Premium Essay

Intro to Information Security

In: Computers and Technology

Submitted By pixiestick45
Words 727
Pages 3
Into To security

Project Part 1: Multi-Layered Security Plan:
As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan:

User Domains:
Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs.

Workstation Domains:
These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define workstation operating system vulnerability window policy definition, and deactivate all media ports
LAN (Local Area Network) Domain:
The users in this layer manage and maintain both the physical and the logical. Physicals would include the cabling, NIC (network interface cards) cards, and LAN switches. Users in this group maintain and support the departments file and print services and configure

Similar Documents

Premium Essay

Intro to Information Security Notes

...Responses on port 80= a web service is running. HTTP Port 443- HTTPS To run port scans all you need is access to the LAN and/or subnet Technet.microsoft.com/en-us/security/advisory Mitigate vulnerabilities Threats are things you have to respond to effectively. Threats are controllable Risks are manageable Vulnerabilities can be mitigated All affect the CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are getting...

Words: 907 - Pages: 4

Premium Essay

Cmgt 400 Intro to Information Assurance & Security

...Introduction These past few years have been distinct by several malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation...

Words: 1123 - Pages: 5

Free Essay

Itil 2011 Foundations Study Guide

...ITIL Study Guide | | | | ITILFND01 Service Management as a practice The purpose of this unit is to help the candidate to define Service and to comprehend and explain the concept of Service Management as a practice. 01-1. Describe the concept of Good Practice (SS 1.2.2) 01-2. Define and explain the concept of a Service (SS 2.2.1) 01-3. Define and explain the concept of Service Management (SS 2.1) 01-4. Functions and Processes (SS 2.3, 2.6.1, SD 2.3, SD 3.6.4, ST 2.3, SO 2.3, 3.1, CSI 2.3) 01-5. Explain the process model and the characteristics of processes (SD 2.3.2, 3.6.4) The recommended study period for this unit is minimum 45 minutes ITILFND02 The Service Lifecycle The purpose of this unit is to help the candidate to understand the value of the Service Lifecycle, how the processes integrate with each other, throughout the Lifecycle and explain the objectives and business value for each phase in the Lifecycle 02-2. Structure, scope, components and interfaces of the Service Lifecycle (SS 1.2.3 All ) 02-3. Account for the main goals and objectives of Service Strategy (SS 1.3) 02-4. Account for the main goals and objectives of Service Design (SD 2.4.1, SD 3.1) 02-5. Briefly explain what value Service Design provides to the business (SD 2.4.3) 02-6. Account for the main goals and objectives of Service Transition (ST 2.4.1) 02-7. Briefly explain what value Service Transition provides to the business (ST 2.4.3) 02-8. Account for the main goals and...

Words: 1961 - Pages: 8

Premium Essay

It/244 Week 1

...Student Name: Philip J. McCarthy UNIVERSITY OF PHOENIX IT/244 INTRO TO IT SECURITY Instructor’s Name: JAMES SERSHEN Date: 04/18/2012 1. Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1.1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Company I have chosen is, The Bloom Design Group. The Bloom Design Groups mission is to provide online interior design services to its customers. The company offers their customers interior design services. What sets this company apart from others is that they have a website that allows customers a chance to design and decorate their rooms to their liking in a virtual environment before spending their money. The option provided for their customers is a virtual decorating tool. With this tool customers can play around with various color schemes for each room’s floor and ceilings, as well as customizing furniture as well. Then employees are able to access the corporate network through a VPN collection to access their client files, in order to place electronic orders for the design materials and furniture. 1.2. Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. Program-Framework security policy is the best overall for this type of company. As The Bloom...

Words: 924 - Pages: 4

Premium Essay

Google

...Intro Intro Swot BalancedScorecard Conclusion Corporate finance 2 Ngoc-Viet Vo Binh-Duong Doan Yuming Hao Huili Liu Noelia Martin Plaza Khurram Shahzad © 2010 - GMP IAE LYON 3 Intro Intro Swot BalancedScorecard Conclusion Plan Intro Swot Scorecard Conclusion Plus Introduction SWOT Analysis Balanced Scorecard Strategies & Indicators GMP Corporate Finance Plus Conclusion 2 Intro Intro Swot BalancedScorecard Conclusion introduction 3 Intro Intro Swot BalancedScorecard Conclusion Introduction Intro Swot Scorecard Conclusion Plus GMP Corporate Finance Plus Google is a global technology leader focused on improving the ways people connect with information. Incorporated in California in September 1998 and reincorporated in Delaware in August 2003. Headquarters are located at 1600 Amphitheatre Parkway, Mountain View, California 94043 4 Intro Intro Swot BalancedScorecard Conclusion Introduction Intro Swot Scorecard Conclusion Plus Mission: Google’s mission is to organize the world’s information and make it universally accessible and useful GMP Corporate Finance Plus Major Products: Google Web Search with Advanced Search Functionality Web Page Translation—supports 41 languages Integrated Tools—such as a spell checker, a calculator, a dictionary and currency and measurement converters Google image and book search Google Scholar Google Finance Google webmaster...

