Data Classifications Standards
Richman Investments
Data Classification Standards help Richman Investments to consistently define how this organization should handle and secure our various types of data. This report will focus on the internal use only data and how each of these domains are affected by these standards. Internal use only data refers to information that may or may not be confidential. It is imperative that our organization keep this information in house and away from the public and realize the Domains that need to be addresses with these rigid standards. The three standards that are at the top of the list for our company that will be directly affected are the User, Work Station, and LAN Domains.
The following “internal use only” data classification standards should be applied here at Richman Investments.
The User Domain is made up of the employees that have access to the organizations equipment and network and is the weakest link in any IT infrastructure, including the one here at Richman Investments. The amount of social networking and the errors that are made by employees may end be detrimental to the network and cause data to be lost, tampered with, or stolen. The best way to avoid this would be to implement an Acceptable Use Policy (AUP). This will inform the employees what they can and cannot do with company information, resources, and equipment. Anyone that abuses the AUP will be held accountable for their actions. Employees must have their individual permissions for what they can and cannot do in order to make them accountable. It is the responsibility of the HR to check the background of each employee thoroughly and follow with regular evaluations. It is also important that security control audits are performed to secure the system against risks and threats.
The Work Station Domain is important and is directly affected by the “internal use only” standard. The Work Station Domain is the place where the user can access the organizations network and all applications or data on the system. This Domain requires tight security and access controls. The system will need to be hardened, meaning that all computers will need to have the latest software revisions, security patches, and system configurations. It is also important to only allow company approved devices in or around the workstation. Our most secure response to the threat of devices around the work stations would be to completely deactivate all CD, DVD, and USB ports. We could also enable automatic antivirus scanning for CDs, DVDs, and USB devices, but I would rather deactivate the ports and not have these available at the workstations. It is important that each user have their own login and password information that is not accessible to anyone else. It is the job of the desktop support group to enforce and define standards to ensure integrity of the workstations and data. Having logins and passwords for each employee will also ensure that no one outside or within the organization will be able to access any information on their workstations, thus eliminating those threats. The only individuals that will be able to access the network will be those that have been added to the system by an IT administrator.
The LAN Domain is a collection of computers that are connected to one another or to a common medium such as wires, fiber optic cables, or radio waves. The LAN domain needs strong security and access controls. The threats to this domain include unauthorized access to hardware closets, switches, database servers, wireless keys, and routers from unauthorized personnel. This is a security risk to the server. In order to ensure these risks are avoided, equipment closets and server rooms must remain secure at all times whether through lock and key, or access locks or key cards. Wireless contingencies will be in place to prevent leaks of keys such as changes to access and MAC address tables to verify devices that are authorized. If the device is not authorized, access will be denied. Employees must register all new devices with IT administrator and these devices will be monitored to ensure maximum security. Backup and contingency plans will be in place for any mishap or disaster.
This report has outlined three of the domains from the IT infrastructure here at Richman Investments and has shown security issues and how they will be addressed. Strict policies must be put into place to protect the “internal use only” data as well as the network for the organization. This will only come with complete compliance from all parties involved. If the policies are not followed, training and further action will be necessary to prevent any preventable risk to vital data within this organization.
