Project Security

In: Computers and Technology

Submitted By dianna51
Words 338
Pages 2
Project Part 1: Multi-Layered Security Plan when developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. In the workstation domain, we need to make sure that each of the workstations, whether desktop or laptop, has antivirus and malware protection installed on them. Laptops are very vulnerable for loss or theft, so all company laptops should have an encrypted hard drive so that if they are stolen, the data contained on them is not recovered by anyone but the owner. For the LAN domain, we need to have training about email scams. Most users know not to access suspicious emails when on our system but a quick training course will help. Also, adding spam filters will help gets rid of most of the junk email, so there is much less risk of employees opening emails containing malware. In the LAN-to-WAN domain, we need to shut down the FTP server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server. In the WAN domain, we need to make sure that we have firewalls set up on our network to filter all incoming traffic. A firewall will stop all traffic coming on to our system that is not meant or not wanted on the Richman Investments…...

Similar Documents

Project Part 1 Multi-Layered Security Plan

...Project Part 1 Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, IT is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in:  Atlanta, Georgia  Chicago, Illinois  Cincinnati, Ohio  Denver, Colorado  Los Angeles, California  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an outline. Your outline should indicate one or more general security solutions for each of the seven......

Words: 347 - Pages: 2

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines. The information gathered helped the advisory group to understand where further attention, resource, and best......

Words: 280 - Pages: 2

Project Part 1: Multi-Layered Security Plan

...Project Part 1: Multi-Layered Security Plan Introduction The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect national security and business information. Therefore, information technology (IT) is in great need of proper security controls. Scenario Richman Investments is a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona. Currently, there are eight branch offices in:  Atlanta, Georgia  Chicago, Illinois  Cincinnati, Ohio  Denver, Colorado  Los Angeles, California  Montreal, Canada  New York City, New York  Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements of a multi-layered security plan and to create an outline. Your outline should indicate one or more general security solutions......

Words: 349 - Pages: 2

Firewall Security Project

...Allen & Bose Insurance Services Firewall Security Project Business Requirement and proposed Solution Report CIS 343 July 10, 2013 Dr. Table of Contents Executive Summary 3 Introduction/Background and History 4 Issues faced and specific needs to be solved by installing upgrades 5 Projects Assumptions and Constraints 7 Business Requirement ….………………………..………………………………………..8 Definition of Terms ….……………………………..……………………………………..9 Project Scope...……………………………………..……………………………………10 References…………………………………………..……………………………………13 Executive Summary The objective of this paper is to educate both the senior management of Allen & Bose Insurance Inc. on the network security threats that exist with our current network design. The enclosed report presents an analysis on Allen & Bose Insurance Services current security posture and highlights the issues we have face over the past year as well as industry best practices and recommended updates we should make to our network security design that will protect the organization from the myriad of security threats that are out there. Introduction/Background and History Allen & Bose Insurance Services has become a dynamic and intricate player in the automotive and home insurance market. The company has grown from 25 employees in one office to over 225 employees in 3 offices. In the early days the computer systems that were used were on a close network of networked......

Words: 1848 - Pages: 8

Security Domains and Strategies Project

...User Domain: The first layer of security in a multi-layer security plan. It’s also the weakest in the IT Infrastructure. Certain protocols and procedures need to be followed. • Implement and Conduct Security Awareness Training. • Implement Acceptable Use Policy (AUP). • Monitor employee behaviors. • Restrict access to users to certain programs and areas. Workstation Domain: The second layer of security in a MLS plan. This is where most users connect via Workstation computers, PDA’s, Laptops and smartphones. • Admins create a strong password policy, by making a minimum amount of characters with capitalization and numbers • Enable Up to date anti-virus programs. • Implement a mandated Employee Security Awareness Training. • Limit access to company approved devices only. • Disable CD drives and USB ports. LAN Domain: The third layer of security in the MLS plan. This is the collection of computers in an area to one another or to a common connection medium. To prevent the unauthorized access, recommend implementing the following: • Physically secure the wiring closets and data centers. • Implement encryption procedures. • Implement strict access policies and second-level authentication. • Implement WLAN network keys that require a password for wireless access. • Implement LAN server and configuration standards, procedures, and guidelines. LAN-to-WAN Domain: The fourth layer in the MLS plan. This is where the IT infrastructure is linked to a wide area network and......

