Free Essay

It255 Project

In: Computers and Technology

Submitted By jluke4444
Words 779
Pages 4
Part I
The following outline presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization.

User Domain
At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility.

Workstation Domain
The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations will have up-to-date application software and security patches conferring to company guide lines. As part of the workstation security strategy IT will disable the auto-play feature and will enable automatic scan for any external devices that may be connected to the machine. This measure will ensure the content is secure.

LAN Domain A priority to the LAN domain is proper security of physical equipment. Only authorized personnel are allowed to gain access into the servers’ room. In addition, these personnel must sign in and out on a log book to keep record and control of who access the room. The wireless access point will use WPA2 enterprise security encryption and disable the broadcast SSID to make sure only authorized personnel is able to access the network wireless.

LAN-to-WAN Domain Another important security measure applies to the LAN-to-WAN domain. It is imperative to apply strict security controls to monitor the inbound-outbound traffic and prevent any malicious or irregular admission. The plan will require a periodic series of post configuration penetration tests of the layered security solution within the LAN-to-WAN domain. As part of the security strategy of LAN-to-WAN domain an antivirus will scan all attachments to identify any tread.

WAN Domain The use of the VPN (Virtual Private Network) channels will safeguard communication using an encrypted configuration. The use of internet for private communication without encryption will be prohibited.

Remote Access Domain For remote and mobile users, the security strategy will entail the encryption of the hard drive. In addition, periodic security passwords changes will be established. Also, automatic block for attempting multiple logs will be applied.

System Application Domain As part of the multi-layered security plan, it is necessary to develop a disaster recovery plan that specifies the recovery of critical information and data. Periodic backups will be schedule as well as the conversion of records to digital data for long term storage.

Part II

The purpose of this document is to describe a security plan throughout the company and a method to secure the network and communications of Richman Investments. It has come to my attention that the company security policy is outdated and differs between branches. Due to the large increase of employees it is vital to update the security policy.

This proposal is centered on the use of a Virtual Private Network (VPN). It offers secure communications between sites over the internet. Besides being an inexpensive way of securing data traffic, it also facilitates users to connect safely from a remote location to the company’s network. This aspect of VPN increases productivity and ensures efficiency. It is recommended to use the VPN technology secure sockets layer (SSL) protocol. The benefit of this protocol is the level of verification which provides encrypted communication sections between the authentication server and the client. To obtain a secure access it is necessary to install an authentication certificate and software that will act as a connection gate between the client’s computer and the server. The SSL protocol verification process consists of two phases; first the server sends a response to the clients’ requests with a public certificate. Second, the clients respond with the master key to which the server will reply asking for username and password and then grant access.

Similar Documents

Free Essay

It255 Project 2

...Personal Communication Devices and Voicemail Policy 1.0 Purpose This document describes Information Security's requirements for Personal Communication Devices and Voicemail for Richmond Investments. 2.0 Scope This policy applies to any use of Personal Communication Devices and Richmond Investments Voicemail issued by Richmond Investments or used for Richmond Investments’ business. 3.0 Policy 3.1 Issuing Policy Personal Communication Devices (PCDs) will be issued only to Richmond Investments personnel with duties that require them to be in immediate and frequent contact when they are away from their normal work locations. For the purpose of this policy, PCDs are defined to include handheld wireless devices, cellular telephones and laptop wireless cards. Effective distribution of the various technological devices must be limited to persons for whom the productivity gained is appropriate in relation to the costs incurred. Handheld wireless devices may be issued, for operational efficiency, to Richmond Investments personnel who need to conduct immediate, critical Richmond Investments business. These individuals generally are at the executive and management level. In addition to verbal contact, it is necessary that they have the capability to review and have documented responses to critical issues. 3.2 Bluetooth Hands-free enabling devices, such as the Bluetooth, may be issued to authorized Richmond Investments personnel who have received approval. Care...

