It Security Plan Layout

In: Other Topics

Submitted By jessediana90
Words 275
Pages 2
Project Part 1

Multi Layered Security Plan

Richman Investments

1) General

This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure.

2) User Domain

a. The usage of security awareness training to instruct employees of Richman Investments security policies

b. Auditing of user activity

3) Workstation Domain

a. The usage of antivirus and antimalware programs on each user computer

b. Strict access privileges to corporate data

c. Deactivation of media ports

4) LAN Domain

a. Utilizing network switches

b. WPA 2 encryption to wireless access points

c. Securing server rooms from unauthorized access

5) LAN to WAN Domain

a. Closing off unused ports via a firewall to reduce the chance of unwanted network access

b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent

c. Run all networking hardware with up to date security patches, and operating systems

6) WAN Domain

a. Enforce encryption, and VPN tunneling for remote connections

b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks

c. Enforce antivirus scanning of email attachments

i. Isolate found malicious software (virus, Trojans, etc.) when found

d. Deployment of redundant internet connections to maximize availability

(Kim & Solomon)

7) Remote Access Domain

a. Establish strict user password policies, as well as lockout policies to defend against brute force attacks

b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen

c. Encrypt the hard drives of company computers, laptops and mobile device to prevent the loss of sensitive…...

Similar Documents

Multi Layered Security Plan

...Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. In this Multi Layered Security Plan we will describe how we will improve the security of each domain and how to protect our information. We will update all firewalls on the infrastructure and secure our ports that are open and stop incoming traffic that is malicious. All anti-virus software will be updated throughout the company. All IT employees will be informed about the new MLS Plan that we putting into effect once the Senior management approves it. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies We have to train the employees on the protection of their user IDs and login information to the companies system. Show the employees how to create a better password and security questions and not to write there passwords down on sticky notes to help remember. Making them aware of friends, family, or people that ask questions out of the ordinary, because the questions could possibly your security questions or part of your password. The user only has three attempts and they are locked out and will have to see a admin to be unlocked. b. Auditing of user activity We will watch how the users go about their daily activities on the company’s internet/network and make notes......

Words: 518 - Pages: 3

Security Plan

...1.0 Overview This remote access policy defines standards for connecting to the organizational network and security standards for computers that are allowed to connect to the organizational network. It also specifies how remote users can connect to the main organizational network and the requirements for each of their systems before they are allowed to connect. The remote access policy defines the method users can use to connect remotely such as VPN. It will specify when using the VPN, the VPN protocols used will be defined. Methods to deal with attacks should be considered in the design of the VPN system. 2.0 Purpose The purpose of this policy is to define standards for connecting to remote offices located in Atlanta, San Francisco, Chicago, and Dallas. These standards are designed to minimize the potential exposure to the remote offices from damages which may result from unauthorized use of resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc. 3.0 Approval Any remote access using VPN or any other remote access to the organizational network must be reviewed and approved by the appropriate supervisor. All employees by default will have account settings set to deny remote access. Only upon approval will the account settings be changed to allow remote access. 4.0 Remote Computer Requirements 1. An anti-virus product is required to be operating on the computer......

Words: 507 - Pages: 3

Security Plan

...ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.” (http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf) “In an organization, the value of confidentiality of information is especially high when it involves personal information about employees, customers, or patients. Individuals who deal with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business.” ((http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf.) This is a concept true in the Army there are two different levels of security clearances for everyone. There is the secret and the top secret each requires a vigorous investigation into a person’s past to make sure they should have the level of clearance they are requesting. If a person doesn’t have at least a secret clearance they are not allowed to access the SIPRnet, which is the Secret Internet Protocol Router Network. This network protocol holds all of the units secure data and can only be accessed by personnel with the proper clearance. Integrity “Information has integrity when it is whole, complete, and uncorrupted.” (http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf.) “The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other......

Words: 889 - Pages: 4

Security Plan

...Project Part 1 Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, IT is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in:  Atlanta, Georgia  Chicago, Illinois  Cincinnati, Ohio  Denver, Colorado  Los Angeles, California  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an outline. Your outline should indicate one or more general security solutions for each of the seven......

Words: 1246 - Pages: 5

Security Plan

...members. “In most countries, candidates for the police force must have completed some formal education. Many police forces around the world have now developed a program where selectees with university degrees spend two to three years as a Constable before receiving promotion to higher ranks, such as Sergeants or Inspectors” (Cole & Smith, 2004). Police officers are also recruited from those with experience in the military or security services. In the United States state laws determine qualification standards regarding age, education, criminal record, and training, however some requirements may be mandated by local police agencies. VCPD’s organization and management, although functional, lacks the structure and diversity needed to facilitate and grow as a police department. The organizational strategy for an effective police department operates in three areas. 1. Strategic—the organization's overriding philosophy 2. Tactical—that philosophy in action 3. Personal—the philosophy manifested in the behavior of each officer. The organizational plan gives the officer permission to do what they do best, resulting in their courage and confidence to act.VCPD’s management should have a systems approach, a process where “each organizational area works together to process information in a logical manner for rational decision making to achieve desired result" (Neocleous, 2004). According to Moore & Stephens, in order to support the systems approach, the police department......