You May Also Find These Documents Helpful
-
Richman Investments recognizes the risks associated with users using and accessing data in order to properly conduct assigned tasks, jobs, or conduct official employer business. Information is often shared throughout the network and possibly with external sources or clients. Securing ALL data and ensuring network integrity is of…
- 1232 Words
- 5 Pages
Powerful Essays -
The purpose of this paper is to develop an information security policy that defines the requirements to make our organization's computer network compliant with National Institute of Standards and Technology (NIST) Security Standards. NIST regulations and instructions were reviewed in order to develop the requirements that are stated in this policy. The source documents used can be found in the references section.…
- 4998 Words
- 19 Pages
Powerful Essays -
References: Bott, F. (2005), Professional Issues in Information Technology, The British Computer Society, Wiltshire. Data Protection (n.d.), http://www.bcu.ac.uk/health/research/ethics-and-indemnity/ethicsapplications/data-protection. Accessed: 05/01/2013. Lee, M. (2012), ‘Professional Computing module’, http://www.cs.bham.ac.uk/ mgl/profcomp/lectures/. Filetype: Pdf, Accessed: 02/01/2013.…
- 434 Words
- 2 Pages
Satisfactory Essays -
The department is responsible for educating and assisting in working through the company’s policy and in dealing with policy breaches. Data security, quality, and integrity are valued commodities for a business who wishes to continue to prosper and grow, but the improper handling can also easily jeopardize its future (Pratt, 2008). Riordan’s need to consolidate data that has been created offline and potentially could be out-of-date is a data manager idea of a horror story. Through the use of data management solutions that support transactions processing in one location supports a more secure and efficient high-volume business. What also need to be considered are the multinational laws that Riordan had to adhere to because of its global footprint; legal requirements relating to data vary by country. It would be remiss to overlook the security of employees within the company because security falls under the domain of human resources. To take a safer, smarter approach toward personnel security the proposal will also include recommendations for company badges. A badge policy would keep track of employees as they come and go plus alert employees to the presence of a visitor. Monitoring equipment should also be considered as this would be ideal for public gathering places to record any activity after hours by using a motion sensor…
- 3105 Words
- 13 Pages
Best Essays -
IS Ch 1, Lecture: Introduction to management information systems and enterprise Ch 5 & Ch technology management 10 Lecture: Technology fundamentals Reading: A conversation about information technology 1. In your experience, does this conversation ring true? 2. Why are many business managers frustrated with organizational IT? 3. Why are many IT managers frustrated with ‘the business side’? 4. What can be done to improve relations between the two sides? Activity: A group discussion of Open versus Closed systems models. Session 2 Key question: How can you use information systems to get the Mar 5 most out of organizations? IS Ch 11 Lecture: Organizational information systems & Enterprise systems Case: Business Intelligence Software at SYSCO Activity: Information structures & organizational effectiveness Session 3 How can you manage the balance between security and privacy, Mar 12 openness and access? IS Ch 6, Ch 12, & Ch 13 Lecture: IS ethics, privacy, computer crime, and security Case: ChoicePoint (A) 1. What is your appraisal of ChoicePoint’s business model? 2. How legitimate are the concerns voiced by the industry critics? 3. In Derek Smith’s position, what internal changes, if any, would you make to address the issues discussed in the case? 4. In Derek Smith’s position, what would you recommend to the U.S. Congress regarding regulation of the personal data industry? Discussion: Information security vs…
- 2205 Words
- 9 Pages
Powerful Essays -
Understanding the issues around regulatory compliance can be a difficult and frustrating endeavor. Financial data must be kept confidential and unmolested at all costs. With data reporting, security and privacy gaining importance, companies world-over are under increasingly complex requirements for regulatory compliance. The intent of these multiple regulations and industry standards is to ensure the security, availability and integrity of business information. Companies which don’t comply with these regulations risk legal action as well as fines and restrictions.…
- 704 Words
- 3 Pages
Satisfactory Essays -
Facebook, Twitter, LinkedIn, YouTube, MySpace are all social networking sites that the majority of today’s society have heard of and more than likely use on a daily basis. These sites can be useful tools for a plethora of information and do have added quality in the workplace. However, if employers and employees do not use these sites properly or more importantly understand the dangers of social networking there can be alarming consequences that could include loss of occupation, serious liability claims, or never acquire employment at all. Constant vigilance and reminders that social networking is not private must be in the forethought of all employees and employers with consideration to the workplace.…
- 3244 Words
- 13 Pages
Best Essays -
