Premium Essay

Remote Access Control Policy for Richman Investments

In: Computers and Technology

Submitted By birdone
Words 298
Pages 2
Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires.
Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN
Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge, or token. Using a combination of ownership authentication and knowledge authentication proves to offer better security.
Accountability- Richman Investments must hold users responsible for what they do on the system. Log files can be used to detect, prevent, or monitor access to the system. Due to all the different privacy laws, RI must also secure its data. This will involve how data is retained i.e storage, how media is disposed of, and following compliance...

Similar Documents

Premium Essay

Richman Investment Remote Access Control Policy

...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an......

Words: 2211 - Pages: 9

Premium Essay

Richman Investments Remote Access Control Policy

...SHAUN PARE 4/9/12 ESSAY 2/ 500 WORD What is the OSI model the 7 layers The Open Systems Interconnection or (OSI model) “Is an architectural model that represents networking communication. It was introduced in 1978 by the International Organization for Standards to standardize the level of services and types of interactions for computers communicating over a network” (Emdad). The OSI is the standard that sets the path that data must travel through from one computer to another through a network. The OSI does this by the sending the through seven different layers almost like sending the data through checkpoints and at each checkpoint the data must be cleared so it is able to move on to the next stop. This is what the seven layers of OSI do. The data must go each layer, each layer performs a specific task in order to pass the data through to the next layer, and these layers also communicate to the layer above and below to make sure that everything in order. There are seven layers and each one has a specific function that prepares it for next layer the data must pass through all seven layers. The layers are separated into two sets the first is the application set • Application layer 7- This is the layer that provides the interface between the network protocol and the software running on the computer. This layer handles anything that communicates with the internet; this layer also handles any network related activity such as file transfers or reading and sending email.......

Words: 606 - Pages: 3

Premium Essay

Nt2580

...Richman Investments has decided to expand their business. We have been given their new growth projections of 10,000 employees in 20 countries, with 5,000 located within the U.S. Richman have also established eight branch offices located throughout the U.S. and have designated Phoenix, AZ being the main headquarters. With this scenario, I intend to design a remote access control policy for all systems, applications and data access within Richman Investments. With so many different modes of Access Control to choose from it is my assessment that by choosing only one model would not be appropriate for Richman Investments. My recommendation would be a combination of multiple Access Control Models that overlap to provide maximum coverage and overall security. Here are my suggestions for access controls. Role Based Access Control or RBAC, this will work well with the Non-Discretionary Access Control model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting access to a group of people with the same job roles or responsibilities. With many different locations along with many different users it is important to identify the different users and different workstations within this network. Every effort should be dedicated towards preventing user to access information they should not have access to. Non-Discretionary Access Control is defined as controls that are monitored by a security administrator. While RBAC identifies those with......

Words: 548 - Pages: 3

Premium Essay

Asd Rtg

...Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective  Explain the role of access controls in implementing security policy. Key Concepts  The authorization policies applying access control to systems, application, and data  The role of identification in granting access to information systems  The role of authentication in granting access to information systems  The authentication factor types and the need for two- or three-factor authentication  The pros and cons of the formal models used for access controls Reading  Kim and Solomon, Chapter 5: Access Controls. Keywords Use the following keywords to search for additional materials to support your work:  Biometrics  Content Dependent Access Control  Decentralized Access Control  Discretionary Access Control  Kerberos  Mandatory Access Control  Remote Authentication Dial In User Service (Radius)  Role-Based Access Control  Security Controls  Secure European System for Applications in a Multi-Vendor Environment (SESAME)  Single Sign-on  Terminal Access Controller Access-Control System (TACACS) ------------------------------------------------- Week 3 Discussion * Access Control Models * Unit 3 Access Control Models (lT255.U3.TS2) Lab * Enable Windows Active Directory and User Access Controls Assignment * Remote Access Control Policy......

Words: 542 - Pages: 3

Premium Essay

Unit 3 Assignment 1

...Remote Access Control Policy 1. It is the responsibility of Richman Investments employees, third party contractors, vendors and agents with remote access privileges to Richman Investments networks to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman Investments. 2. General access to the Internet for recreational use by immediate household members is discouraged through the Investment Dial-In Network. The Richman Investments employee is responsible to ensure the family member does not violate any Richman Investment policies, does not perform illegal activities, and does not use the access for outside business interests. The Richman Investments employee bears responsibility for the consequences should the access be misused. 3. Access to the Richman Investments Trusted Network will only be allowed from Trusted Users and other special ITS administered subnets. 4. Remote or outside Trusted Users (defined below) may gain access to Trusted hosts in one of two ways: a. The outside Trusted user will initiate a connection and authenticate to the Richman Investments VPN endpoint (see VPN_Policy). Username and password pairs will be distributed to Third Parties upon receipt of a valid Third Party Connection Agreement. Currently supporting Windows 8 with Microsoft SQL Server 2014. Network Infrastructure and Control Systems will make client software available upon request. b. The Richman......

