This website uses cookies to ensure you have the best experience. Learn more

Security Policy Outline

604 words - 3 pages

Richman Investments – Multi-layered Security Solutions Outline

In today’s technological landscape, securing information is a high priority. There are many ways that a company’s assets can be compromised. In order to maintain a high level of confidence in the safety of information, actions to secure each domain in the network structure shall be implemented and observed. The following outline shows the strategies taken to mitigate risks, threats and vulnerabilities. This outline is subject to change at any time if the situation arises that new risks and threats are revealed. This outline will be subjected to monthly auditing to ensure the highest level of security.
The layers of security that will be covered are as follows:
1. User Domain
2. Workstation Domain
3. LAN (Local Area Network) Domain
4. LAN-to-WAN (Wide Area Network) Domain
5. WAN Domain (Internet and Connectivity)
6. Remote Access Domain
7. System/Application Domain
...view middle of the document...

b) Enable second-level identity checks for access to sensitive systems and programs
c) Define a strict software vulnerability policy requiring quick software patching
d) Require network keys for Wireless LAN access
4. LAN-to-WAN Domain
a) Disable pinging and port scanning for all external devices within the domain.
b) Apply strict security monitoring controls for intrusion detection and prevention
c) Secure ports by using virtual and/or physical firewalls
d) Define strict zero-day vulnerability policies to ensure security fixes and software patches are updated right away
e) Apply file transfer monitoring to identify unknown file types
f) Apply e-mail server and attachment antivirus
g) Conduct post configuration penetration tests to examine if there are any vulnerabilities
5. WAN Domain
a) Apply AUP in accordance to RFC 1087
b) Prohibit the use of social media and private communications that are not related to company business
c) Apply use of VPN tunnels for end-to-end encrypted communication
d) Scan all e-mails and attachments for malicious software

6. Remote Access Domain
a) Require proper anti-virus scanning software to be enabled for end users using Remote Access to the network
b) Require password authentication for VPN access to the network. Password should not be stored onto the machine being used
c) Apply automatic blocking for multiple logon retries
d) Apply first and second level authentication tokens
e) Require all data to be encrypted
f) Apply real-time lockout procedures if end user reports that equipment has been lost or stolen. This also applies if token or authentication is also stolen.
7. System/Application Domain
a) When designing and developing software, apply secure Software Development Life Cycle (SDLC) tactics
b) Keep physical and logical virtual environments separate
c) Prepare and periodically review a Disaster Recovery Plan (DRP) to ensure proper recovery of mission-critical applications and data
d) Require proper authentication tokens for access
e) Implement offsite storage of data backups
f) Conduct rigorous software and Web-application testing
g) Schedule and perform critical server maintenance

Other Essays Like Security Policy Outline

It Asset Inventory List Essay

1228 words - 5 pages monitor any illicit activity is also a recommendation. Security guards that work 24 hours a day (rotating personnel of course) would be another recommendation. Also, an acceptable use policy should be in place for everyone at the school to outline what the internet and school systems can be used for and what they cannot be used for. The students have their own laptops but that doesn’t mean they can just run rampant on the schools ISP addresses and

IT 244 Final Assignment

5026 words - 21 pages appropriateness of the backup system. If the backup system does not work, SMM can take the necessary precautions in a situation hopefully less painful than a true disaster. Again, this is a helpful test to include in SMM's DRP. 4. Physical Security Policy Due in Week Five: Outline the Physical Security Policy. Merkow and Breithaupt (2006) state, “an often overlooked connection between physical systems (computer hardware) and logical systems (the

Health Body

1154 words - 5 pages federal government. The Office of Grants and Giveaways achieves the process of medical funding circulation using Microsoft Access database system that is normally referred to as the Small Hospital Tracking Systems (SHGTS). A risk assessment of a small hospital tracking system was carried out to investigate susceptibilities and ascertain the standard of possible risks. This white paper will present an outline of an Information Security Management System