Words: 598 - Pages: 3

Premium Essay

It255 Final Project

...Project part.2 Corporate security policy (7) Dear Richman Investments Senior Management – It has come to my attention that your corporate security policy for the firm is out of date and that it needs to be updated. In my time here as an intern I have reviewed the security policy and revised it to keep up with all of the technological updates going on in the internet world today. I was assigned this project and being that we have 5000 employees operating in different locations and different parts of the country; I have noticed that some of the other branches do not follow the firms’ policies as they should. Some branches operate on their own policies. I have drafted up a new and improved corporate security policy that covers emails, mobile devices, computer usage, email retention policies, passwords, etc. I hope this will help streamline our security policy across the board so that everyone is on the same page and so there is no misinterpretation of the firm employee or otherwise. RICHMAN INVESTMENTS CORPORATE SECURITY POLICY Use of Phone and Mail Systems Personal use of the telephone for long-distance and toll calls is not permitted. Employees should Practice discretion when making local personal calls and may be required to reimburse The Firm for any charges resulting from their personal use of the telephone. The mail system is reserved for business purposes only. Employees should refrain from sending or receiving personal mail at the workplace. To...

Words: 1596 - Pages: 7

Premium Essay

Project Part 1 It255

...G. Angel Bautista Professor Abernathy IT 255 20Apr2012 Security is a fundamental aspect of any network infrastructure. The goal is to always have the most up to date programs and protocols to ensure the protection of the network. No aspect is too small to over look. That could mean the difference between a secure network and a compromised network. The best way to achieve this is to break down every level and approach each one as a separate entity and secure it. Then you can modify it to suit the needs of your network. We can start with the Application layer. The Application layer provides the interface to the user. First the end user should be subjected to a background check to ensure against any potential malicious or questionable acts in the users past. Then the end user should be properly trained in the use of the computer and the proper protocols to access the network. Updates should be made frequently to keep the user up to date. When the user is in the network, make sure that any unnecessary devices, USB ports and any back doors are disabled. You also want to make sure that all files and emails and downloadable attachments are all thoroughly scanned prior to downloading. Finally, be sure to ensure content filtering, and restrict the end user to only what pertains to their primary function. The Presentation layer is responsible for encoding and decoding data that is passed from the application layer to another station on the internetwork. You must first ensure......

Words: 810 - Pages: 4

Premium Essay

It255 - Project Part 1

...Multi Layered Security Plan Richman Investments This Multi layered security plan will give you a brief overview of the security strategies that will be implemented at each level of the companies IT infrastructure. The usage of security awareness training to instruct employees of Richman Investments security policies, auditing of user activity will be implemented at the User Domain level of the infrastructure. The usage of antivirus and anti malware programs on each user computer, strict access privileges to corporate data and the deactivation of media ports will be put in place at the Workstation Domain of the infrastructure. Utilizing network switches, encryption to wireless access points using WPA 2 security shell encryption, as well as securing server rooms from unauthorized access will be implemented at the LAN Domain level of the infrastructure. The closing off unused ports using a firewall to reduce the chance of unwanted network access, monitoring inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent, running all networking hardware with up to date security patches, and operating systems with be set in place within the LAN to WAN Domain structure. Enforcing encryption, and Virtual Private Network (VPN) tunneling for remote connections, configuring routers, and network firewalls to block ping requests to reduce chance of denial of service (DOS) attacks, enforcing anti virus scanning of email attachments, Isolating......

Words: 306 - Pages: 2

Free Essay

It255 Project Part 1

...Richman Investments Security Outline Richman Investments has experienced an increase in security breaches that have resulted in the loss of company proprietary information and damage to systems due to many virus and Trojan Horse infections. The following outline contains some of the security mitigation proposals to be implemented shortly. This is just a basic plan for the moment and if security breaches continue, more stringent policies will be installed. The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain. 1.) User domain proposal: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on Acceptable use policy (AUP) monitoring and compliance. 2.) Workstation Domain proposal: Use workstation antivirus and malicious code polices, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 3.) LAN Domain (including wireless LANs) proposals: Implement encryption between workstations and Wireless Access Points (WAPs) to maintain confidentiality. 4.) LAN-to-WAN Domain proposal: Conduct post configuration penetration tests of the layered security solution within the LAN-to WAN Domain. Test inbound and outbound traffic and fix any gaps. 5.) Remote Access Domain proposal: Apply first-level (i.e., user ID and password)......