Words: 362 - Pages: 2

Free Essay

It255 Project

...presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations......

Words: 779 - Pages: 4

Premium Essay

Unit 4 Assignment1

...Existing IT Security Policy Framework Richman Investments Remote Access Standards Purpose: This document is designed to provide definition of the standards for connecting remotely to Richman Investments’ network outside of the company’s direct network connection. The standards defined here are designed to mitigate exposure to potential damage to Richman Investments’ network, resulting from the use of unauthorized use of network resources. Scope: All Richman Investments agents, vendors, contractors, and employees, who use either Richman Investments company property or their own personal property to connect to the Richman Investments network, are governed by this policy. The scope of this policy covers remote connections, used to access or do work on behalf of Richman Investments, including, but not limited to, the viewing or sending of e-mail, and the viewing of intranet resources. Policy: Richman Investments agents, vendors, contractors, and employees with privilege to remote access to Richman Investments’ corporate network are responsible for ensuring that they adhere to these standards, whether using company-owned or personal equipment for data access, and that they follow the same guidelines that would be followed for on-site connections to the Richman Investments network. General access to the Internet by household members via the Richman Investments network will be permitted, and should be used responsibly, such that all Richman Investments standards and......

Words: 474 - Pages: 2

Premium Essay

Nt2580- Project Part 1

...solutions for Richman investments, for all locations including head-quarters, for the safety of data and information that belongs to Richman Investments. This plan will be updated and submitted, every month by the networking division, to senior management along with a security plan for the month. 1. User Domain a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. f. Automated antivirus solution that updates and scans each workstation automatically. g. Vulnerability......

Words: 779 - Pages: 4

Free Essay

Document

...Richman Investments Remote Access Control Policy The purpose of this policy is to define standards on remote access to the Richman investments from any remote host, including all branch offices located in North America. The standards provided are to secure and prevent any possible unattended entry into the Richman Investments website, intranet or internal network. We are intending to ensure 100% accountability of our companies shared information, but most importantly our customers’ personal/financial information. It is urged that all remote access users refer to the acceptable use policy before accessing any network component of Richman Investments. Any use of a personal computer, company workstation or Blackberry/PDA to access the Richman Investments network will require the newest version update of our company anti-virus software. All remote access connections will be limited to do work on the behalf of Richman investments. Every workstation will be equipped with a required assigned user name, password authentication, and a access token authentication. The password minimum requirements will be limited to twelve characters, including two special characters, and three numeric characters. A user connecting to the network using a personal computer and/or PDA will require a network access password, with a minimum of ten characters, including two special characters and three numeric characters. All passwords will be kept confidential to the network user and network......

Words: 317 - Pages: 2

Premium Essay

It255 Part 1

...IT-255 Part 1 Multi-Layer Security Outline Task at hand: Richman Investments Network Division has been handed the task of creating a general solutions outline for safety of data and information that belongs to their organization. This following outline will cover the security solutions of the seven domains that the IT infrastructure is made of. User Domain | The User Domain being the weakest link of the seven layers. This is from lack of users not aware of security policies and procedures. | To secure this link to its fullest. The employees should be trained and updated with security policies and procedures. The system should have firewall and antivirus software installed as well. | Workstation Domain | The Workstation Domain can be made up of desktops, laptops, iPods and or personal assisting tools like Smartphone’s. | The common threat to the Workstation is the unauthorized access to the system. The solution would be to enable password protection and automatic lockout during time of inactivity. | LAN Domain | LAN being a collection of computers connected to each other. The links can use several tools direct connected with a switch and wireless with a router being the most common. | Unauthorized access can tap into and work its way into workstations, data centers (servers). To put a block and set-up counter measures a Firewall and OS Security Software installed and monitored. | LAN-TO-WAN Domain | LAN-to-WAN is where the IT infrastructure links to a wide...

