Free Essay

Nt2580 Unit 1 Assignment 2

In: Computers and Technology

Submitted By goldnhorde
Words 508
Pages 3
-------------------------------------------------
Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard
Richman Investments
Internal Use Only Data Classification Standard
Domain Effects

Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains.
“Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security.
This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system. * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation Domain * Define: This defines the devices used to access and connect to the information system. * Policy Impact: First, all devices and removable media connected to the information system must be issued and approved by the company. At no time should any user of the system connect a unauthorized device or removable media. Second, the IT Team will provide all employee workstations with a username and password. Our security protocol requires the password to be changed every 30 days. This password policy will be backed up by a strict screen lock out policy. Third, The IT team will maintain regular updates and continuous antivirus protection for monitoring to ensure minimum software vulnerabilities. Fourth, when possible, all areas with access to a workstation will have the physical security of a key card to enter the area. * LAN Domain * Define: This defines the group of computers all connected to a single LAN domain. This domain includes data closets, all physical elements of the LAM, and all logistical elements of the LAN. * Policy Impact: The LAN Domain requires strict security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The IT Team’s LAN support is in charge maintaining and securing this domain. Any users of this level must be screened by the IT department head and management. If approved, the user will be issued a special access code associated with the LAN domain use. The main threat to the LAN domain is Un-authorized access on the network. To minimize unrequired access, we will disable all unused external access ports for the workstation. * All employees will be trained on these security policies and the need for security awareness.…...

Similar Documents

Free Essay

Nt2580 Unit 5 Assignment 1

...It255 Unit5 Assignment TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges to outside users. |...

Words: 258 - Pages: 2

Free Essay

Unit 1 Assignment 2

...Unit 1 Assignment 2 The Internal Use Only data classification standard of Richman Investments has many different infrastructures domains that are affected via internal use only data classification. More than all others, the three infrastructures that are affected the most are the User Domain, Workstation Domain and the LAN Domain. The reason why the User Domain infrastructure is one of the most affected infrastructures is because the User Domain infrastructure is the infrastructure that allows users to access the network. This is a problem because many users do not fully understand everything, all the time and thus is bound to make a mistake sooner or later. With so many users on our network, this is probably the most vulnerable domain infrastructures in our network. The Workstation Domain is also another domain infrastructure that has great reason to be affect by internal use only data because this is where the user connects to the our network. The reason that this can cause security threats and other problems is because this domain can be connected via a personal laptop or even a cell phone or other mobile device. The final infrastructure domain that is greatly affected is the LAN domain. The reason that this domain infrastructure is affected by internal use only data is because this domain is the open domain available companywide, to anybody in the building or even near the building via a wireless device. If we watch these specific areas closer and implement some......

Words: 275 - Pages: 2

Free Essay

Unit 2 Assignment 1

...IS3340-WINDOWS SECURITY | Recommendations for Access Controls | Unit 2 Assignment 1 | | [Type the author name] | 4/3/2014 | | Access Control is the defined as “the selective restriction of access to a place or other resource”, in the RFC 4949. “The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.” Simply put the ability to read, write, modify, or deleting information or files is what Access Control is. It is more than this, in the permissions (authorization) granted to each Security Group or Individual User. The permissions mentioned in the previous paragraph are rights that a user is allowed to access, create, modify, or delete the file(s) inside a file folder, or objects. These are all permissions (authorizations) controlled by the Authorized Windows Security Personnel of the file structure. We will list some examples of how this outlined and what the impact would be, but first understand that requirements for the permissions is controlled from the Group Level, other than by Individual User, because it is easier to control from a security standpoint when you want to modify these abilities. There are four folders created (D:\ERPdocuments, D:\ERPdocuments\HRfiles, D:\ERPdocuments\SFfiles, D:\ERPdocuments\MGRfiles) which we want to allow specific permissions for certain functions (tasks). For example; by modifying the permissions under the specific user account for HRmanager to include...

Words: 436 - Pages: 2

Free Essay

Unit 2 Assignment 1

...Eric Satchell NT1330 Service Provider Types Unit 2 Assignment 1 July 3, 2014 Comparing Service Providers There are a lot of companies providing services, but AT&T provided telephone communication to the public. AT&T monopolized the telecommunication industry until the United States took them to court for antitrust and won. AT&T was broken up into eleven smaller companies, call Baby Bells. One of the companies that derived from this law suit was the Regional Bell Operating Company or RBOC. RBOC was a term that described one of the US telephone companies that provided telephone, telegraph, and long distance to the consumers. RBOC is part of a local exchange carrier allowed to compete for business. RBOC services internet service which in turn dealt with digital data. The merging companies provided different types of service based on the Telecommunication Act of 1996. ILEC or incumbent local exchange carrier is a telephone company that provided local telephone communications before the ruling to break up the Ma Bell Company. The FCC ruled that the ILECs must provide other telecommunications service providers access to their equipment to be able to provide a better rate to the consumer. This......