Words: 1119 - Pages: 5

Premium Essay

It/244 Final

...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...

Words: 1790 - Pages: 8

Free Essay

Swear as Mechanism to Pain

...Chapter 2 OPERATING SYSTEM CONCEPTS SYS-ED/ Computer Education Techniques, Inc. Solaris System Administration: Introduction Operating System Concepts Objectives You will learn: • Operating system components. • Solaris usage of processes. • File management and file systems. • Use of the Solaris Management Console. SYS-ED/COMPUTER EDUCATION TECHNIQUES, INC. (Solaris – System Admin: Intro - 6.5) Ch 2: Page i Solaris System Administration: Introduction 1 Operating System Concepts Operating System: Definition An operating system is the set of programs that controls a computer. The core of the operating system is the kernel. The kernel is a control program that functions in privileged state that allows all hardware instructions to be executed. It reacts to interrupts from external devices and to service requests and traps from processes. The kernel creates and terminates processes and responds to requests for service. Operating systems are resource managers. The main resource is computer hardware in the form of processors, storage, input/output devices, communication devices, and data. Operating system functions include: • Implementing the user interface. • Sharing hardware among users. • Allowing users to share data among themselves. • Preventing users from interfering with one another. • Scheduling resources among users. • Facilitating input/output. • Recovering from errors...

Words: 2421 - Pages: 10

Premium Essay

Cmgt 244 Entire Course

...DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week...

Words: 522 - Pages: 3

Premium Essay

Cmgt 244 Entire Course

...244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT...

Words: 532 - Pages: 3

Premium Essay

Xbrl

...accounting + auditing Intro to XBRL Patricia Francis xbrL Is resHApING tHe FINANcIAL reportING LANDscApe WorLDWIDe, AND LooKs set to Do tHe sAme IN mALAYsIA oNce FuLLY ImpLemeNteD bY LocAL reGuLAtors AND busINesses. Are You xbrL reADY? The objectives of SSM’s SDP II are: • To enhance delivery and improve accuracy of information; • To achieve a standardised and consistent mode of reporting with enhanced analytical capabilities; • To promote data usability and exchange flow with external stakeholders. According to Nor Azimah, SSM also promotes the adoption of XBRL as a nationwide format to be used by key agencies such as the Inland Revenue Board (LHDN), Securities Commission (SC) and Bursa Malaysia and the building of extension taxonomies by the mentioned agencies. The said adoption will provide SSM, other regulators and businesses with detailed data which can be aggregated and made available to stakeholders in the form of industry analysis for industrial benchmarking. The move to XBRL-based reporting is also in line with plans to transform Malaysia into a digital country by 2020, as XBRL reports form part of the digital reporting chain. At the recent Digital Malaysia Press Conference held on 5 July 2012 by the Ministry of Science, Technology and Innovation (MOSTI) along with Multimedia Development Corporation (MDeC), Datuk Badlisham Ghazali, CEO of MDeC told the media that Digital Malaysia will help drive automation and technology adoption to ensure productivity and...

Words: 2550 - Pages: 11

Premium Essay

Computer Network

...servers of Windows and Linux to explode their vulnerabilities.. The use of these codes or malware in the form of viruses, worms, time bombs or any peculiar name this individuals use to give to their destructive toys, are a major concern to the protection of confidential information. Data so sensitive that in their majority is composing of identity, credit, and property information so well collected and compiler that is plenty for the creation of a clone of a company or a person. These identity theft atrocities are not limit to the software and information appropriation; also the attacks diminish computer performance, affecting their velocity and cause computers to crash. The CIO should possess a compendium of way’s to defend his network, and a rapid decision capability to take decisions in a short time period. Furthermore, in general terms security; as we can define “ the act of provide a sense or protection against lost, attack or harm”, can use or integrate a complete protection plan. Depending on the resources of the company the integration of a security plan that can integrate “the five pillars of security IT security operation: policy and audit management, access management, infrastructure and hardware security and incident response.” The real world presents to us a different situation, when in like this case a medium-sized company with not all the clear budget to establish these functions should operate in a more reduce platform of operations with reduce budget, equipment,...