Words: 779 - Pages: 4

Premium Essay

It255

...Internet DMZ Equipment Policy 1.0 Purpose The purpose of this policy is to define standards to be met by all equipment owned and/or operated by Richman Investments located outside Richman Investment's corporate Internet firewalls. These standards are designed to minimize the potential exposure to Richman Investment from the loss of sensitive or company confidential data, intellectual property, damage to public image etc., which may follow from unauthorized use of Richman Investment resources. Devices that are Internet facing and outside the Richman Investment firewall are considered part of the "de-militarized zone" (DMZ) and are subject to this policy. These devices (network and host) are particularly vulnerable to attack from the Internet since they reside outside the corporate firewalls. The policy defines the following standards: * Ownership responsibility * Secure configuration requirements * Operational requirements * Change control requirement 2.0 Scope All equipment or devices deployed in a DMZ owned and/or operated by Richman Investment (including hosts, routers, switches, etc.) and/or registered in any Domain Name System (DNS) domain owned by Richman Investment, must follow this policy. This policy also covers any host device outsourced or hosted at external/third-party service providers, if that equipment resides in the "RichmanInvestment.com" domain or appears to be owned by Richman Investment. All......

Words: 1219 - Pages: 5

Premium Essay

Itt It255 Unit 4 Aup

...strategic assets of the Richman Investments and must be treated and managed as valuable resources. Richman Investments provides various computer resources to its employees for the purpose of assisting them in the performance of their job-related duties. State law permits incidental access to state resources for personal use. This policy clearly documents expectations for appropriate use of Richman Investments assets. This Acceptable Use Policy in conjunction with the corresponding standards is established to achieve the following: 1. To establish appropriate and acceptable practices regarding the use of information resources. 2. To ensure compliance with applicable State law and other rules and regulations regarding the management of information resources. 3. To educate individuals who may use information resources with respect to their responsibilities associated with computer resource use. This Acceptable Use Policy contains four policy directives. Part I – Acceptable Use Management, Part II – Ownership, Part III – Acceptable Use, and Part IV – Incidental Use. Together, these directives form the foundation of the Richman Investments Acceptable Use Program. Section 2 – Roles & Responsibilities 1. Richman Investments management will establish a periodic reporting requirement to measure the compliance and effectiveness of this policy. 2. Richman Investments management is responsible for implementing the requirements of this policy, or......

Words: 1330 - Pages: 6

Premium Essay

Unit 3 Assignment 1

...Authorization- Richman Investment has to define specific rules to dedicate who has access to which of the computers and its resources. The suggestion that I suggest is that Richman Investments implements a group policy. A group policy would allow an administrator the privilege to assign different access controls to different group users. The administrator could then assign different individuals to one or multiple groups. The permissions of the user is dictated by the administrator. Identification- Richman Investments must assign a unique identifier that compliments each user. This way they can keep track of who has access to what systems and data, the most commonly has used is a user identification number and password. Authentication- “In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification.” (Technology, 2014)The best way for this company is to use a knowledge based system that includes PIN, pass phrase, or password along with a ownership authentication which includes but is not limited to a key, badge, token, or smart card. Using a combination of will provide the most adequate form of security. Accountability- Richman Investments has to hold all users responsible for what they do or not do on their systems. They must makes sure log systems can detect, prevent, and/or monitor the system due to all the laws that......

Words: 282 - Pages: 2

Premium Essay

Richman Investments

...Richman Investments Introduction to Computer Security Richman Investments Hello, my name is Max and I’m here today to give you a brief on Richman Investments “Internal Use Only” data clarification standards. I will cover what this means to the company and to you. I will also cover three different information technology infrastructure domains that we use and how these are affected by the “Internal Use Only” standard. This also applies to you the end user working here at Richman Investments. This is a vital brief to safeguard and keep all of our client’s information safeguarded from all outside sources. So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization and it is intended to never go outside of this organization. If it does, it could cause many clients’ personal information to be used by other people. The bottom line is that you are responsible to safe guard all “Internal Use Only” information by following some simple security controls that I will now go over with you (Kim & Soloman, 2012). The weakest link in......

Words: 940 - Pages: 4

Premium Essay

Part 1it255

...Multi-Layered Security Outline Task The Networking Division for Richman Investments, has been tasked with creating a general solutions outline for safety and data information that belongs to the organization. The following outline will discuss security solutions for each of the seven domains of the IT infrastructure. User Domain The User Domain is the weakest. The most common vulnerability is the lack of user awareness and user apathy toward security policies. This risk is avoided by conducting security awareness training and consistent reminders of the security policies via emails or banner greetings. Conducting annual training and updating the staff manual will go a long way to help avoid this risk. User media, as well as, personal USB’S are another security risk to the User Domain. This risk is protected by disabling the internal CD drives and USB ports, and enabling automatic antivirus scans for inserted media drives, files, and email attachments. Content filtering network devices are configured to permit or deny specific domain names in accordance with AUP definition. The last way to protect the User Domain will be to restrict access to only those systems, applications, and data needed to perform the employee’s particular job requirement, this will help protect user destruction of systems. Workstation Domain The Workstation Domain consists of desktops, laptops, and or personal data assistants (smartphones). The following will list......

Words: 992 - Pages: 4