Richman Investments

In: Computers and Technology

Submitted By Icey
Words 427
Pages 2
For Richman Investments the users are the biggest threats so I would give access keys in various levels and to various departments. With that being said I would set renewal of password anywhere from 28 days to 6 months apart depending on department and job in the company. Have basics such as firewall and full antivirus software as well as restricted upload and download abilities.

Administrators could have the option of layering security by enforcing the use of PIN numbers, hardware tokens, client certificates and other forms of secure authentication on top of AD or LDAP (Lightweight Directory Access Protocol). After implementation of several security policies, I would create a SSL(Secure Socket Layer) VPN ( Virtual Private Network) network, a form of VPN that can be used with a standard Web browser. In the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. SSL VPN doesn’t require specialized client software on the user computer.

For site to site we would just use VPN to secure the network data and encrypt it for security measure. An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs. SSL Portal VPN is a type of SSL VPN allows for a single SSL connection to a Web site so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies the user to the gateway by using an authentication method supported by the…...

Similar Documents

Richman Investments

...Acceptable Use Policy (AUP) Greetings RI Security Officer, Richman Investments expresses the acceptable and unacceptable use of the Internet and e-mail access. The following report will address the “Acceptable Use Policy” (AUP) standard at Richman Investments. All users of Richman Investments agree to and must comply with this Acceptable Use Policy (AUP). Richman Investments does not control or review the content of any Web site. However, Richman Investments may block or remove any materials that, in Richman Investments sole discretion, may be illegal, or which may violate this AUP. Richman Investments may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong. Violation of this AUP may result in the suspension or termination of either access to the Services and/or Richman Investments account or other actions as deemed appropriate. User Responsibilities: These guidelines are intended to help you make the best use of the Internet resources at your disposal. You should understand the following. 1. Richman Investments provides Internet access to staff to assist them in carrying out their duties for the Company. It is envisaged that it will be used to lookup details about suppliers, products, to access client information and other statutory information. It should not be used for personal reasons. 2. You may only access the Internet by using the Richman Investments content scanning software, firewall and......

Words: 621 - Pages: 3

Richman Investment Sscp

...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff.   Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments.     Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for......

Words: 308 - Pages: 2

Richman Investment

...Richman Investments To: Senior Manager Mr. Hagood Hello, I was asked to draft a brief report concerning the (IT infrastructure domain). The purpose of the report is to describe the “Internal Use Only “ data classification standards set by the company the information obtained in the report consist of a study done on all seven layers of the IT infrastructure. At the conclusion of this study I will establish that three of the seven layers of the IT infrastructure that are affected by the “Internal Use Only “data standards and how affect domain and their security. The User Domain. This defines the people who access the organization’s information. Personal information is created in this domain that is obtained for internal use only. The Work Station Domain (WSD). This is where most users connect to the IT Infrastructure. It can be any device that connects to network. This layer requires a login and password authentication before access is allowed to view information. The LAN-to-WAN Domain. This is where the IT infrastructure links to a wide area network and the Internet. A firewall control prevents and monitors incoming and outgoing network access. The TCP and UDP are compromised due the fact these are entry and exit point to the wide area network and making private information easily accessible to anyone. I have determined the layers discussed in this brief report explains the affects that “Internal Use Only” data standards has on the IT Infrastructure......

Words: 270 - Pages: 2

Richman Investments Security Outline

...Richman Investments Security Outline Welcome to Richman Investments (RI) where we strive to bring you the most secure, reliable, and available resources that we can offer. We know that work needs to be done and that most of you aren’t aware of the security procedures taking place behind the scenes. We have devised a summary of the seven domains of the company and its security model. Please take the time to read this over and understand the implications of not following company guidelines, procedures, and policies. The user domain contains the users and/or employees that will be accessing resources within the organizations information system. A user can access systems, applications and data within the rights and privileges defined by the AUP (acceptable use policy). The AUP must be followed or the user may be dismissed or have their contracts terminated. With the user domain being one of the most vulnerable aspects of any organization, there are a wide variety of user related threats ranging from lack of awareness to blackmail and extortion. Employees are responsible for their own actions when using company assets and the HR department will be doing background checks on all employees within the company to ensure integrity within the workforce. Enforcement of the user level domain will include the use of RFID badges and pins for all areas of the facility and rooms that require special access. The workstation domain is where most users connect to the organizations......

