Premium Essay

Nt2580 Unit 4 Assignment 2

In: Computers and Technology

Submitted By enochmla
Words 689
Pages 3
Dallas Page
July 17, 2015
Unit 4 Assignment 2

Acceptable Use Policy Definition

1. Overview
To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly.

Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments.

It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments.

2. Purpose
To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software.

3. Scope
The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to Richman Investments headquarters and its satellite properties. Each employee, contractor, client, visitor or partner is expected to exercise good judgement and use the property of Richman Investments for business appropriate reasons. All property including but not limited to internet service, computers, electronic service, electronic mail, storage media, network accounts, operating systems or…...

Similar Documents

Free Essay

Nt2580 Unit 5 Assignment 1

...It255 Unit5 Assignment TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges to outside users. |...

Words: 258 - Pages: 2

Premium Essay

Unit 4 Assignment

...Assignment Unit 4 Candace House CJ140 March 26, 2013 Assignment Unit 4 There are two legal terms “search” and “seizure”. The legal term search means to examine another's premises to look for evidence of criminal activity. Under the 4th and 14th Amendments it is unconstitutional for law enforcement officers to conduct a search without a "search warrant" issued by a judge or without facts which give the officer "probable cause" to believe evidence of a specific crime is on the premises if there is not enough time to obtain a search warrant. The legal term seizure means the taking by law enforcement officers of potential evidence in a criminal case. The constitutional limitations on seizure are the same as for search. Thus, evidence seized without a search warrant or without "probable cause" to believe a crime has been committed and without time to get a search warrant, cannot be admitted in court, nor can evidence traced through the illegal seizure. Basically what all this means is that when evidence is being collected in a search and seizure it has to be done by protocol otherwise the criminal may walk free. An element that is needed with both the terms search and seizure is probable cause. Without the probable cause then we cannot legally search a person or their property and take any evidence. Search warrants may also be needed, provided that there is enough time to obtain a search warrant. A third element between the two terms is where there is the ability of......

Words: 622 - Pages: 3

Free Essay

Unit 2 Assignment 2

...NT2580 Unit 2 Assignment 2 10/1/13 1. The five vulnerabilities that exist for this LAN based workgroup are 2755801, 2501696, 2588513 2639658, 2659883. 2. Yes, the vulnerability that involves privilege elevation is 2639658 (Vulnerability in TrueType Font Parsing), but it is not a high priority. 3. 2719662 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Apply the Microsoft Fix it solution that blocks the attack vector for this vulnerability. Disable Sidebar in Group Policy. Disable the Sidebar in the system registry. 2737111 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Disable WebReady document view for Exchange. 2755801 Solution: Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running. Prevent Adobe Flash Player from running on Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012. Prevent Adobe Flash Player from running in Office 2010 on Windows 8 and Windows Server 2012. Prevent ActiveX controls from running in Office 2007 and Office 2010. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active......

Words: 257 - Pages: 2

Premium Essay

Unit 4 Assignment 2

...Unit 4 Assignment 2: Acceptable Use Policy Definition NT2580 The following acceptable use policy has been designed for Richman Investments and grants the right for users to gain access to the network of Richman Investments and also requires the user to follow the terms of use set forth for network access. Policy Guidelines * The use of peer to peer file sharing is strictly prohibited. This includes FTP. * Downloading executable programs or software from any websites, known or unknown, is forbidden. * Users are not allowed to redistribute licensed or copyrighted material without receiving consent from the company. * Introduction of malicious programs into networks or onto systems will not be tolerated. * Attempts to gain access to unauthorized company resources or information from internal or external sources will not be tolerated. * Port scanning and data interception on the network is strictly forbidden. * Authorized users shall not have a denial of service or authentication. * Using programs, scripts, commands, or anything else that could interfere with other network users is prohibited. * Sending junk mail to company recipients is prohibited. * Accessing adult content from company resources is forbidden. * Remote connections from systems failing to meet minimum security requirements will not be allowed. * Social media will not be accessible on company resources. *......

