...Security Management Policy for Acceptable Use Student Name: Jonathan Duarte Student Banner ID: 900421269 Date: 2/4/2016 Overview In this lab, you defined an AUP as it relates to the User Domain, you identified the key elements of sample AUPs, and you learned how to mitigate threats and risks with an AUP. Lab Assessment Questions & Answers 1. What are three risks and threats of the User Domain? Threats: * Lack of user awareness * User inserts CDs and UBS drives and personal photos, music, and videos. * Lack of knowledge Risks: * User destruction of systems, application, or data * Stolen Data * Stolen Software/Application 2. Why do organizations have acceptable use policies (AUPs)? * It is because so they can protect the security of a network/organization * Prevent users from getting viruses * Prevent user and organizations to open their systems and network to attacks * Consequences an organization or employee may face * Informing users of acceptable behavior and the use of computers/networks. 3. Can Internet use and e-mail use policies be covered in an acceptable use policy? * Yes they can! Because it’s for the safety of employees and the organization itself. * It’s so the organization is protected at all times. 4. Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the User Domain? * Because you cannot control the User Domain. 5. Will the AUP apply to all levels...
Words: 500 - Pages: 2
...Unit 5 Assignment 2: Define an Acceptable Use Policy(AUP) LAN-WAN is where the IT Infrastructure links to a wide area network and internet. * Monitoring software and controls for possible intrusion * Apply a email server antivirus (also applies for attachments). * Disable port scanning and pinging for exterior devices. * Denial of outbound traffic using source IP addresses. * File transfer monitoring Web Surfing and the Usage of the internet * Apply a domain-name content filter at internet access points * Employees will possibly lose productivity while searching the web for non-work related material(Facebook, YouTube, etc). The possible cons of putting a limitation on web surfing is that employees may lack the tools necessary to find information. Certain filters would be applied to where everyone will not be able to use certain sites that may prove useful to them. For example if they receive a call from a customer regarding something they have no access to looking up. They will not be able to provide an answer to satisfy the consumer. One the other hand, it could prevent a loss of productivities from employees using social media sites such as Facebook, and Myspace. It could also help to prevent possible virus and malware infections. Usage of email are covered in the email usage policy Richman Inv. Employees: * No peer-to-peer file sharing or externally reachable file transfer protocol servers * No downloading executables from known software...
Words: 337 - Pages: 2
...Unit 5 Assignment 2: Define an Acceptable Use Policy (AUP) Acceptable Use Policy Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic. LAN – WAN is where the IT infrastructure links to a wide area network and internet. For Security (Administrators and Managers) - Security monitoring controls for intrusion - Apply email server and attachment antivirus and email quadrating for unknown file types - Disablement for ping, probing, and port scanning on all exterior IP devices - Denying of outbound traffic using source IP addresses - Apply file transfer monitoring, scanning and alarming for unknown file types Web Surfing is the usage of the internet browsing a series of web browsers For Security (Administrators and Managers) - Apply domain-name content filtering at the internet entry/access point - Employees may lose productivity while searching web for no work related material Cons putting a limitation to web surfing may cause the employee to lack independence of finding information. What if they need to look up an answer to a customers’ question and has to find it on the web? Pros not using the internet could prevent a wide variety of viruses and the company is only allowed to use their company accounts to send out emails to customers. Guidelines to usage of email are covered under email usage policy Richman Investment Employees: Certain traffic is expressly forbidden: - No peer-to-peer file...
Words: 339 - Pages: 2
...Impact of a Data Classification Standard | Unit 1 Assignment | Domain This Domain is where only one user will have entrance to it. This can be configured to internal usage only. By default, the IT department tries to sustain a certain level of Security for this, so that nobody can enter from the outside, only the IT Department may grant access privilege for Remote Access. The User Domain will enforce an acceptable use policy (AUP) to define which user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the safekeeping of the environment. 2. LAN Domain The Local Area Network Domain is a group of computers that are all connected to a single LAN domain. The LAN Domain is a collection of computers connected to each another or to a common medium. All LAN domains have data closets, physical elements of the LAN, and logical elements as designated by authorized personnel. It involves strong security and access controls. This domain can access company-wide systems, applications, and data from anyplace within the LAN. The LAN support group is in control of maintaining and securing the domain. The biggest threat to the LAN domain is an Un-authorized access to anything on the network. For example: LAN, the systems, and data. One thing we can do is require strict security protocols for this domain, such as disabling all external access ports for the workstation. This would cause a no access...
