Richman Investments: Case Study

Richman Investments “Internal Use Only” Data Classification Standard

Due to the general nature of employees having access to systems, applications, and data depending upon their defined access rights, employees must conform to staff manuals and policies described within this document. The “Internal Use Only” data classification standards at Richman Investments will include the most basic of IT Infrastructure Domains to include User Domain, Workstation Domain, and LAN Domain. This will encompass all users, their computers; i.e. laptops, desktops access to the Internet, company servers and any information in between. Each Domain will ensue the proper roles and tasks, responsibilities, and accountabilities are adhered to as described here
The Workstation Domain includes all approved computers on the company network. It requires tight security and access controls due to the fact that this is where most users connect to the IT infrastructure via. desktop, laptop, or any other device that connects to the network i.e., personal data assistant (PDA). Enforcing defined standards is critical to ensuring the integrity of user workstation and data. To prevent unauthorized access to workstations, systems, applications and data, the IT security personnel must safeguard controls with the Workstation Domain.; this can be achieved through constant monitoring. No personal or removable devices of any kind can be used on this network. Downloads of photos, music or other videos via the Internet are strictly prohibited. Only devices issue by the company will be allowed on the network for official use only. Human resources must define proper access controls for workers based on their job. On many occasions users whether knowingly or unknowingly violate the AUP; this creates security risks for the organization’s IT infrastructure. As a prevention measure, Access Control Lists (ACLs) will be drawn up to appropriately define what access each individual will have. IT security personnel will then assign access rights to systems, applications, and data based on this definition. Violations will call for immediate suspension of privileges and the violator will be
Authorized personnel will be properly screened for access to the IT infrastructure. Management of physical components include that of the cabling, NIC cards, LAN switches and wireless access points (WAPs). For purposes of this document explanation are given: the workstation cabling will use RJ45 jacks to physical connect to LAN switches; the NIC interfaces between the computer and the LAN physical media; the LAN switch is the device that connects workstations into the physical Ethernet LAN, providing a dedicated Ethernet connection for workstations and servers and the wireless access point; for wireless LANs, a radio transceiver is used to transmit IP packets from a WLAN NIC to a wireless access point (WAP). The logical components of the LAN Domain and their purposes consist of the system administration, which is responsible for setting up user LAN accounts with login ID and password. The design of directory and file services are the servers, directories, and folders to which the user can gain access; configuration of workstation and server TCP/IP software and communication protocols addresses the IP addressing, IP default gateway router, subnet mask address. The default gateway router acts as the entry/exit to the LAN. The subnet mask address defines the IP network number and IP host number.