Richman Investments Security Plan Outline
• Restrict access to data and applications to the required users and groups.
• Review and Revise user conduct and security polices every six months.
• Conduct annual security training seminars with system users and staff.
• Track and monitor employee behaviors.
Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP). Informing the users will be of what is acceptable and unacceptable use of the system. This layer also needs constant monitoring.
• In house testing of operating system updates prior to user workstation deployment.
• Strict access control policies and procedures for user access to system and data.
• 72 Day password renewal for workstation and 180 day user password renewal.
• Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types.
Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. This domain is also vulnerable and also needs constant monitoring.
• Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring.
• Periodic LAN vulnerability assessments.
• Define strong access control policies.
Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. By also applying strict monitoring controls and current security updates are excellent security measures to implement.
LAN to WAN Domain:
• Disable ping, probing, and port scanning of exterior devices.
• Strict monitoring for intrusion detection on inbound IP traffic.
• Apply file monitoring and scanning of traffic from unknown sources.
Monitoring traffic will help for see intrusions into the network. Any traffic that is out of the ordinary will
References: David Kim., and Michael G. Solomon. Fundamentals of Information Systems Security , 2012: Sudbury, MA 2012 Pyle, N. (2009, September 01). Designing and implementing a pki: Part i design and planning. Retrieved from Symantec. (2008, August 28). How to: Set up multi-layered security. Retrieved from http://www.pcworld.com/article/141361/article.html