Words: 591 - Pages: 3

Free Essay

Training Schedual

...TRAINING SCHEDUAL DATABASE Eilean L. Greene Dr. Jon Drake Washington Adventist University Healthcare Systems Analysis June 22, 2014 Table of Contents Table of Contents 2 Abstract 3 Referance………………………………………………………………………………………….8 Appendix………………………………………………………………………………………….9 Abstract This essay will focus on the requirements needed to build a database for the scheduling process, the advantages and disadvantages of moving the schedule to a database .I will define referential integrity and how this database concept ensures that the relationships between tables remain consistent and whether or not the advantages outweighed the difficulty of setup. The requirements to build a database design for scheduling are tables, records, primary key relationship that will make up the database. The database is a relational one as defined by the primary key. The advantages of moving this scheduling to database is reduction in data redundancy, decreases in updating errors and increased consistency along with greater data integrity. Lat but not least I will discuss the ethical issue of change over to an automate system. I have created a graph of the database along with an access database. . TRAINING SCHEDUAL DATABASE This essay will focus on the requirements needed to build a database for the scheduling process, the advantages and disadvantages of moving the schedule to a database...

Words: 1357 - Pages: 6

Premium Essay

Cyber Security Plan

...Project Intro/Definition 1. Cyber security is a type of technology where it takes preparatory measure to ensure user protection and information privacy. (http://www.idigitaltimes.com/cybersecurity-information-sharing-act-advances-senate-heres-why-apple-twitter-485485) Cyber security growing challenges (2 prominent topics) Complexity of the joined environment * The technique with movement of the web is represent by a huge measure of data. * The advanced economy dynamically depends on upon boundless measures of computerised data that are made through money related trades, diversion, communications, travel, web filtering, shopping and a few other routine activities. * Threats in the cyber world will continue concentrating on the weakest joins in any puzzling web of business associations or government methodology, which means partners in cyber security, tries having a shared part in guaranteeing the structure and the information that course through. Threats are moving to the mobile sphere * Mobile phones contain a considerable measure of individual information. * In this new advanced time, there is variety of components and applications that is highly important and valuable, however near to these utilities for user is the probability for new vulnerabilities or open entryways for breaches. * As cyber threats continuously target mobile phones especially smartphones, which is a booming trend for the past few years, data security transforms...

Words: 567 - Pages: 3

Premium Essay

Disaster Recovery Plan

...Phoenix IT/244 Intro to IT Security Katarina Brunski October 14, 2013 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Authentication Authentication establishes the identity of a user on a network. Malicious user and programs try to disrupt the service of the network in an attempt to obtain sensitive information or falsify data by mimicking valid persons. Differentiating the malevolent from the valid or appropriate individuals is a part of the authentication process and is vital to network security. Every worker will have photo access badges that will be coded to either allow or disallow personnel from certain areas. The access badges will only allow the workers into areas that they are cleared to enter, and when they enter those areas, the times will be logged. Workers will access to the network by having a unique username and password that is not to be shared with anyone else, at all. Access control strategy Discretionary access control This is to permit the right to use the system only to users who have correct authorization. Least privilege is basically having things on a need to know basis. The entry-level worker does not need to be privileged to the same information and access as the senior IT director. Least privilege will allow the user to access only the information that they need to do their job. The IT director will be the owner of information and based of...

Words: 622 - Pages: 3

Premium Essay

It/244 Appendix C

...Associate Level Material Appendix C Introduction Student Name: Pete Lorincz University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tom Joseph Date: June 10, 2012 Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1 Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Bloom Design Group which provides services throughout the globe and has two locations in the United States, located in Los Angeles, and New York. The corporate office is located in New York. The company offers customers a virtual decorating tool for their clients to create their specific designs. The website allows the interior designers to access the client files and company style guides along with the ability to electronically process orders for design materials and furniture. A secure login and password is required from the designers to access the website and its many features. The employees work remotely to access the corporate network use a VPN. 2 Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. The implementation of the system-specific policy would be the proper choice for Bloom Design Group. The system-specific policy is...

Words: 664 - Pages: 3