Mcbride Financial Website Security Plan

1074 words - 5 pages permission levels. They should also include password restrictions. Procedures for removable devices or explain why these devices are banned. Acceptable internet usage and remote access procedures. The policy must also cover what users should do in the event of a security breach or threat and outline employee security training. Detection Detection and monitoring are important to catch attacks that do get through the other defenses. McBride will

Week 2 Bsa/310

784 words - 4 pages that is collected from customers that will ensure it is protected from theft. Additionally, if information will be sold to other organizations, careful consideration must be made as to who, how much will be provided, and whether adjustments need to be made to the existing privacy policy. Another security concern is related to collecting the name, phone number, address, and home income of a customer for the frequent shopper program and how it is

Project Part 1 Nt2580

1207 words - 5 pages Multi-Layered Security Plan The general IT Infrastructure has seven layers: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and the System/Application Domain. All of the different layers are different aspects of your network that need to be protected against malicious attacks and vulnerabilities. In the following I have highlighted each domain and my best suggestions for security solutions

Position Paper Summary

4036 words - 17 pages use information and communication technologies to create more threats and an Internet global management mechanism should be established at once. (1) Russia passed the ‘Russian Federal Information Security Theory’ on June, 2000. (2) Announced ‘2002—2010 Russian Information development goals outline’. (3) Released the provisions of the federal office automation system must use the Russian smart card. (4) Further clarified the priority

Comprehenive Analysis Outline

660 words - 3 pages Comprehensive Analysis Outline Team A: Jaime Borgarin, Julian Contreras, Ibeth Sanchez MGT/448 Global Buisness Strategies May 11, 2012 Professor Quinton Murphy I. Region Analysis A. Regional Alliances and Economic Integration 1. NAFTA 2. United States B. Physical Environment and its Affect on Trade 1. Close Proximity to the U.S. 2. Access

Monetary Poliocy

1105 words - 5 pages Monetary Policies Daniel Batt University of Phoenix, Harrisburg Monetary policies dictate how the government disperses money in the economy. In this paper I will discuss how money has a purpose and function in an economy. Next, I will discuss how a central bank manages a nation’s monetary system. I will outline the United States most recent monetary policy and its intended direction and give an example of one policy action that the

Department of Defense (Dod) Ready

2319 words - 10 pages Department of Defense (DoD) Ready The task is establish security policies for my firm of approximately 390 employees and make them Department of Defense (DoD) compliant. To achieve this goal, a list of compliance laws must be compiled to make sure we me the standard. I will outline the controls placed on the computing devices that are being utilized by company employees. I will develop a plan for implementation of the new security policy

Linux Security

3426 words - 14 pages Securing Linux Platforms and Applications Project Project Part 1 Task 1: Outline Security Policy This security policy is essential to the First World Bank Savings and Loan. It is used to break up the security plan not measurable, specific, and testable goals and objectives. This security policy would be used to provide all current and prospective customers online banking services while keeping the First World Saing bank competitive in the

Related Papers

Security Plan Essay

1260 words - 6 pages received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the organization. You are told that every month, the networking division needs to submit a report to the senior management about the security plan for the month, and this time, your outline will become a part of that report. Therefore, you need to research the elements

Chapter 5 Principles Of Information Security

3378 words - 14 pages ITS Chapter 5 Review Questions 1. How can a security framework assist in the design and implementation of a security infrastructure? Answer: Security framework is the overall plan for information security measures. It is a general outline that can easily be altered to an organization security needs. Elements that can protect the infrastructure should be included such as; a security perimeter, which protects the internal systems from

Project Part 2 Essay

1474 words - 6 pages * Chicago, Illinois * Cincinnati, Ohio * Denver, Colorado * Los Angeles, California * Montreal, Canada * New York City, New York * Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the

Computers And Technology Essay

1474 words - 6 pages * Chicago, Illinois * Cincinnati, Ohio * Denver, Colorado * Los Angeles, California * Montreal, Canada * New York City, New York * Washington, D.C. Tasks You are a networking intern at Richman Investments. This morning, you received an e-mail from your supervisor stating that you need to create an outline of the general security solutions planned for the safety of data and information that belongs to the