Words: 358 - Pages: 2
...CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-2-case-study-1-acceptable-use-policy/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY CIS 462 WK 2 Case Study 1 - Acceptable Use Policy An Acceptable Use Policy (AUP) is a very important policy within organizations to define acceptable employee behavior when accessing company resources. Additionally, there are also legal implications within AUPs. Use an existing AUP that you are familiar with, such as from a current or previous workplace, or search on the Internet for an example AUP to complete this case study. Write a three to five (3-5) page paper in which you: 1. Describe the purpose of an Acceptable Use Policy you have selected and explain how the AUP helps provide confidentiality, integrity, and availability within the organization. 2. Critique the AUP you selected and provide recommendations for improving the AUP. 3. Explain methods that organizations can implement to help ensure compliance with the AUP, mitigate their risk exposure, and minimize liability. Describe how your selected AUP accomplishes these goals. More Details hidden... Activity mode aims to provide quality study notes and tutorials to the students of CIS 462 WK 2 Case Study 1 Acceptable Use Policy in order to ace their studies. CIS 462 WK 2 CASE STUDY 1 ACCEPTABLE USE POLICY To purchase this visit here: http://www.activitymode...
Words: 688 - Pages: 3
...------------------------------------------------- Week 1 Laboratory Part 1: Craft an Organization-Wide Security Management Policy for Acceptable Use Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Define the scope of an acceptable use policy as it relates to the User Domain * Identify the key elements of acceptable use within an organization as part of an overall security management framework * Align an acceptable use policy with the organization’s goals for compliance * Mitigate the common risks and threats caused by users within the User Domain with the implementation of an acceptable use policy (AUP) * Draft an acceptable use policy (AUP) in accordance with the policy framework definition incorporating a policy statement, standards, procedures, and guidelines Part 1 – Craft an Organization-Wide Security Management Policy for Acceptable Use Worksheet Overview In this hands-on lab, you are to create an organization-wide acceptable use policy (AUP) that follows a recent compliance law for a mock organization. Here is your scenario: * Regional ABC Credit union/bank with multiple branches and locations thrrxampexoughout the region * Online banking and use of the Internet is a strength of your bank given limited human resources * The customer service department is the most critical business function/operation for the organization * The organization wants to...
Words: 639 - Pages: 3
...Unit 1 Assignment 2: Impact of a Data Classification Standard The "Internal Use Only" data classification standard at Richman Investments includes basic IT infrastructure domains such as User Domain, Workstation Domain, and the LAN Domain. This will surround all users and their workstations, as well their access to the internet and company server databases and any information in between. The User Domain identifies the people who access an organization's information system. One way would be to implement what’s called an acceptable use policy or (AUP) to define what each user can and cannot do with any company information if they have access to it. That also goes for any outside company or third-party representatives to agree and comply with the AUP. All users must be properly identified and sign this AUP before gaining any access to the company network. It is best to avoid security policy violations. The Workstation Domain includes all computers and workstations that are approved on the company network. Only approved devices can be used at a workstation or within the network. Any devices not approved or any unauth will be issued by the company for official use only. To access any workstation, a user will need to be first verified, then setup with an account to be logged in with a username and password assigned by the IT departments set by Richman Investments. All systems will undergo regular updates and be provided with anti-virus and anti-malware software for system...
Words: 304 - Pages: 2
...Acceptable Use Policy (AUP) Definition After research and careful consideration of some of the other policies listed by other companies such as AT&T, Sprint, T-Mobile, and Verizon Wireless, Richman Investments has come up with the an acceptable use policy (AUP). The following are not allowed at any time: Making of unauthorized promises in e-mail. All emails should have a footer which states that the messages are from the sender only and do not represent the decisions or policies of Richman Investments. Using company resources or web services to visit web sites which contain inappropriate material is prohibited. This includes pornography, sexually oriented material, or sites which promote or depict discrimination, violence, or illegal activities. In addition, it is no longer allowed to have big attachments to multiple recipients in the organization will be enforced. This can tie up the system during a busy point in the day which could end up keeping the company from making profitable decisions. In addition, no jokes or humorous items on Richman Investments email system. These emails may not be considered funny to some, therefore will not be allowed by any. Making statements concerning race, sexual orientation, disability, religion, or national origin are prohibited. These statements could be seen as harassment by either the person receiving it or by other people that may see it. Use of company email to support inappropriate activities is not allowed. Checking a doctor’s...