Words: 1902 - Pages: 8

Enterprise Security Plan

...Enterprise Security Plan Enterprise Security Plan Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security. Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation. Within this ESP we have developed 3......

Words: 1749 - Pages: 7

Security and Maintenance Plan

...Central Arkansas Family Doctor’s PLLC Security and Maintenance Plan Overview Central Arkansas Family Doctor’s IT personnel will be trained for the management, planning, quality testing, so that future renovation and implementation of new hardware, software, network updates , network security methods, and practices to sustain a strong, compatible, and reliable network communication between all three of the medical facilities. Cost Regulatory cost for planning, installing, and designing , including employee training can be found within the Cost analysis and Training Plan. Security Central Arkansas Family Doctors Clinic will be responsible for securing the Central office, and management of security. Standard Operation/Business practices Backup of files and database storage will take place at the central office every 24 hours. The system will automatically reboot and backup files at 3am every morning. Configuration management, problem report management, customer support, lifecycle testing, risk identification, data sharing and risk mitigation will be will be handled by CAFD IT personnel, and network management. Roles and Responsibilities IT management at the Little Rock Central Office will be responsible for network maintenance, Security updates, help desk support, documentation training and security operations. CAFD clinic will rely on experienced network engineers, current and future IT staff as well as contract employee’s and interns. Office......

Words: 370 - Pages: 2

Security Plan

...Security plan The security plan is based on the fact that the institution is working on a stringent and anything expensive would be unfair and might seem unreasonable. The security plan is as a result of the increasing population at the institution. Its also facilitated by the fact that Physical plant intrusion eg burglary A watch tower should be raised above the MPSETC this will ensure that everything around the institution can be seen well. The street lighting should also be raised with the lighting focusing around the whole institution. Plant intrusion can most likely happen at night and that is why it is important to make sure that the education and training center is well lit and guarded at night. Mpsetc ought to employ more security officers to watch over this area from the proposed towers. Doing this will also be very cheap as it does not require any complex resources. Property damage interior and exterior eg vandalism and theft Personal security eg assault, personal property loss/damage The top priority of the Maryland Department of Public Safety and Correctional Services is to ensure the safety of our staff and the incarcerated offenders in our care. That we have been able to drive down department-wide serious assaults on our correctional officers by 60 percent since FY 2007 is evidence of that, as is the 53 percent drop in inmate serious assaults during that time. We've lowered total assaults on staff by 34 percent at North Branch Correctional Institution......

Words: 550 - Pages: 3

Security Plan

...Your Company Security Plan for Unclassified Data Version 1.3 March 20, 2012 Developed By: Your Committee Committee Your Company Important Disclaimer: The Aerospace Industries Association of America, Inc. (“AIA”) has no intellectual property or other interest in this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data. By developing this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data Plan and making it freely available to anyone, AIA assumes no responsibility for this Guideline’s content or use, and disclaims any potential liability associated therewith. Executive Overview From time to time an AIA member company may be requested to provide the DOD, a prime contractor or an industry partner an Information Technology Security Plan for unclassified data. This security plan could be required at the enterprise, program or application level depending on the unique requirements of the request. This request might be challenging for those members that have never been required to provide such a document. This “Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data” provides a template and guidance to assist member companies in the development of a security plan to meet their customers or partners needs. Please keep in mind that this document is provided as a guideline and not a mandatory standard. AII member companies are encouraged to use this guideline.......

Words: 2097 - Pages: 9

System Security Plan

...Name: Professor’s name: Course: Date: Introduction System security plan document describe all the possible system security control measures, their application status and how they are implemented. It can therefore facilitates the implementation of security processes by guiding the individual involved in this process. This document addresses the first version of system security plan (SSP) of automated banking system. The purpose of this report is to describe the controls that are in place or are in the plan, the expected behavior and the responsibilities of the individuals who uses or access the system. The document structures the planning process of implementing the security control procedures to provide adequate security and cost-effective security protection for the system. Management, operational and technical controls have been identified and discussed in details. The different family of system security controls are defined and discussed comprehensively how their implementation status and how they are implemented. DOCUMENT CHANGE CONTROL Version | Release Date | Summary of Changes | Addendum Number | Name | Version 1 | 22/4/2015 | | 1 | System security plan 1 | SYSTEM IDENTIFICATION Automated banking system is a company application system that has been categorized as a primary system according to FIPS......

