Project Part 1
Richman Investments Security Outline
Richman Investments has experienced an increase in security breaches that have resulted in the loss of company proprietary information and damage to systems due to many virus and Trojan Horse infections. The following outline contains some of the security mitigation proposals to be implemented shortly. This is just a basic plan for the moment and if security breaches continue, more stringent policies will be installed. The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain. 1.) User domain proposal: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on Acceptable use policy (AUP) monitoring and compliance. 2.) Workstation Domain proposal: Use workstation antivirus and malicious code polices, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 3.) LAN Domain (including wireless LANs) proposals: Implement encryption between workstations and Wireless Access Points (WAPs) to maintain confidentiality. 4.) LAN-to-WAN Domain proposal: Conduct post configuration penetration tests of the layered security solution within the LAN-to WAN Domain. Test inbound and outbound traffic and fix any gaps. 5.) Remote Access Domain proposal: Apply first-level (i.e., user ID and password) and second-level (i.e., tokens, biometrics, and smart cards) security for remote access to sensitive systems, applications, and data. 6.) WAN Domain proposal: Scan all e-mail attachments for type, antivirus, and malicious software at the LAN-to-WAN Domain. Isolate and quarantine unknown file attachments until further security review is conducted. Provide security awareness training to remind employees of dangers 7) System/Application Domain proposal: Implement daily data backups and...
Please join StudyMode to read the full document