Project Part 1

Only available on StudyMode
  • Download(s) : 42
  • Published : March 8, 2013
Open Document
Text Preview
Project Part 1
Multilayered Security Plan for Richman Investments
As we enter a new age of computers and the use of the internet to conduct our business we open ourselves up to a new type of threat. Data and identity theft have become a real problem for many financial and government institutions. To combat this threat Richman Investments has implemented security measures at all seven domains in our IT structure. The seven domains include the User, Workstation, LAN, LAN to WAN, WAN, Remote Access, and System/Application layers. * The User Domain defines the people who have access to the organizations information system. Employees are required to review and sign an acceptable use policy (AUP). This policy defines what employees of Richman Investments are allowed to do with company owned IT assets. Violation of these rules will be grounds for termination. * The Workstation Domain is where employees connect to the network and do their work. The desktop support group is responsible for giving employees the access and hardware/software they require but not more than necessary to do their work. All employees must maintain a password in order to access the system. * The LAN Domain is all the computers and other hardware owned by Richman Investments. This list includes but is not limited to desktop computers, laptops, servers, printers, cabling, and wiring closets. Access to server rooms and wiring closets are strictly enforced. * The LAN to WAN Domain is where the local infrastructure connects to a wide area network and the internet. All data going through this layer will be strictly monitored and logged. The IT department has also disabled all probing and port scanning to all exterior devices. * The WAN Domain is where the data sent from our network enters the internet and becomes vulnerable to theft or attack. All data sent from our network is encrypted at this level making it much harder to access. Employees are not permited to use company email...