Words: 574 - Pages: 3

Project Part 2 It Security

...one of the three information security properties which are Confidentiality, Integrity, and Availability. Confidentiality is affected if the malicious software is successful at disclosing private information. Integrity is compromised if the malware can modify database records either immediately or over a period of time. Availability is affected if malware can erase or overwrite files or inflict considerable damage to storage media. SSCP® Domain Affected Malicious Code and Activity This domain examines the types of Malicious Code and Activities that can threaten the confidentiality, integrity, and availability of a system or information. The SSCP is expected to be familiar with the various types of Malicious Code and know how to implement effective countermeasures to prevent malicious code from operating. The SSCP should also know how to detect, respond and recover from malicious activity on a system whether perpetrated by an internal or external entity and take steps to mitigate the risk of malicious activity. Controls to Protect Against Malicious Code Typical controls to protect against malicious code use technology, policies and procedures, and training, all applied in a layered manner from perimeters inward to hosts and data. The controls are of the preventative and detective/corrective variety. Controls are applied at the host, network, and user levels: Host Level * Host hardening, including patch application and security-minded configurations of......

Words: 953 - Pages: 4

Information Security Project

...Information Security Project This assignment is designed to help you understand how an incident response plan is put into place. In an IT environment, it is typical for multiple members of the IT Department to be part of the planning and response efforts for many security incidents. Because of this, it will be helpful that you understand how the process works. Please be sure that your response to the incident make sense and are developed by your own research on how to respond to the incident. Details on what should be included in the Incident Response Plan are below. For the deliverable, use Calibri font, Size 14. This should be in your own words. Plagiarism goes against school policy and will result in a zero for the assignment. Please note that this is 21% of your grade for the class; take the time to be detailed and I expect questions from you about it. After all, this project is all about you learning how the process works. Phase 1: Week 5 Step 1: Choose an incident type to create a response plan with. I’ve supplied a list for you below. Step 2: Find supporting materials on how to respond to the incident. You should be able to use a common search engine and find this. Phase 2 Step 3: Develop a summary of the incident that occurred; recommended 1-2 paragraphs; can be brief. If you can find an incident online that matches your project choice, you can use this summary. Make up a business name of the company that you work for. The sky is the limit in......

Words: 625 - Pages: 3

Nt2580 Project 1 Multi Layered Security Plan

...Nt2580 Project 1 Multi Layered Security Plan Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. Project Part 1 Multi Layered Security Plan Richman Investments 1) General This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b....

Words: 489 - Pages: 2

Project on Security Selection and Portfolio Construction

...------------------------------------------------- 1.0 Introduction Investment In finance, investment is putting money into an asset with the expectation of capital appreciation, dividends, and/or interest earnings. This may or may not be backed by research and analysis. Most or all forms of investment involve some form of risk, such as investment in equities, property, and even fixed interest securities which are subject, among other things, to inflation risk. It is indispensable for project investors to identify and manage the risks related to the investment. Investment Management Investment management is the professional asset management of various securities (shares, bonds and other securities) and other assets (e.g., real estate) in order to meet specified investment goals for the benefit of the investors. Investors may be institutions (insurance companies, pension funds, corporations, charities, educational establishments etc.) or private investors (both directly via investment contracts and more commonly via collective investment schemes e.g. mutual funds or exchange-traded funds). The term asset management is often used to refer to the investment management of collective investments, while the more generic fund management may refer to all forms of institutional investment as well as investment management for private investors. Investment managers who specialize in advisory or discretionary management on behalf of (normally wealthy) private investors may often......

Words: 4274 - Pages: 18

Fundameental of Security Project Part 1

...Franklin Delarosa | Fundamentals of Information Systems Security | Project Part 1 | 4/3/2014 | ISP - Internet service provider Short for Internet Service Provider, it refers to a company that provides Internet services, including personal and business access to the Internet. For a monthly fee, the service provider usually provides a software package, username, password and access phone number. Equipped with a modem, you can then log on to the Internet and browse the World Wide Web and USENET, and send and receive e-mail. For broadband access you typically receive the broadband modem hardware or pay a monthly fee for this equipment that is added to your ISP account billing. In addition to serving individuals, ISPs also serve large companies, providing a direct connection from the company's networks to the Internet. ISPs themselves are connected to one another through Network Access Points (NAPs). ISPs may also be called IAPs (Internet Access Providers). WAN - wide area network A computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet. Reference Internet service provider. (2014, March 4). Wikipedia. Retrieved April 3, 2014, from......

