NT2580 – Introduction to Information Security
15 March 2014
This Proposal is to assess the situation at the Richman Investments Company. The offices have a total of 5,000 employees, and the office technology inventory includes desktops, mobile computers, and wireless devices. There is a mix of computers running Windows XP, Windows Vista, Windows 7, and Mac OS X. Most of the managers have BlackBerry devices for instant communication, and all employees are provided cell phones. A Windows Active Directory forest with domains is set up for each office, and seven file and print servers are located in the Phoenix office. The Phoenix office also contains two proxy servers, configured as an array, that provide Web cache services and Internet access control for the organization. The majority of applications are Web-based and hosted from the Phoenix office.
There are a lot of systems on this network with a lot of different software and operating systems. This is alone is a high vulnerability because it makes it harder to keep each system up to date as opposed to having one main operating system and being able to push down updates and patches to assure that the network is safe. The Seven file and print servers are ok but like I stated before, now you have to make sure whatever that is running on the servers have to be compatible with each operating systems. If not you can designate the file and print server to only be in charge of all the computers with a certain operating system on it. That will make it more difficult still and require more man power than what you would want on your network. I didn’t see mentions of firewalls, they will be needed since you have most of the applications are web-based. We need to ensure that our employees are the only ones that have access to the information in our network. There should be firewalls to detect outside intruders and a password validation to access each application. All users will go through mandatory training about what is allowed on the network and how the network should be ran. There will be a class that one should attend either yearly or every 6 months to keep the users abreast on the threats that out or could be out on the network. They will also sign a document that will state what can and can’t be used on the network, like no removable storage of any sort, whether it be a flash drive or a music player, call can pose a threat to the network. There will be a script ran every so often to ensure the employers aren’t surfing any unauthorized sites or abusing the use of company equipment. There will be a password requirement on the system. You should change your password 90 days and also your password should contain up 14 characters, including two upper case, two lower case, two special and two numbers. The passwords will not contain any basic info like address, SSN, street address or any repetitive characters. This will improve our security measures so we have least like probability of our users getting hacked. There will be a user agreement that will be signed after the initial class and any follow up classes throughout the year. User will have only have access to information that is needed to do their job. They will only be able to see information and applications that has to do with their job. No employee should share any information with a user outside his/her department or outside the need to know basis. Subject to not follow these instructions could subject to a breach in our systems. That would put our entire network in danger. Our server rooms should be in a secure room with minimum access. The doors should have a lock mechanism on them rather it be electronic or a prevalent door lock. The employers that have access to this room will have a badge and or pin, this will determine and show access to a specific person and trace their actions. There should be some kind of...
References: Firewall management. (2014). In Dell Secure Works. Retrieved March 15, 2014, from http://www.secureworks.com/it_security_services/firewall/
Data encryption on removable media guideline. (2014). In Berkeley Security. Retrieved March 15, 2014, from https://security.berkeley.edu/content/data-encryption-removable-media-guideline?destination=node/379
Guil, F. (2003, April). Computer rooms-meet the physical security measures . In GIAC.com. Retrieved March 15, 2014, from http://www.giac.org/paper/gsec/2892/computer-rooms-meet-physical-security-measures/104866
Bradley, T. (2014). Password policy: password must meet complexity requirements. In about.com. Retrieved March 15, 2014, from http://netsecurity.about.com/od/secureyourwindowspc/qt/complexpw.htm
Please join StudyMode to read the full document