Words: 263 - Pages: 2

Free Essay

Unit 3 Assignment 2 Nt2580

...1. Discretionary Access Control – For Shovels and Shingles I would use Discretionary Access Controls. This way certain user groups have certain access. Considering there is only 12 clients I would assume the employee base and small and only 2-3 groups would be required with different access levels. 2. Rule Based Access Control – Due to the small client base and the fact most users would most likely be sharing information in a small advertising company I would go with Rule Based. This way there is certain files that everyone can access and ones that can’t be accessed. It allows for a personal data structure while allowing some files to be shared freely. 3. Non-Discretionary Access Control – Due the company being larger and associated with IT, I would go with the non-discretionary controls. This way the employees will only have access to what is dictated to them by the administrators. This is especially recommended because there are employees traveling and using the network from the outside. All control for the network should be done administratively. 4. Role-Based Access Controls – For Backordered Parts defense contractor I would recommend Role-Based access controls. As there are many facets to a design and building company there will be many access levels and areas that should only be accessed by certain personnel. Using this role-based control will allow for all users to only see what they need to see, and not see what they don’t need to see as pertaining to......

Words: 321 - Pages: 2

Premium Essay

Unit 2 Assignment 1

...10/ 1/ 2014 NT2580 Unit 2 assignment 1 The workgroup consists of three primary workgroups, which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within...

Words: 286 - Pages: 2

Free Essay

Unit 4 Assignment Brief

...Assignment Title | Unit 4: Communication in Business | Assessor | Peter Green | Date Issued | 13th January 2015 | Hand in Date | 20th March 2015 | Duration (approx.) | 11 weeks | Qualification suite covered | Level 3: BTEC Diploma in Business | Units covered | Unit 4 | Learning aims and objectives | The aim of this unit is to inform you that the collection and management of business information, and the successful communication of that information throughout a business, is critical for the future prosperity of the organisation.Learning outcomes:1. Understand different types of business information2. Be able to present business information effectively3. Understand the issues and constraints in relation to the use of business information in organisations4. Know how to communicate business information using appropriate methods | Durations (approx) | 60 hours | BackgroundCase studiesScenario | Proper collection of data creates an environment where informed decisions can be taken for the benefit of the business. In order to manage information effectively, there must be good communication systems within the organisation, and staff must possess good verbal and written skills in order to communicate and share information. Throughout this unit, you will be researching how one organisation obtains and provides information verbally, via written context, and with the use of multi-media.You have been given the choice of the following organisations to research in......

Words: 1171 - Pages: 5

Free Essay

Nt2580 Unit 1 Assignment 2

...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system.   * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation......

Words: 508 - Pages: 3

Free Essay

Unit 2 Assignment 2

...Asimo Unit 2 assignment 2 | AbstractASIMO is a humanoid Robot that was built to genuinely help people. Linda Vaughn | Asimo Unit 2 assignment 2 | AbstractASIMO is a humanoid Robot that was built to genuinely help people. Linda Vaughn | Linda Vaughn GS1145T 10/3/2015 Why Create ASIMO? ASIMO is humanoid robot created to duplicate human motion and genuinely help people. ASIMO took more than two decades of persistent study, research, trial and error before achieving a humanoid robot. ASIMO's design, development and operation rely on many different disciplines including Mathematics, Physics, Anatomy, Engineering and Computer Science. In 1986 Honda engineer’s set out to create a walking humanoid robot early models (E1, E2, and E3) focused on developing legs that could simulate the walk of a human. Models (E4, E5, and E6) focused on developing walk stabilization and climbing stairs. Then the head, arms and body were added to improve balance. Hondas first robot P1 was rather rugged standing at 6’2 and weighing at 386lbs. P2 had a more friendly design. P3 model was more compact standing at 5’2 and weighing 287lbs. ASIMO can run, walk on uneven slopes and surfaces turn smoothly and reach and grab for objects. ASIMO can also comprehend and respond to simple voice commands. It can also recognize the face of a selective group of individuals using camera eyes. It can also map environment and register stationary objects and can avoid moving objects as it moves......

Words: 598 - Pages: 3

Premium Essay

Case Study Term 2 Unit 4 Assignment

...CASE STUDY 2 Criminal Justice professionals have certain responsibilities and duties in order to fulfill the needs of society. Criminal justice professionals are the backbone to any society and they are given certain authority and power by the government to protect its citizens. This sets them apart from the general population. They are expected to fulfill the vast amount of duties expected of them in a professional manner. Criminal justice professionals are expected to have very high moral standard therefore in order for the citizens to feel safe they have to remain vigilant and professional; they are not expected to be any discrimination or biasness at all, during the commission of their duties. Law enforcement, correctional system and legal system are a few of the criminal justice professions that are entrusted by the government with the powers to protect and serve the citizens of the country. Law enforcement officer’s role is public safety, which can officially be broken down in different functions, enforcing the law, keeping the peace and protection of life and property. In carrying out the function law enforcement officer have to exercise discretion. Without law enforcement we would have anarchy and crime would be more prevalent. Policing is as much as helping people and maintaining community quality of life as it is about enforcing the law and apprehending criminals. In today’s multicultural and diverse......

