...IMPLEMENTATION ANALYSIS The full policy process is often described by the following steps: 1) problem definition 2) alternative generation 3) analysis of alternatives 4) policy adoption 5) policy implementation 6) policy evaluation While this course has focused on the first three steps, the last three steps are equally important. A thorough policy analysis will include some consideration of policy implementation, monitoring, and evaluation. The policy analyst can sketch out an implementation plan for the most highly ranked alternative(s) that considers: 1) relevant actors and their interests 2) required resources and who might provide them 3) facilitators and barriers likely to be encountered 4) reasonable time frame Implementation analysis might involve writing a "best-case" scenario and a "worst-case" scenario for each policy alternative, as well as the "most likely" outcome. The idea is to think systematically through the implementation process, identify potential problems, and develop actions that can be taken to either avert catastrophes or reduce losses. POLICY MONITORING Policy maintenance refers to keeping the policy or program going after it is adopted. Policy monitoring refers to the process of detecting how the policy is doing. To monitor a policy, some data about the policy must be obtained. A good implementation plan will suggest some ways in which ongoing data about the policy can be generated in the regular course of policy maintenance...
Words: 635 - Pages: 3
...Richman Investments Introduction to Computer Security Richman Investments Hello, my name is Max and I’m here today to give you a brief on Richman Investments “Internal Use Only” data clarification standards. I will cover what this means to the company and to you. I will also cover three different information technology infrastructure domains that we use and how these are affected by the “Internal Use Only” standard. This also applies to you the end user working here at Richman Investments. This is a vital brief to safeguard and keep all of our client’s information safeguarded from all outside sources. So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization and it is intended to never go outside of this organization. If it does, it could cause many clients’ personal information to be used by other people. The bottom line is that you are responsible to safe guard all “Internal Use Only” information by following some simple security controls that I will now go over with you (Kim & Soloman, 2012). The weakest link in an...
Words: 940 - Pages: 4
...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for employees...
Words: 1029 - Pages: 5
...For Richman Investments the users are the biggest threats so I would give access keys in various levels and to various departments. With that being said I would set renewal of password anywhere from 28 days to 6 months apart depending on department and job in the company. Have basics such as firewall and full antivirus software as well as restricted upload and download abilities. Administrators could have the option of layering security by enforcing the use of PIN numbers, hardware tokens, client certificates and other forms of secure authentication on top of AD or LDAP (Lightweight Directory Access Protocol). After implementation of several security policies, I would create a SSL(Secure Socket Layer) VPN ( Virtual Private Network) network, a form of VPN that can be used with a standard Web browser. In the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. SSL VPN doesn’t require specialized client software on the user computer. For site to site we would just use VPN to secure the network data and encrypt it for security measure. An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs. SSL Portal VPN...
Words: 427 - Pages: 2
...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to log...
Words: 461 - Pages: 2
...Acceptable Use Policy (AUP) Greetings RI Security Officer, Richman Investments expresses the acceptable and unacceptable use of the Internet and e-mail access. The following report will address the “Acceptable Use Policy” (AUP) standard at Richman Investments. All users of Richman Investments agree to and must comply with this Acceptable Use Policy (AUP). Richman Investments does not control or review the content of any Web site. However, Richman Investments may block or remove any materials that, in Richman Investments sole discretion, may be illegal, or which may violate this AUP. Richman Investments may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong. Violation of this AUP may result in the suspension or termination of either access to the Services and/or Richman Investments account or other actions as deemed appropriate. User Responsibilities: These guidelines are intended to help you make the best use of the Internet resources at your disposal. You should understand the following. 1. Richman Investments provides Internet access to staff to assist them in carrying out their duties for the Company. It is envisaged that it will be used to lookup details about suppliers, products, to access client information and other statutory information. It should not be used for personal reasons. 2. You may only access the Internet by using the Richman Investments content scanning software, firewall and router...
Words: 621 - Pages: 3
...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments. Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion...
Words: 308 - Pages: 2
...Dear Senator I am writing you concerned about the new law the city is trying to pass, which will state: there should be no violent movies or shows being showned on television between the hours of 5:00 a.m. and 10:00 p.m. I am against this law being passed for several reasons. Which I will state later, but first how about we take a trip down memory lane. When you were always outside playing or reading book, just think about all the things you did during your childhood, now think about what this generation will not know because they will not go outside if they do not have too. One is that you are taking away from the show/movies that can be shown. What will happen to those television stations that only show violent movies? Will the station be cancelled because a child that was being unsupervised or even supervised ended up watching it? Another reason being what is this law really trying to protect children against? Just because they do not see it on television does not mean bad things still won’t happen. By passing this law you are encouraging the adult in change to let them watch more television because they know what’s being showed during those hours. How will that help the future of America deal with interpersonal communication skills if they are always in front of a television instead of a book? How will they learn skills they need to survive? I do not know about you but if this law is pasted Im not only scared of what the children won’t learn but what they will learn to...
