...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...Multi Layered Security Plan Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network...
Words: 302 - Pages: 2
...information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations will have up-to-date application software and security patches conferring...
Words: 779 - Pages: 4
...Multi Layered Security Plan Richman Investments This Multi layered security plan will give you a brief overview of the security strategies that will be implemented at each level of the companies IT infrastructure. The usage of security awareness training to instruct employees of Richman Investments security policies, auditing of user activity will be implemented at the User Domain level of the infrastructure. The usage of antivirus and anti malware programs on each user computer, strict access privileges to corporate data and the deactivation of media ports will be put in place at the Workstation Domain of the infrastructure. Utilizing network switches, encryption to wireless access points using WPA 2 security shell encryption, as well as securing server rooms from unauthorized access will be implemented at the LAN Domain level of the infrastructure. The closing off unused ports using a firewall to reduce the chance of unwanted network access, monitoring inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent, running all networking hardware with up to date security patches, and operating systems with be set in place within the LAN to WAN Domain structure. Enforcing encryption, and Virtual Private Network (VPN) tunneling for remote connections, configuring routers, and network firewalls to block ping requests to reduce chance of denial of service (DOS) attacks, enforcing anti virus scanning of email attachments, Isolating malicious...
Words: 306 - Pages: 2
...[1] David Kim and Michael G. Solomon. Fundamentals of Information Systems Security - Jones & Bartlett Learning, LLC. 40 - Tall Pine Drive Sudbury, MA 01776 – Copyright 2012 Multi Layered Security Plan: Richman Investments 1.) General This Multi-layered Security Plan will give a brief overview of the security strategies that will be implemented at each level of the Information Technology (IT) infrastructure. 2.) User Domain a. Security awareness training will be implemented to instruct employees of Richman Investments security policies. b. Structured auditing of all user activity. 3.) Workstation Domain c. The installation of antivirus and anti-malware programs on all user computers. d. Strict access privileges to corporate data files and important company documents. e. Media ports to be deactivated. 4.) LAN Domain f. Utilizing the correct network switches per each domain. g. WPA 2 encryption policies to wireless access points. h. Securing server rooms from unauthorized access. 5.) LAN to WAN Domain i. Deactivating and closing off unused ports per the firewall to reduce the chance of unwanted network access. j. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent. k. All networking hardware is to have up to date security patches, and operating systems. 6.) WAN Domain l. Enforce encryption, and VPN tunneling...
Words: 316 - Pages: 2
...RICHMAN FINANCIAL INVESTMENTAND CONSULTING FIRM Multi-Layered Security Outline Plan IT Infrastructure Security Daniel Satterfield 7/1/2014 Identification of Risks, Threats, and Vulnerabilities along with proposed Security measures and controls MULTI-LAYER SECURITY PLAN (OUTLINE) FOR RICHMAN INVESTMEN The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. The FFIEC now has mandated financial institutions mitigate online threats by intergrading endpoint encryption pushing it out to all users in a non pre-boot fashion then using the console to migrate users to pre-boot encryption which would provide immediate protection and increased visibility and control of our overall risk posture. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security...
Words: 751 - Pages: 4
...Multi-Layered Security Plan The following Multi-Layered Security Plan outline I am submitting for approval and implementation for Richman Investments, will provide a sound security plan for the firms most important mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office. Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices(Symantec 2008). What's more, while yesterday's attack activity consisted of a single compromise...
Words: 866 - Pages: 4
...Project Part 1: Multi-Layered Security Plan when developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has antivirus and malware protection installed on them. Laptops are very vulnerable for loss or theft, so all company laptops should have an encrypted hard drive so that if they are stolen, the data contained on them is not recovered by anyone but the owner. For the LAN domain, we need to have training about email scams. Most users know not to access suspicious emails when on our system but a quick training course will help. Also, adding spam filters will help gets rid of most of the junk email, so there is much less risk of employees opening emails containing malware. In the LAN-to-WAN domain, we need to shut down...