Words: 335 - Pages: 2

Premium Essay

Project Pt 2 It255

...This is a multi-layered security plan. First, Assign people that are fully trained and/or provide the training that makes it possible to do the job. To prevent malicious software and etc. in the 7 domains of an IT infrastructure, you can isolate and install preventions for each domain. The domains are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain. The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer. In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection......

Words: 683 - Pages: 3

Premium Essay

Itt It255 Research Project Part 1

...Brian Gobrecht IT255 Project Part 1 The domains of an infrastructure are broken down into several parts. The User, Workstation, LAN, LAN-to-Wan, Remote Access, Wan, and System/Application domains. All of these are a very crucial part of a domain structure and if one fails to do its proper job most of it or all of it will come to a screeching halt. The User Domain is pretty self-explanatory yes a system can do without a user but by itself it’s more probable to breakdowns and other things to go wrong. So to help the user out in a way it’s not damaging to the infrastructure. One way is to have the computer scan for viruses in anything that plugs into the usb slot such as a portable hard drive or a memory card. As for unauthorized downloads such as music or photos I suggest enable content filtering. Workstation domains are another vital part of keeping the system healthy at most times. To protect this I suggest either at the door of the server room keycards to get in and at the workstation itself both a physical and pass worded approach to ensure the right person is getting in. And to add further measure of security the room would be camera surveyed and users will be logged. A LAN domain can be a very volatile domain with all the wiring and NIC cards and LAN switches common in most rooms. If we are to hopefully secure this part of the domain I would like to be able to restrict access to the computers and laptops that are only necessary to the work environment. So if someone...

Words: 474 - Pages: 2

Free Essay

Tim and Funding

...Few memories as a failure on a major project from half a decade ago still vividly remains in memories. As a Research Assistant to Tim, it was my first paid job. Tim, an Engineer, worked in silos and had driver social style to his heart beat. He only communicated the expectations without delving in the details that he had in his mind. Even though the Office space was a closed knit space for 16 students, Tim seldom hung out with people to build personal relationships. He only interacted with others when there was a need. His lack of explanation on why the project was needed had left me wondering regarding purpose and design aspects of the new programming project. I struggled on how to effectively design the project and often sought help from other people, who recommended me that the project needed investment in new programming platform as old platform was incapable of achieving the project objectives. After making almost no progress on the project and wasting time in attempts to make old platform workable, I received a vehement email from Tim, stating that XYZ Inc. was deciding to scale back on funding, as no progress reports were submitted. I was shocked to learn that I was even expected to submit progress reports at the end of quarter on the undertaken project in which I had neither any clue nor communication. As an amiable person, I was too quick to reach an agreement with Tim on project deliverables. I had thought that I would be receiving friendly advice and guidance......

Words: 444 - Pages: 2

Premium Essay

Student

...and answer document, uploaded to D2L dropbox. You will have to find an IT professional to interview on your own.  Description of this assignment 1. Each student needs to find a candidate for a Post-implementation Review (PIR) report describing an information systems development project. 2. Where can you find an information technology professional to interview? You will have to find an IT professional to interview on your own.    3. If you work for a business or government organization, you should consider interviewing the IT/MIS director for your organization.  If you work P/T or F/T in any reasonably sized organization, it is likely that there are some IT workers around (like help desk staff, programmers, analysts, network technicians or even IT managers). It can even be a friend, relative or acquaintance you know who works in such a job. 4. The following is a list of themes that you could address in the interview: Please do not write this paper in question and answer format. Use the questions below to help guide the interview. ▪ What type of job does he/she do? For whom? ▪ What projects is he/she currently working on for the organization? ▪ What projects has he/she recently completed? ▪ What IT applications has the firm recently implemented? ▪ Were the most recently applications developed in-house, were they outsourced development or were they application software packages that were customized and purchased? ......

Words: 563 - Pages: 3

Premium Essay

Poo on Women: Is This Bad?