Words: 1016 - Pages: 5

Richman Investments

...Richman Investments Acceptable Internet Use Policy Richman Investments Acceptable Internet Use Policy Use of the Internet by employees of Richman Investments is permitted and encouraged where such use supports the goals and objectives of the business. However, Richman Investments has a policy for the use of the Internet whereby employees must ensure that they: • comply with current legislation • use the Internet in an acceptable way • do not create unnecessary business risk to the company by their misuse of the Internet Unacceptable behaviour In particular the following is deemed unacceptable use or behaviour by employees: • visiting Internet sites that contain obscene, hateful, pornographic or otherwise illegal material • using the computer to perpetrate any form of fraud, or software, film or music piracy • using the Internet to send offensive or harassing material to other users • downloading commercial software or any copyrighted materials belonging to third parties, unless this download is covered or permitted under a commercial agreement or other such licence • hacking into unauthorized areas • publishing defamatory and/or knowingly false material about Richman Investments, your colleagues and/or our customers on social networking sites, ‘blogs’ (online journals), ‘wikis’ and any online publishing format • revealing confidential information about Richman Investments in a personal online posting, upload or transmission - including financial......

Words: 287 - Pages: 2

Richman Investments

...Richman Investments "Internal Use Only" Data Classification Standard The "Internal Use Only" data classification standard at Richman Investments will include the most basic IT infrastructure domains to include the User Domain, Workstation Domain, and the LAN Domain. This will encompass all users and their workstations, as well their access to the internet and company server databases and any information in between. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data shall he or she have access to it. As well as with company users, any outside contractor or third-party representatives shall also need to agree and comply with the AUP. All users must be properly identified and sign this AUP prior to gaining any access whatsoever to the company network. No exceptions. Any violation will be taken up with company executives and/or the authorities to assess further punitive action. The Workstation Domain includes all workstations approved on the company network. No personal devices or removable media may be used on this network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to be first verified, then setup with an account to be logged in with a username and pass code adhering to the IT departments set standards. All systems will undergo regular updates and be provided with anti-virus and anti-malware software for system......

Words: 423 - Pages: 2

Richman Investments

...Richman Investments Internal Use Only The Internal Use Only data classification standard at Richman Investments is in place to protect the personal and account information of our clients and our work force. Our data classification standard will include the User Domain, Workstation Domain, and the LAN Domain. This will cover all personnel and their workstations, all the physical components, as well access to the internet and company databases and any information in between. The User Domain which defines what information an employee can access. The User Domain will enforce an acceptable use policy (AUP) .Our AUP will define how the internal use data is used by each employee. All personnel gaining access to the company data base must read and sign the AUP policy and strictly adhere to Richman Investments acceptable use policy. This includes any contractor or third-party representatives. All users must sign this AUP prior to gaining any access to the company network. Any unauthorized use or breach of this policy in any manner can be cause for punitive action or dismissal. The Workstation Domain includes all workstations and media devices approved for use on the company network. No personal devices or removable media may be used on Richman Investments network. All devices and removable media will be issued by the company for official use only. To access any workstation, a user will need to have an account created to access the company network. All users will then be able to......

Words: 461 - Pages: 2

Richman Investment Report

...Richman Investment To: Senior Manager From: Intern Dillan Hillyard I was asked to write a report concerning the IT infrastructure of the company. The purpose of the report is to describe the “Internal use only” data classification standards set by the company. I have been told to identify at least three IT infrastructure domains affected by the company’s standards and how they are affected. All of these domains are affected User domain, work station domain, LAN domain, LAN to WAN domain, WAN domain, Remote Access domain, Systems applications domain however I will expand on three. The user domain is just one layer of the IT infrastructure that the “use only” standard affected. It’s the first layer and also the weakest link in the infrastructure. Personal information is created in this domain that is obtained for internal use only. The Work station domain is the second layer of the infrastructure that the “use only” standard affects. The WSD is where users first access the systems, applications, and data. This layer requires a login and password authentication before access is allowed to view information. The LAN-to-WAN domain is the third layer of the infrastructure that is affected by the “use only” standard because the TCP and UDP are compromised due the fact these are entry and exit point to the wide area network and making private information easily accessible to anyone. I have found that these IT infrastructure domains are affected by our policies. Hopefully......

Words: 270 - Pages: 2

Data Classification Standard of Richman Investment

...1. Abstract This is a report that describes the “Internal Use only” data classification standard of Richman investment. This report addresses three Infrastructure domains that are affected by the standard and how they are affected. 2. Contents Table of Contents 1. Abstract 1 2. Contents 1 Table of Contents 1 Table of Figures 1 3. IT Infrastructure Domains Affected by the “Internal Use Only” Data Classification Standard 2 User Domain 1 Workstation Domain 2 LAN Workstation 2 Table of Figures 3. IT Infrastructure Domains Affected by the “Internal Use Only” Data Classification Standard 1. User Domain: This Domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. Violation of the AUP can be grounds for immediate dismissal and/or legal actions. 2. Workstation Domain: The Workstation domain is the second layer of the infrastructure that “Internal use only” standard affects. The Workstation Domain is where users first access the systems, applications,......