Words: 296 - Pages: 2
...Here is an outline of the general security solutions plan for the data and safety information for Richman Investments. This plan can be presented to senior management who needs this report for the month. This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and logical...
Words: 479 - Pages: 2
...The article that I read was about the FBI and how it blew $170 million dollars trying to modernize the FBI’s technology. They had a $581 million dollar budget on this transformation which they called “Trilogy”. They referred to this project as “Tragedy” because the new software that they were trying to use which is called Virtual Case File, was not in production and was said to probably never be in production. With that being said, the September 11 attacks dropped a heavy load of pressure onto the project and derailed the course that they were taking on it. I think that the information provided was great considering that this was an FBI project. There was some information that could not be released and some details that could not be discussed. Overall the article was presented in a very professional manner and I was actually kind of surprised that any issues that occur in the FBI could be discussed. It was an article that they could make a one hour show about on television. The one thing that kind of had me confused was how they could have IT workers whom they considered “not capable” of doing what they were asked to do as far as modernizing the technology infrastructure. After years of failure they did ultimately decide to take the project in another direction but to think that they wasted so much money on software that did not hold up, is just crazy. In my opinion, this article was very informational but at the same time it gives a little insight as to just how much technology...
Words: 316 - Pages: 2
...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...
Words: 428 - Pages: 2
...A controversial issue about the Dallas Cowboys being Americas Team. A controversial issue about the Dallas Cowboys being Americas Team. DALLAS COWBOYS AMERICAS TEAM By Daniel Alvarado Jr. DALLAS COWBOYS AMERICAS TEAM By Daniel Alvarado Jr. ITT Tech Comp I Shelly Dwelly August 31, 2012 DALLAS COWBOYS then and now How the Dallas Cowboys Became Known as “America's Team” The Dallas Cowboys were dubbed, “ America’s Team” however as time passed from the 1960’s to present date there has been so much controversy over why they continue with that crown. The Dallas Cowboys originated in Kansas, the team was known as the “Steers.” After a few weeks, however, the name was changed to “Rangers.” At the same time, a baseball team operated in Dallas under that name, but was supposed to fold before the 1960 football season. However,” when the baseball team decided to play one more season, Clint Murchison Jr. and Bedford Wynne, owners of the new NFL (National Football League) team, selected the name of Cowboys to avoid confusion. Most games in that time were being played in Florida where the Steelers and the Cowboys met for the Cotton Bowl. “(Chris Creamer's December 5, 2011Dallas Cowboys 1960’s to present.) Now that the Dallas Cowboys were created there would be no confusion and it would now distinguish who was who. The Cowboys have been in the NFL for many years, under different ownership to different management. One thing that many fans look at today when it comes to the...
Words: 1621 - Pages: 7
...Data classification is defined as categorizing data to make it the most efficient and effective way possible. In basic approaches to classifying data one can classify data according to its critical value, how often it needs to be accessed, etc. One example of this is by breaking down data in to multiple uses. Technical data is usually critical and often used, so storing that kind of data you would want to put it on a fast access media, as opposed to administrative or legal data could be stored on media that would not require fast access speeds. If an Engineer for a company can classify data correctly, and accurately, essential data is easier to find thus making its access faster. To successfully implement a data security program, a few things have to be considered and researched. In order to start in the right direction, you would need to perform a Risk Analysis. A Risk Analysis will identify the key critical data in a company, and determine its functionality. At the root, it is really a process of identifying all assets related to the company. It can be vary tedious depending on the structure and functionality of the company that’s conducting a Risk Analysis because of the time involved. Once you define the assets, now you would move on to what the possible threats to those resources would be. Risk Management is the proper term to describe this process. Threats could be anything from viruses, compromised passwords, etc. You would have to break into a group, for example, “System...
Words: 586 - Pages: 3
...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...
Words: 340 - Pages: 2
...Richman Investments Security Outline Welcome to Richman Investments (RI) where we strive to bring you the most secure, reliable, and available resources that we can offer. We know that work needs to be done and that most of you aren’t aware of the security procedures taking place behind the scenes. We have devised a summary of the seven domains of the company and its security model. Please take the time to read this over and understand the implications of not following company guidelines, procedures, and policies. The user domain contains the users and/or employees that will be accessing resources within the organizations information system. A user can access systems, applications and data within the rights and privileges defined by the AUP (acceptable use policy). The AUP must be followed or the user may be dismissed or have their contracts terminated. With the user domain being one of the most vulnerable aspects of any organization, there are a wide variety of user related threats ranging from lack of awareness to blackmail and extortion. Employees are responsible for their own actions when using company assets and the HR department will be doing background checks on all employees within the company to ensure integrity within the workforce. Enforcement of the user level domain will include the use of RFID badges and pins for all areas of the facility and rooms that require special access. The workstation domain is where most users connect to the organizations infrastructure...
Words: 1016 - Pages: 5
