Sharon Cadwell
ITT Technical Institute
NT2580 Introduction to Information Security
De’Von Carter
11/16/14
Multilayered Security Strategy: Richman Investments
This multi-layered security plan for Richman Investments will provide a short overview of the security tactics that will be applied at each level of the IT infrastructure.
This MLS Plan will describe how the IT department will improve the security of each domain and how to protect the company’s information. The IT department will update all firewalls on the infrastructure and make sure to secure all ports that are open. This will help stop incoming traffic that is malicious. Another protection utilized will be anti-virus software, …show more content…
This domain is the fastest way for the system to be compromised. I would implement an AUP (acceptable use policy) that will be understood and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the …show more content…
The primary concern of the System/Application domain is loss of data. System/application attacks are generalized into three categories: denial or destruction, alteration, and disclosure. Data loss from errors, failures, and disasters are also a concern of this domain. This domain needs to be protected by securing the physical access to computer rooms and a disaster recovery plan (DRP) should be created including the backup of data. Plan, configure, maintain, and improve all network servers and implements all standards including the Acceptable Use Policy