Security Plan Outline for Richman Investments
• Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff. Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what not acceptable use of the system is. Workstation Domain
• In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain
• Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments.
Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain
• Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion detection on inbound IP traffic. • Apply file monitoring and scanning of traffic from unknown sources. Monitoring traffic will help for see intrusions into the network. Any traffic that is out of the ordinary will raise a red flag to system administrators. WAN Domain
• Email attachment quarantine of unknown file types.
• VPN tunnels for data transmission between branch offices. • Apply filters to IP Stateful firewalls.
• Email server to be located in DMZ within firewalls....