Words: 1354 - Pages: 6

Industrial Security Plan

...Industrial Security Plan Lionel San Jose 05/04/15 SEC 330 Craig Barnhart Industrial Security Plan When people think about different organizations and businesses all they think about is profit and how well the organization or business is thriving but organizations and businesses see more than just profit, they have to deal with protecting this profit along with all other assets affiliated with them. Most people think that hiring security guards and putting up some cameras are enough to keep a place safe but there is much more to keeping assets safe. Organizations should have an industrial security plan in place which will help protect their assets and make their facility a safer working environment. There are a few requirements that need to be addressed in this industrial security plan such as the roles and responsibilities of safety and security officers, OSHA and EPA regulations, emergency response to manmade and natural disasters, and business continuity and recovery from disasters. Roles and Responsibilities Organizations need safety and security personnel within their organization if they want to be protected. There are many different kinds of hazards and risks that can harm any organization but with the help from safety and security personnel these risks and hazards can be minimized or even prevented. Safety and security personnel are not required for an organization to operate as long as the organizations are operating within regulations and it is up to......

Words: 1883 - Pages: 8

Multi-Level Security Plan

...Project Part 1: Multi-Layered Security Plan When creating a multi-layered security plan, I would look at all seven domains of the IT infrastructure and then increase the security on each of those domains because that will increase the security for the whole plan. In the user domain, this is the quickest way for the system to be compromised the users. So I would implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will also need to be changed every 90 days and the same password cannot be used again for three calendar years. In the workstation domain, I would make sure that each workstations, whether desktop or laptop has some security on it like antivirus and malware protection installed. Laptops can be very vulnerable for loss or theft, which would make me install an encrypted hard drive so if it is stolen the data can only be retrieved by the owner. For the LAN domain, just train all users about email scams. I would guess that most users know not to access suspicious emails when on our system but I would still implement to the users a quick training course. Then I we should add spam filters this will help get rid of most of the junk email. In the LAN-to-WAN domain, we need to shut down the File Transfer Protocol (FTP) server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server. In the WAN domain, we...

Words: 461 - Pages: 2

Security Plan

...The Security Plan The Floor Plan Name: Empire Purpose: Dance, Bar, VIP, Club Function: NightClub 13,000 Square feet, Two Story Building, 8 VIP Sections, Overlooking Balcony, Two Dance Floors, and Two Dance Cages, Front and Back Entrances. Our location is a prime for criminal behavior and we need to put an end to it. [www.empirelive.com] Threats, Risk Assessments and Counter Measures | | | | |THREAT |RISK |COUNTERMEASURE | | |Probability |Criticality |Total | | |Theft incl. Vehicles |5 |5 |10 |Security stationed outside monitoring| | | | | |activity. Plain clothed officers | | | | | |monitoring indoor and outdoor | | | | | |activity. | |Assault |9 |10 |19 |Plain clothed officers inside and out| | ...

Words: 1426 - Pages: 6

Security Plan

...Security Plan Your Name CJS 250 Axia University of Phoenix Background This security plan is for a hotel, equipped with a mini mart and service station. The location of this establishment is off Interstate 95 in Jacksonville, Florida. Jacksonville, Florida is a popular tourist city and home of the Jacksonville Jaguars football team in which makes this a very lucrative position for this company. The hotel has two floors dedicated to 32 guest rooms. There are 15 employees, who are employed for the service station. The hotel employees 4 housekeepers, 3 managers, 4 security officers 6 clerks and 2 maintenance personnel. The total employees included in this security plan are 34 employees. Security Layout The security features in place include security cameras that are strategically placed throughout the premises, two way mirrors, parking lot lighting, security officers, door censors, smoke detectors and fire extinguishers. The security office and its’ personnel will monitor all cameras and receive the censor warnings that are placed on the entrance doors, stairways, elevator, pool and playground area. Each hotel room is equipped with a smoke detector. Both room floors are monitored with a security camera and have a fire extinguisher and first aid kit strategically placed. The elevator is equipped with a camera, smoke detector, fire extinguisher, first aid kit and a sensor. General Information. This essay includes the floor plan design for the hotel/ store, a list of......

Words: 1439 - Pages: 6

Security Plan

...The Security Plan The name of my target environment is Western Cash Advance. Western Cash Advance is an establishment that issues individuals payday loans. A payday loan is when someone is issued a loan until their next payday and a personal check is used as collateral. There is cash on hand in this business on a daily basis because they only issue cash to their customers as well as except only cash for payments. This store is normally run by two people but on many occasions there is only one employee in the store at a time. The basic floor plan to this business is an office space in a small strip mall that consists of three stores. The size of the store is approximately 900 sq. feet. It is one room that has a sectional desk where customers are assisted and another desk in the back of the room. The lobby consists of one big round table and six chairs that are situated around the lobby. There is a door on the back wall that leads to a hallway. In the hallway there is a bathroom and two storage closets. This business has a very basic open floor plan. When it comes to the current security features it is very limited. When going by the three models in physical security, which is the dynamic D’s, lines of defense, and internal/external threat identification, this business definitely needs some improvement (Clifford, 2004). The only security features that this establishment contains are a security alarm system, one motion detector, and one panic button. The outer perimeter has......

Words: 937 - Pages: 4