Words: 739 - Pages: 3

Premium Essay

Unit 2 Assignment 2

...Unit 2 assignment 2 Legislation- Human rights act- an act of parliament of the UK- the royal assent for this act was received the 9th of November 1998 with a commencement in 2000. It is an act to give further effect to rights and freedoms guaranteed under the European convention on human rights. Rights: -Right to life -Freedom from torture and inhuman or degrading treatment -Right to liberty and security -Freedom from slavery and forced labour -Right to a fair trial -No punishment without law -Respect for your private and family life, home and correspondence -Freedom of thought, belief and religion -Freedom of expression -Freedom of assembly and association -Right to marry and start a family -Protection from discrimination in respect of these rights and freedoms -Right to peaceful enjoyment of your property -Right to education -Right to participate in free elections This act promotes anti discriminatory practice in a way that it gives everyone the rights they deserve which can’t be taken away from anyone, therefore everyone is equal in what they can do. Data protection act- The data protection act defines UK laws on processing data on identifiable living people. It covers any data which can identify a person such as address, name, Humber, email, information is to be used fairly and lawfully. It is only used for limited specific purposes and in a way that is relevant, adequate and excessive. This promotes anti discriminatory practice as it helps protect......

Words: 4206 - Pages: 17

Premium Essay

Unit 4 Assignment 1

...1 Running head: UNIT 4 ASSIGNMENT 1 Fundamentals of Finance BUS 3062 Rodtrice Johnson 3/7/16 Unit 4 Assignment 1 Dennis Hart 1. Q: Proficient-level: "How do Cornett, Adair, and Nofsinger define risk in the M: Finance textbook and how is it measured?" (Cornett, Adair, & Nofsinger, 2016). Distinguished-level: Describe the risk relationship between stocks, bonds, and T-bills, using the standard deviation of returns as the measure of risk. Answer Proficient-level: Risk is defined as the volatility of an asset’s returns over time. Specifically, the standard deviation of returns is used to measure risk. This computation measures the deviation from the average return. The idea is to use standard deviation, a measure of volatility of past returns to proxy for how variable returns are expected to be in the future. Answer Distinguished-level: Stocks and bonds have very different risk-return characteristics. In general, while stocks are more volatile than bonds, over the long run, stocks are expected to yield higher returns than bonds. By varying the mix of stocks and bonds in a portfolio, an investor can achieve her desired level of risk exposure. However, the level of risk in a portfolio depends not only on the risks of individual assets, but also on the movements of the individual assets in the portfolio. 2. Q: Proficient-level: "What is the source of firm-specific risk? What is the source of market risk?" (Cornett, Adair, & Nofsinger, 2016,......

Words: 1067 - Pages: 5

Premium Essay

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must......

Words: 477 - Pages: 2

Premium Essay

Unit 4 Assignment 4

...Unit 4 Assignment 4 Non- electronic communication involves the distribution of a message usually in the form of: Reports, Letters, Flow Charts, Invoices and even Verbal Communication amongst employees. This form of communicating is not as popular as it once was, but it provides businesses with other avenues to communicate instead of electronic communication. Furthermore, different types of communication suit contrasting businesses in addition to, the preference of people involved within a business. What Is Non- Electronic Communication? Electronic and Non- Electronic Sources of Business Information Sources of business information can come in a variety of different forms which include: Newspapers, Websites, Books, Posters, Directories, Databases, Government Statistics and so forth. Business information is basically information gathered of relevance to a business and its environment. Businesses use different sources of information as a way of understanding the markets they entering into, their competitors and how the company can grow. Moreover, different sources of business information serve contrasting purposes. Firstly, electronic communication involves the use of technology to distribute a particular message across. Examples of electronic communication include: the use of Mobile Devices, Video conferencing, Twitter, Facebook and other Social Media Websites, as well as, Electronic Mail. This is an effective way of communicating in a business environment as it is cost......

Words: 665 - Pages: 3

Free Essay

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2