...Kempen | C402/C405 | Extend Diploma Mechanical Engineering EDENGM22A/B | Peter Kempen | C402/C405 | | GCSE English | Katherine Davey | G4 | GCSE English | Katherine Davey | G4 | | AS English Literature | Francesca Thomas | A58 | | | | | Archaeology: Unit 1 | Caroline Wilcox | B254 | Archaeology: Unit 2 | Caroline Wilcox | B254 | | Vocational Business assignment completion | Kemi Osoba | A49 | Vocational Business assignment completion | Bekoe Newman | A49 | | Vocational Sport and Travel Tourism assignment completion | Danny Chilvers | A50 | Vocational Sport and Travel Tourism assignment completion | Danny Chilvers | A50 | | AS /A2 GraphicsExtend Diploma Year 2 Final Major Project | Mark Pearson | Art Rooms | AS /A2 GraphicsExtend Diploma Year 2 Final Major Project | Mark Pearson | Art Rooms | Spring Term Revision Schedule 2013-14 Week 1 | Tuesday 8th April | | Morning session 10.00-12.00 | Afternoon Session 1.00-3.00 | | Subject/course | Teacher | Room | Subject/course | Teacher | Room | | A2 Business (China Research Theme) | Nessa | A25 | AS Business | Nessa | A25 | | A2 Economics | Charles | G5 | AS Economics | Charles | | | AS Business | Sarah (11.00-12.30) | A39 | A2 Business (Higher level exam technique) | Sarah | A39 | | AS Law | Amina | A26 | | | | | Vocational Business assignment completion | Kemi Osoba | A49 | Vocational Business assignment completion | Bekoe Newman | A49...

Words: 883 - Pages: 4

Premium Essay

Microsoft Excel

...For ""Anticipated Project Size"" use your internal metrics as guidance. For example, if you use lines of code, then mentally assign ball park values to Small, Medium and Large as part of determining whether to give this criteria a high or low score. Follow a similar process ""Anticipated Duration"". Since project duration depends on project complexity, mentally categorize earlier projects as short, average or long duration to help put the current project in context. 2. After assigning a score for each criteria, view the Feasibility Study Suitability Indicator to discover the best method to use for determining project viability. 3. Omitted criteria will give an inaccurate result, so ensure all criteria are scored before checking the indicator." Criteria "Score (1=high, 3=low)" Guidelines Business Risk "1 = Significant, high-risk projects 2 = Low-to-modertate risk projects 3 = Small, low risk projects" Technology Risk "1 = Significant, high risk technological risks 2 = Low-to-moderate technological risks 3 = Small, low technological risks" Anticipated Project Size "1 = Large 2 = Medium sized 3 = Small" Anticipated Project Duration "1 = Long 2 = Medium duration 3 = Short" Project Dependencies "1 = Substantial and intricate project dependencies 2 = Minimal or manageable project dependencies 3 = No project......

Words: 451 - Pages: 2

Free Essay

Enterprenure

...(EPIEC) . From there he gained a lot of working experience and knowledge which made him to success in his business later . Business Motivation and starting One of the motivating factors was his father’s dream of his establishment in the society and another factor was after the independence of Bangladesh Aminul Islam realized that a new country has been born, therefore, a lot of construction will be needed for the development of the country and that is when he came up with the idea of Project Builders Limited. He proposed the idea to three other recent BUET graduates and they agreed to start with this new business. After the death of one of the partner and other two sold their share currently Aminul Islam is the only Managing Director and Chairman of Project Builders Limited. Vision The vision of Project Builders limited is to make quality constructions and make a strong infrastructure development of the country. Mission Construction of important structure and projects and to become the number one construction builder in Bangladesh. Initial Finance The company was initially started with four partners along...

