Multi Layered Security Plan
Project Part 1
Multi Layered Security Plan
Richman Investments
1) General
This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure.
2) User Domain
a. The usage of security awareness training to instruct employees of Richman Investments security policies
b. Auditing of user activity
3) Workstation Domain
a. The usage of antivirus and antimalware programs on each user computer
b. Strict access privileges to corporate data
c. Deactivation of media ports
4) LAN Domain
a. Utilizing network switches
b. WPA 2 encryption to wireless access points
c. Securing server rooms from unauthorized access
5) LAN to WAN Domain
a. Closing off unused ports via a firewall to reduce the chance of unwanted network access
b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent
c. Run all networking hardware with up to date security patches, and operating systems
6) WAN Domain
a. Enforce encryption, and VPN tunneling for remote connections
b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks
c. Enforce antivirus scanning of email attachments
i. Isolate found malicious software (virus, Trojans, etc.) when found
d. Deployment of redundant internet connections to maximize availability
(Kim & Solomon)
7) Remote Access Domain
a. Establish strict user password policies, as well as lockout policies to defend against brute force attacks
b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen
c. Encrypt the hard drives of company computers, laptops and mobile device to prevent the loss of sensitive data
Works Cited
Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett
Multi Layered Security Plan
Richman Investments
1) General
This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure.
2) User Domain
a. The usage of security awareness training to instruct employees of Richman Investments security policies
b. Auditing of user activity
3) Workstation Domain
a. The usage of antivirus and antimalware programs on each user computer
b. Strict access privileges to corporate data
c. Deactivation of media ports
4) LAN Domain
a. Utilizing network switches
b. WPA 2 encryption to wireless access points
c. Securing server rooms from unauthorized access
5) LAN to WAN Domain
a. Closing off unused ports via a firewall to reduce the chance of unwanted network access
b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent
c. Run all networking hardware with up to date security patches, and operating systems
6) WAN Domain
a. Enforce encryption, and VPN tunneling for remote connections
b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks
c. Enforce antivirus scanning of email attachments
i. Isolate found malicious software (virus, Trojans, etc.) when found
d. Deployment of redundant internet connections to maximize availability
(Kim & Solomon)
7) Remote Access Domain
a. Establish strict user password policies, as well as lockout policies to defend against brute force attacks
b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen
c. Encrypt the hard drives of company computers, laptops and mobile device to prevent the loss of sensitive data
Works Cited
Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett
Cited: Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett Learning.