN and Workstation domains, with the help of management to enforce the policies at the User level. Security awareness training will be provided once a year to ensure all end users are aware and understand the policies set in place.

Similar Documents