Words: 324 - Pages: 2
...Research the following questions and then discuss the questions with your classmates on the forum: * What is the purpose of security policies, and why do organizations need clear and concise policies for the proper use of employer-owned equipment and services? * What is the importance of an effective acceptable use policy (AUP) for a user and an employer? Be sure to include examples from your research to substantiate your responses. Participation Requirements: Discussion forums improve the online learning process by allowing students to engage in meaningful discourse. You can increase your participation grade by following these guidelines: * You should post your responses to the above questions and then respond to a minimum of two of your classmates' posts. Take a position on each question and justify your opinion on the basis of the textbook, the lesson, documents found in the ITT Tech Virtual Library, and your personal or professional experience. The quality of your submissions is a critical element in the evaluation process. Your submissions should not be of the type that state "I agree" or "Good post" as these responses neither have substance nor give any new information for a productive discussion. * If possible, share your own subject-related job experience. Remember, the goal is to learn from the experience of others. * Post your initial reply earlier in the week to maximize the opportunity for thoughtful exchanges between you and your classmates...
Words: 534 - Pages: 3
...AAA. Policy BBB. GuidelineCCC. Standard DDD. Code 268. Each of the following is a guideline for developing asecurity policy except ______. AAA. notify users in advance that a new security policy is beingdeveloped and explain why the policy is needed BBB. require all users to approve the policy before it isimplementedCCC. provide a sample of people affected by the policy with anopportunity to review and comment DDD. prior to deployment, give all users at least two weeks toreview and comment269. Each of the following is what a security policy must doexcept _____. AAA. balance protection with productivity BBB. be able to implement and enforce it CCC. state reasons why the policy is necessary DDD. be concise and easy to understand270. Which of the following should not serve on a securitypolicy development team? WW. Senior level administrator XX. Member of the legal staff YY. Member of management who can enforce the policy ZZ. Representative from a hardware vendor 271. Which policy defines the actions users may perform whileaccessing systems and networking equipment?AAA. End user policy BBB. Internet use policy CCC. User permission policy DDD. Acceptable use policy 272. _____ may be defined as the study of what peopleunderstand to be good and right behavior and how people make those judgments. SS. Morals TT. Values UU. EthicsVV. ...
Words: 560 - Pages: 3
...compliant with standards and laws, classification, encryption, security, protocols, and the use of mobile devices. The implementation of access controls in your WLAN will assist in making your environment a little more secure than without. Utilization of the Acceptable Use Policy (AUP), will instruct staff members and students on how to utilize WLAN correctly by law, policies, and standards. Any individual that is not compliant will be subject to disciplinary measures by the school district. Staff members will use access control Role Base Access Control (RBAC), using this control will assign user rights based on the user’s job specification within the school. As for the student body, students will be issued temporary usernames and passwords that will be issued quarterly. Students will have minimum accessibility to files, folders, and services. All accounts are subject to being audited at any given moment notice. There will always be risk involved with any network. Deploying WLAN in a school environment will be a concern with security always. The protection of data will be vital to the security of the WLAN structure. The school must adhere to any and all laws (state and federal), regulations and policies to avoid all fines, loss of data and potential of being shut down. The infrastructure must contain dual firewalls, ACLs and encryption to provide that extra security to ensure data safety. Remote access and VPN access will only be granted by the CIO to...