Words: 2081 - Pages: 9

Free Essay

Kanpur

...knowledge to serve my best to the organization as well as my professional growth. Academics Relevant Courses: • Completed six weeks course and training in JAVA from SLR Infotech Pvt. Ltd, CHANDIGARH. • Pursuing 6 Months course and training in JAVA from DUCAT,NOIDA. • Completed six weeks course in C++ From ICT, KAITHAL B. Tech Projects: S.No Name Of the Project Description Team Members Roles and Responsibilities 1. CHANDIGARH TOURISM (B.Tech Summer Training Project) It was a software project based on core JAVA. It includes all the places to visit , map of chandigarh , hotel room booking , slides . Backend was based on MS-ACCESS . 2 Coding of Some pages, database manipulation & connectivity and preparing Crystal Reports. 2. DELHI TOURISM (B.Tech Minor Project ) It was a software project based on core JAVA. It includes all the places to visit , map of delhi , hotel room booking , slides . Backend was based on MS-ACCESS . 2 Coding of Some pages, database manipulation & connectivity and preparing Crystal Reports. 3. CRIME FILE MANAGEMENT (B.Tech Major Project ) It was a website describing various departments in crime department. It includes 3 modules WRITER , INSPECTOR , ADMIN. Writer writes complaints , Inspector investigates by watching the record using id’s and admin has all the controls. Platform used was ECLIPSE and backend was ORACLE database. 2 Overall designing of pages & coding of Admin......

Words: 375 - Pages: 2

Premium Essay

Sharon Construction

...The following case represents a realistic situation facing construction firm that has just won a competitive contract. The realistic conditions complicating the project are described in detail, as are the alternatives offered by the staff for dealing with these complexities. Case The Sharon Construction Corporation The Sharon Construction Corporation has been awarded a contract for the construction of a 20,000-seat stadium. The construction must start by February 15 and be completed within one year. A penalty clause of $15,000 per week of delay beyond February 15 of next year is written into the contract. Jim Brown, the president of the company, called a planning meeting. In the meeting he expressed great satisfaction at obtaining the contract and revealed that the company could net as much as $300,000 on the project. He was confident that the project could be completed on time with an allowance made for the usual delays anticipated in such a large project. Bonnie Green, the director of personnel, agreed that in a normal year only slight delays might develop due to a shortage of labor. However, she reminded the president that for such a large project, the company would have to use unionized employees and that the construction industry labor agreements were to expire on November 30. Past experience indicated a fifty-fifty chance of a strike. Jim Brown agreed that a strike might cause a problem. Unfortunately, there was no way to change the contract. He inquired......

Words: 918 - Pages: 4

Premium Essay

My Paper

...FOR PROJECT A Cash Flows DCF (13%) PV 350,000 0.8850 309,750 350,000 0.7831 274,085 350,000 0.6931 242,585 826,420 NPV = 826,420 – 735,000 NPV = 91,420 FOR PROJECT B Cash Flows DCF (13%) PV 300,000 0.8850 265,500 300,000 0.7831 234,930 300,000 0.6931 207,930 708,360 NPV = 708,360 – 690,000 NPV = 18,360 FOR PROJECT C Cash Flows DCF (13%) PV 200,000 0.8850 177,000 200,000 0.7831 156,620 200,000 0.6931 138,620 472,240 NPV = 472,240 – 600,000 NPV = (127,760) Assuming the cost of capital increase to 15%, the new NPV will be as follows FOR PROJECT A Cash Flows DCF (15%) PV 350,000 0.8696 304,360 350,000 0.7561 264,635 350,000 0.6575 230,125 799,120 NPV = 799,120 – 735,000 NPV = 64,120 FOR PROJECT B Cash Flows DCF (15%) PV 300,000 0.8696 260,880 300,000 0.7561 226,830 300,000 0.6575 197,250 684,960 NPV = 684,960 – 690,000 NPV = (5,040) FOR PROJECT C Cash Flows DCF (15%) PV 200,000 0.8696 173,920 200,000 0.7561 151,220 200,000 0.6575 131,500 456,640 NPV = 456,640 – 600,000 NPV = (143,360) At this point it is necessary for one to determine the sensitivity of the change in NPV of the three projects due to the increase in cost of capital. SUMMARY OF NPVS’ CALCULATIONS PROJECT | NPV @ 13% | NPV @ 15% | % CHANGE IN NPV | A | 91,420 | 64,120 | * 29.86% | B | 18,360 | (5,040) | * 127.45% | C | (127,760) | (143,360) | * 12.2% | From the table above it is clear that all three projects had...

Words: 350 - Pages: 2