Hello everyone at Richman investments, I was s asked to write a brief report that describes the "internal use only" data classification standard of Richman investments.
I will list a few of the IT infrastructure domains that are affected by the standard and how they are affecting the domain and their security here at Richman investments. * User domain The user domain defines the people who access an organizations information system. In the user domain you will find an acceptable use policy (AUP).An AUP defines what a user can and cannot do with organization-owned IT assets. It is like a rulebook that the employees must follow.
Failure to follow these rules can be grounds for termination. The user domain is the weakest link in an IT infrastructure. Anybody who is responsible for computer security understand what motivates someone to compromise an organization system, application, or data. Now I am going to list risk and threats commonly found in the user domain and plans you can use to prevent them.
Lack of user awareness - solution - conduct security awareness training, display security awareness posters, insert reminders in banner greeting, and send email reminders to employees. Security policy violation- solution - place employee on probation, review AUP and employee Manuel, discuss during performance review. Employee blackmail or extortion- solution - track and monitor abnormal employee behavior and use of IT infrastructure during off hours. Alarms and alerts programmed within an IDS/IPS help identify abnormal traffic and can block IP traffic as per policy definition.Workstation domain The workstation domain is where most users connect to the IT infrastructure. The workstation can be a desktop computer, laptop computer, or any other devise that connects to a network.
The staff should have the access necessary to be productive. Tasks include configuring hardware. Hardening systems and verifying antivirus files. Hardening a system is the process of ensuring that controls are in place to handle any known threats.
The workstation domain requires tight security and access controls.This is where users first access systems, applications and data. The workstation domain requires a logon ID and password for access. Now I will list risks, threats and vulnerabilities commonly found in the workstation domain, along ways to protect against them. Unauthorized accesses to workstation- (solution) enable password protection on workstations for access.
Enable auto screen lockout for inactive times. Viruses, malicious code, or malware infects a user's workstation or laptop.User downloads photos, music, or videos via the internet-(solution) use content filtering and antivirus scanning at internet entry and exit. Enable workstation auto-scans for all new files and automatic file quarantine for unknown types. User inserts compact or universal serial bus thumb drive into organization computer- (solution) deactivate all cd, DVD, and usb ports. Enable automatic antivirus scans for inserted CDs, DVDs, and USB thumb drives that have files.
The third and final infrastructure I will talk about is the LAN domain. LAN Domain Local area network (LAN) is a collection of computers connected to one another or to a common connection medium. It needs strong security and access controls. Its can access company-wide systems, applications, and data from the LAN domain.
The LAN support group is in charge of the LAN Domain. I am now going to list risks, threats and vulnerabilities commonly found in the LAN domain with appropriate risk reducing strategies. Unauthorized access to LAN- solution - make sure wiring closets, data centers, and computer rooms are secure.Unauthorized access to systems application and data- solution - define strict access control policies, standards, procedures and guidelines. LAN server operating system software vulnerabilities- solution- define server/desktop/laptop vulnerability windows policies, standards, procedures and guidelines. The layers discussed in this report explain the affects that internal use only data standard has on the IT infrastructure.
I think priority should be taken in these areas and should be carefully monitored to maintain the AUP set in place by Richman Investments.