Words: 257 - Pages: 2

Hhomeland Security Exercise and Evaluation Project

...Introduction & Background Daytona State College Campus Safety team is a licensed security company that provides professional security services to the college. DSCCS team is based in Daytona Beach, FL. It has been serving the collage for the past five years. Our staff includes professionally trained and experienced personnel who are capable to address all types of cell phone bomb threat. Our team of professional provide Daytona State College with a discussion based exercise; a seminar/orientation covering preparedness for a possible cell phone bomb threat scenario. This exercise was developed solely for Daytona State College- Daytona Beach College. The information contained in this report shall be considered sensitive but unclassified (SBU) as weighted by the Homeland Security Act and regulations issued by the Department of Homeland Security. It is intended for the use by Daytona State College development of Emergency Preparedness Planning. Interview Orientation An overview or introduction- the purpose is to familiarize participants with roles, plans, procedures, and/or equipment. It can also be used to resolve questions of coordination and assignment of responsibilities. Orientations are led by a facilitator, who presents information and guides discussion. For this seminar to be effective and efficient the security department comes up with several reasons as to why security measures should be adhered to in the institution and this was informed to all members of...

Words: 4022 - Pages: 17

Final Project. Network Security

...business, internal and external threats are also evolving to counter the security protocols you have in place. You will need to update and change with the times. By securing your network with software, appropriate adjustments to strengthen them and equipment is called is called "network hardening." True hardening must be done on the inside as well as the outside. Remember, many attacks occur internally so equal consideration must be given to that possibility. At the heart of the network hardening concept is the need to be consistent in evaluating your network layout and configuration. Consistency also implies staying ahead of the curve so to speak. Ensuring that you're never in a position where you're struggling to keep up with current security trends or technologies. Security threats thrive on exploiting the vulnerabilities of environments with out-of-date hardware, software, and security protocols. The proper evaluation of your current network requires detailed research and a sense of urgency. You must be purpose-driven and methodical as you determine which components and/or practices need to be "hardened." It would not be cost effective to use a shotgun approach and upgrade everything at once. This approach would not only be inefficient but extremely risky as proper testing is essential before you implement new components or practices into your environment. A botched upgrade could actually weaken security rather than harden it. Don't be hasty and skip the testing phase!......

Words: 401 - Pages: 2

Project Deliverable 5 Infrastructure and Security

...Project Deliverable 5: Infrastructure and Security This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted.......

Words: 724 - Pages: 3

Security Project

...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN Contents Course........................................................................................................ Error! Bookmark not defined. Introduction ............................................................................................................................................ 3 Abstract .................................................................................................................................................. 4 Company Background.............................................................................................................................. 4 Software Weaknesses and Recommendations......................................................................................... 5 Hardware Weaknesses and Recommendations........................................................................................ 6 Network Security flaws and Recommendations ....................................................................................... 7 REFERENCES:........................................................................................................................................... 7 Introduction A company that deals with making web site and web business solutions is known as Quality web design. The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are......

Words: 1406 - Pages: 6

Project Part 1: Current Security Threats

...IS4560 Week 4 Project Part 1: Current Security Threats The three top security threats I have chosen for Aim Higher College are malware, exploit vulnerabilities, and social networking. Malware in another term that means malicious software. It is used to infiltrate and damage computers without the user’s permission. Some examples of malware are viruses, spyware, worms, Trojans, and rootkits. This is a top security threat because a computer can easily get infected. While students or staff members use the schools computers, they can download music or pictures, and a virus can be attached to those and the computer will get infected right away. Another security threat is exploit vulnerabilities. An exploit is an attack on a computer system, and this exploit will take advantage of vulnerabilities that exist on a system. This is why vulnerabilities need to be mitigated and taken care of right away. If not, attackers will always find a way to get on a system and steal data and personal information. This will affect students because there personal information but be out there to the public without their knowledge. The third threat that I believe is a main concern for this college is social networking. Nowadays everyone uses social networking such as Facebook, Twitter, and etc. The scams on Facebook include cross-site scripting, clickjacking, survey scams, and identity theft. Cross-site scripting is when the site tricks you to go to another webpage and this has hidden malware......

Words: 326 - Pages: 2