Words: 338 - Pages: 2
...Project Part 1 Multi-Layered Security Plan | NT2580 | | James Maus | 8/21/2015 | In the process of emerging a mulit-layered security plan, you will need to see the seven domains of the IT set-up. The security will be increased on each of the domains. Security increase on the seven domains increases complete security of the system and build a mulit-layered security plan. Only the users can negotiate the system in the user domain. Easy passwords can cause a lot of problems so we will need to use difficult passwords with eight characters and up. Passwords will include special characters with capitals and lowercase. A limit to how long you can use the password and to only a one time password use. Workstations will have antivirus and malware protection installed. Since laptops are very weak and easy to get lost or stolen, the companies will have a converted hard drive so only the owner can recover the data. On the LAN domain, you should never open any scam emails when on company systems. To reduce email malware, you should add spam filters to stop junk email and reduce employee mistakes. On the LAN to WAN domain, we should switch the FTP to secure FTP so only our suers can have access to the FTP server. On the WAN domain there should be firewalls put in place on the network to filter inbound traffic. In the case of the Richman investments, network of\ any kind of traffic that is coming in and out is not needed will be stopped by a firewall. Reference Courtesy of...
Words: 444 - Pages: 2
...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...
Words: 340 - Pages: 2
...Into To security Project Part 1: Multi-Layered Security Plan: As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan: User Domains: Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs. Workstation Domains: These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define workstation...
Words: 727 - Pages: 3
...This outline will, in brief, give some context to the security plan for Richman Investments’ overall IT infrastructure. The best security, is a proactive, multilayer approach that takes into account the various domains of our network. This a brief outline of the various types of solutions that will begin to mitigate to minimize our risks and vulnerabilities. Multi-layer security plan. This will detail the many areas of vulnerability and risk that will be mitigated by the various security strategies that will be implemented through the seven domain layers of our IT infrastructure. 1. User a. Education – use of strong passwords, locking work stations b. restrict access to critical user files only – principle of least privilege 2. Workstation a. Access control – password protected workstations and auto screen locking b. Antivirus-Strong, automatic programs that scan for threats 3. LAN a. Physical security – All wiring closets and server rooms should be locked b. Set up encryption between workstations and wireless access points. 4. LAN to WAN a. Disable unused ports, ping, and port scanning on exterior devices b. Strict zero-day policy for patching c. Strict security monitoring for intrusion detection Tyler Straub 3 5. WAN a. Use encryption and VPN tunnels to secure sensitive data on the internet b. Use anti-virus to scan all e-mails for malicious attachments 6. Remote access a. Encrypt all...
Words: 345 - Pages: 2
...Project Part 1 Multi-Layered Security Plan Outline The following outline is to document the general security solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. ...
Words: 779 - Pages: 4
...Project Part 1 : Multilayered Security Plan The safety and security of information owned by Richman Investments is extremely important and needs to monitored constantly. Through the following outline I hope to enhance the companies security, update systems and applications and ensure the integrity of the information stored on the network. The outlined areas will be monitored and reported monthly to senior management and will be updated as needed. The following outline will touch on each domain and will include security measures needed for those domains. 1.0 User Domain 2.1 Mobile storage disabled 2.2 Admittance to work area and computer with badge only. No visitors permitted 2.3 Multi-layered authentication with username/password and either token or biometrics 2.4 Training of new hires or quarterly training of current employees on security awareness 2.5 Security software with scanning capabilities to ensure no malware or virus intrusion is allowed. 2.0 Workstation 3.6 Hardware inventory taken quarterly to asses needs for new equipment or updates. 3.7 Software database examined to asses need for updates or antivirus renewal. 3.8 Different departments will be assessed groups in active directory to prevent authorization conflicts or confusion 3.9 Admittance to workstations will only be permitted with proper credentials, badge or token. 3.0 Lan 4.10 All cabinets and server rooms will be locked...
Words: 656 - Pages: 3
...Multi Layered Security Plan for Richmond Investments Security is vital to any business. This Security Play will show a general idea for each level of the IT infrastructure. User Domain o Security awareness training each month to give employees the rules of Richman Investments security policies o Auditing of all user activity o Training for each time a new security option is implemented Workstation Domain o Strict access to corporate data o Each user machine will run up to date antivirus and anti malware software o File scanner for any files copied to or from the workstation LAN Domain o Utilization of network switches o WPA 2 encryption on all wireless access points o The securing of server rooms from unauthorized access LAN to WAN Domain o Closing off unused ports via a firewall to reduce the chance of unwanted network access o Monitor inbound IP traffic o Run all networking hardware with up to date security patches, and operating systems WAN Domain o Enforce encryption, and VPN tunneling for remote connections o Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks o Enforce anti virus scanning of email attachments o Isolate found malicious software (virus, Trojans, etc.) when found o Deployment of redundant internet connections to maximize availability Remote Access Domain o Establish strict user password policies, as well as lockout policies to defend against brute force attacks ...
Words: 276 - Pages: 2