Social networking sites should not be restricted because they provide an improved method of communication to organizations and lead to higher productivity. According to his journal on social networking, Marketing and Management professor Reynaldo Lugtu says, “Social networking also enhances personal bonding among employees, especially in virtual teams. In today’s workplace where team members are scattered in different locations, social networks such as Facebook and Twitter enhance team bonding and communication, which are otherwise difficult to achieve.” (Lugtu, 2010) On social networking sites employees can post news, discuss ideas, ask questions and share links allowing them to find more relevant information more quickly. Social networking sites are great problem solvers as well because they open up the communication to an entire community (Lugtu, 2010) According to a 2009 University of Melbourne report, “Surfing Web sites such as Facebook, YouTube and Twitter at work could…
- 1313 Words
- 6 Pages
Powerful Essays -
The value of social networks and how they can benefit businesses has been in question recently. Also in question is do these social networks create a security risk with employees conveying possibly privileged information to a friend or relative through Facebook or Twitter. How does a company prevent potential security risks? They have to block social networking sites or grant limited access to specific departments. Metro Business College prevents students from accessing social networking sites on school computers but allows faculty and staff to access from their desk computers. Metro’s reasoning is students should be at school to learn, not stare at Facebook all class period. The question then is not are these sights a security risk but rather are these sites a huge time suck for employees which creates a reduction in productivity? The biggest risk a company a company faces is how employees that utilize these sights can make their company look and what effects it could possibly have on their reputation.…
- 1387 Words
- 6 Pages
Better Essays -
Employers do have the right to simply ban all computer activity that is not work-related, but this approach may not yield optimal results. If employees are to be allowed access to social networking platforms, then a comprehensive and well-defined policy should be established to prevent abuse.…
- 1647 Words
- 7 Pages
Good Essays -
Bringing social networking into the workplace is sometimes risky for one who is applying to get a job. Employers can research future prospects and see what their online life is like. Although a person may not be able to be completely understood solely by their social networking site, an employer might judge them based off of it. For example, had someone had a picture of themselves tagged online for the public to see, an employer might deem that bad publicity for the company and decide not to hire this person. However, those who apply for jobs have options to set their accounts on private and social networking companies are not held responsible for the material posted. “When joining either MySpace or Facebook [or Twitter], the user must agree to the terms of service and to the Web sites privacy policies” (Elzweig and Peeples “Using Social”). If anything negative happens in the line of a person…
- 2240 Words
- 9 Pages
Powerful Essays -
First of all, prohibiting social websites at work facilitates companies to protect from the danger of information leakage. Some users of social websites such as Face-book or Twitter usually send links to their friends to share interesting news or funny video clips. Being aware of this, hackers start to make friends with the employees using Face-book or twitter, and then send them links, which probably contain viruses or spywares. If they succeed, those hackers will be able steal all of the secret information and new business strategies of the company. It is obvious that employers do not want their company’s secret plans lost, so the banning of social websites at work is an essential measure.…
- 502 Words
- 3 Pages
Good Essays -
Social networking sites can have a negative impact in the workplace. They create distraction, decrease productivity, cost companies money, can jeopardize a company’s reputation and legal liability and for those users who don’t have their profiles set to private can often result in unemployment. Social networking sites also able to harmful for potential employees looking for job, as face book and MySpace are incredible resources for companies as they offer helpful information about a candidate’s true colors. Several profiles often contain awkward and embarrassing information that job seekers would not want their future managers to know about themselves.…
- 1220 Words
- 5 Pages
Good Essays -
* It does not do the company any good in terms of their productivity if they allow their employees to access social networking sites in workplaces, as they would not be able to track what they employees are doing (whether they are doing job-related work or not). Hence, this is not cost-efficient and it is a waste of human resource as the salaries paid to the employees are not justified.…
- 1246 Words
- 5 Pages
Better Essays -
The rapid explosion of social networking is starting to affect corporations. Believe it or not, employee use of social networking sites while at work isn’t the only reason corporations are running into problems. corporations themselves have started using social networking sites for a multitude of reasons, such as marketing, employee communications, and emergency response services, just to name a few.…
- 368 Words
- 2 Pages
Satisfactory Essays