Words: 499 - Pages: 2
...IS4550: Security Policies and Implementation Mr. Shane Stailey Edy Ngou Date: 09/20/2015 Lab week 1: Organization Wide Security management AUP worksheet ABC Credit Union Acceptable Use Policy Policy Statement The acceptable Use Policy is to ensure compliance with laws such as the Gramm-Leach-Bailey Act (GLBA) and the Federation trade commission (FTC). This policy is also to assist the Credit Union ensuring information technology (IT) security best practices with regard to it associates. Purpose / Objective The purpose of ABC Credit Union’s acceptable use policy is to define requirements for Credit Union acceptable use policies, and define the acceptable and unacceptable uses of computer equipment, internet / intranet / extranet related systems, and email by ABC Credit Union associates in the performance of their duties. This policy requires that all Credit Union electronic information systems be used for Credit Union business with minor exceptions. These rules are in place to protect the associates and ABC Credit Union. These objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale law, so that employees are constantly being replaced. Scope This policy applies to associates, contractors, consultants, and other workers at ABC Credit Union, including all personnel affiliated with third parties. Also this policy applies to all...
Words: 461 - Pages: 2
...Unit 9 Lab Recommend IT Security Policies to Help Mitigate Risk IS3350 1. Which IT assets did you prioritize as critical to administrative or student computing? I prioritize the file servers and the teachers’ notebook as critical to administrative and student computing. 2. List your top five (5) risk exposures for which you believe this school should have specific risk mitigation strategies. - No firewall - Unauthorized access to school computers - Open connections on the WLAN. - The principals traveling notebook can carry a virus - wireless access security 3. Given the potential risks that you identified, what IT security policies would you recommend be created by the school to help mitigate each of the identified risk exposures you listed in #above? I would say create an AUP and a policy that implements the encryption of the file servers. First and foremost a comprehensive security policy that takes into consideration the variables and factors at the school. This includes students, teachers, physical access, layout of the school and property, security measures as defined by FERPA, HIPAA, etc. A password policy needs to be in place that stresses complexity, minimum length (recommendations) and recycling or expiring passwords. This could be accomplished with a minimum length of 8 characters, one being a capital letter, one being a number, and one being a special character. Physical security should be setup in a way that there are locked...
Words: 350 - Pages: 2
...Keith Brown (12110924) Mr. Marquez Security Policies Lab 4 Assessment Questions 1. Answer: * User Domain- AUP, Confidentiality Agreement, Background Checks on Employees, Disciplinary Actions * Workstation domain- Vulnerability Management, configuration Management, Security controls * LAN Domain- Vulnerability Management, Configuration Management, Security Controls, Data Back-up, Business Continuity/Disaster Recovery, Networking * LAN-to-WAN Domain- IP Networking, DNS, E-mail, Web, Remote Access via Internet, Internet Access, DMZ, VPNs, Secure Connectivity * WAN Domain- Service Providers SLAs, Managed Security Services, Monitoring, Reporting, etc. * Remote Access Domain- Secure Remote Access through Internet, Remote from Home, etc * Systems/Application Domain- Vulnerability Management, Configuration Management, Security Controls, Data Back-up, Business Continuity/Disaster Recovery, Networking 2. Answer: The User Domain- Human Resources personnel and the CEO or president of the organization are required to provide proper authority and disciplinary roles and responsibilities for policy implementation and enforcement. 3. Answer: Separation of duties is a security control put in place by accounting and IT professionals whereby the same person cannot define, approve, and implement and action of the organization. 4. Answer: This helps mitigate risk by eliminating the possibility that the same person can perform and hide...
Words: 459 - Pages: 2
...IS4560 Lab 9 1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Inform the IT help desk to have the user cease all activity on the workstation and to wait for you to arrive at the physical desktop location. The workstation must first be physically disconnected from the network leaving it physically isolated but now powered off. It should be left in its steady-state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics, footprints, and other malicious activity must be kept in its steady-state untouched. Forensic images of the logs should be performed along with a memory forensics scan. Anti-virus and anti-malicious software removal tools can be enabled from a CD-drive 2. When an anti-virus application identifies a virus and quarantines this file, does this mean the computer is eradicated of the virus and any malicious software? No, many times virus and trojans can leave residuals or wreak havoc on other processes. It is important to note that the quarantined file is never off the computer until cleaned out or deleted – it’s like putting the unknown file in a holding tank until you can assess what it is and how to eradicate. 3. Where would you check for processes and services enabled in the background of your Student...
Words: 712 - Pages: 3