Words: 511 - Pages: 3

Richman Investments Outline

...1. User Domain a. The usage of security awareness training to instruct employees of Richman Investments security policies b. Auditing the activity of the users 2. Workstation Domain a. Implement the usage of antivirus and anti malware programs on each user computer b. Strict access privileges to corporate data c. Deactivate all media ports unless it’s a necessity for business 3. LAN Domain a. Utilize network switches b. WPA 2 encryption on all wireless access points c. Secure server rooms from unauthorized access 4. LAN to WAN Domain a. Close off unused ports via a firewall to reduce the chance of unwanted network access b. Monitor all inbound IP traffic, specifically look for inbound transmissions that show signs of malicious intent c. Run all networking hardware with up to date patches, security, and operating systems 5. WAN Domain a. Enforce encryption, and VPN tunneling for remote connections b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks c. Enforce anti-virus scanning of email attachments d. Isolate found malicious software (Worms, Trojans, etc.) when found e. Deployment of redundant internet connections to maximize availability 6. Remote Access Domain a. Enforce strict user password policies, as well as lockout policies to defend against brute force attacks b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost or stolen...

Words: 291 - Pages: 2

Richman Investments

...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for......

Words: 1029 - Pages: 5

Richman Investments

...research and compare AUPs enforced by other organizations.  You will learn how to compose a portion of an AUP for an organization. Assignment Requirements You are a networking intern at Richman Investments. An employee of the company used employer-owned equipment to access the Internet and check his personal Web-based e-mail account. He followed a link in a spam e-mail, downloaded games to his hard disk, and inadvertently infected the computer with malware, which spread to the network server. The security officer at Richman has asked you to research and to define “the acceptable use of Richman assets regarding Internet and e-mail access,” including the actions that are prohibited. . Then, the employees must be restricted from using the Internet at work for personal use, other than to occasionally check Web-based personal e-mail accounts. Personal downloads must be strictly prohibited. Your definition will become part of the overall AUP. For this assignment:  Research acceptable use policies on the Internet. Find the actual policies of real companies.  Compare the portions that address Internet and e-mail access of at least three different companies.  Create an AUP definition for Richman Investments that defines the acceptable and unacceptable use of Internet and e-mail access at Richman. Required Resources  Internet Submission Requirements  Format: Microsoft Word  Font: Arial, Size 12, Double-Space  Citation Style: Chicago Manual of Style  Length: 1–2......

Words: 292 - Pages: 2

Richman Investments

...Richman Investments Introduction to Computer Security Richman Investments Hello, my name is Max and I’m here today to give you a brief on Richman Investments “Internal Use Only” data clarification standards. I will cover what this means to the company and to you. I will also cover three different information technology infrastructure domains that we use and how these are affected by the “Internal Use Only” standard. This also applies to you the end user working here at Richman Investments. This is a vital brief to safeguard and keep all of our client’s information safeguarded from all outside sources. So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization and it is intended to never go outside of this organization. If it does, it could cause many clients’ personal information to be used by other people. The bottom line is that you are responsible to safe guard all “Internal Use Only” information by following some simple security controls that I will now go over with you (Kim & Soloman, 2012). The weakest link in......

Words: 940 - Pages: 4

Richman Investments Part 1

...Richman Investments Multi-Layered Security Plan By Elssie Farnes Objective To outline an implementation plan for security strategies over all levels of the IT Infrastructure 1) User Domain a) Personal user log in procedures will be enforced, e.g. password log in b) User activities will be monitored c) Richman Investments will deploy a Security Awareness Program to educate its employees on proper usage and all company security policies 2) Workstation Domain d) Media Ports will be disabled unless explicitly authorized. e) Access to corporate data will be managed with strict permissions f) All workstations will have Antivirus and Antimalware programs installed and kept updated 3) LAN Domain g) Network switches will be used h) Access to server rooms will be secured to authorized personnel only i) Wireless Access Points will be secured with WPA2 encryption 4) LAN to WAN Domain j) All networking equipment will be up to date, as will all operating systems k) Monitor all inbound traffic for possible malicious intent l) Unused ports should be closed off with a firewall to reduce the chance of unwanted access 5) WAN Domain m) Remote connections will have encryption and VPN tunneling enforced n) Routers and firewalls will be configured to block ping requests to reduce the risk on DoS attacks o) Scanning of email attachments for viruses will be enforced ...

Words: 340 - Pages: 2

Richman Investments

...Here is an outline of the general security solutions plan for the data and safety information for Richman Investments. This plan can be presented to senior management who needs this report for the month. This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and......

Words: 479 - Pages: 2

Create new account | 6.9 /10 0 542 Born To Be Blue (2016) | S01E09 - Luck, Next Time