Words: 480 - Pages: 2

Free Essay

Unit 3 Assignment 2 Nt2580

...1. Discretionary Access Control – For Shovels and Shingles I would use Discretionary Access Controls. This way certain user groups have certain access. Considering there is only 12 clients I would assume the employee base and small and only 2-3 groups would be required with different access levels. 2. Rule Based Access Control – Due to the small client base and the fact most users would most likely be sharing information in a small advertising company I would go with Rule Based. This way there is certain files that everyone can access and ones that can’t be accessed. It allows for a personal data structure while allowing some files to be shared freely. 3. Non-Discretionary Access Control – Due the company being larger and associated with IT, I would go with the non-discretionary controls. This way the employees will only have access to what is dictated to them by the administrators. This is especially recommended because there are employees traveling and using the network from the outside. All control for the network should be done administratively. 4. Role-Based Access Controls – For Backordered Parts defense contractor I would recommend Role-Based access controls. As there are many facets to a design and building company there will be many access levels and areas that should only be accessed by certain personnel. Using this role-based control will allow for all users to only see what they need to see, and not see what they don’t need to see as pertaining to......

Words: 321 - Pages: 2

Premium Essay

Unit 1 Assignment 2

...September 25, 2014 NT 2580 Unit 1 assignment 2 A Data Classification Standard is information or data shared internally by an organization. The private information or data may not be included; core communications are not planned to leave the organization. The report is designed to describe and explain the standards for the “Internal use only” data classification at the Richman Investments location, this report will address which IT set-up domains are affected by the standard and how. The first IT set-up affected by core use is the User Domain. The User Domain describes the people who access an organization’s information system. The user domain will enforce an Acceptable Use Policy (AUP) that defines what each user can and cannot do with the company’s data. With company users, any outsiders, contractor’s or third party agents will also need to agree and comply with the Acceptable Use Policy. Any violation will be taken up with management or the proper establishments to access further corrective action. Work Station Domain: This is where most of the company’s users connect to get to the IT set-up. No personal devices or removable media may be allowed on this network ever. All devices and removable media will be issued by the company for official work use. Access Control Lists (ACLs): ACLs will be tired up to appropriately define which access the users are allowed to use. Any violation causes an immediate suspension of rights and the person(s) in violation will be subject to......

Words: 414 - Pages: 2

Premium Essay

Unit 2 Assignment 1

...Introduction to Networking Unit 2: Assignment 1 Indentifying Network Topologies Identify the major needs and major stakeholders for computer networks and network applications. The major stakeholders for computer networks and network applications are the ones who use it or relay on it to do business. The main stakeholders are the ones who uses the network or applications to get their work done for their company. The next stakeholder is the company or people who rely on the first company to get what they need. The ones who design the applications or the network are stakeholders in the fact they need to make sure their work is done properly so others can do their job. The owners are also stakeholders in the fact that others rely on their people and software to get their work done. Then there is the end-users who are also stakeholders because we need the network and applications to do our daily job. Identify the classifications of networks and how they are applied to various types of enterprises. PAN (Personal Area Network)—personal. You as an individual and the range is around that person LAN (Local Area Network)—network of interconnected computers within a small geographic area. Area of LAN’s are a room, building or group of buildings, offices, schools. The range is 10m – 1km MAN (Metropolitan Area Network)—a network design for a town or a city. The range is about 10km.Examples would be London, England or Geneva, Switzerland, WAN (Wide Area Network—a network that......

Words: 289 - Pages: 2

Free Essay

Unit 2 Assignment 1

...January 6, 2015 January 6, 2015 Todd Eppes NT1310 Todd Eppes NT1310 Service Provider types Unit 2 Assignment 1 Service Provider types Unit 2 Assignment 1 Todd Eppes January 1, 2015 NT1310 Unit 2 Assignment 1 Service Provider Types RBOCS stands for Regional Bell operating company. It was one of the United States regional telephone companies that were created as a result of the breakup of AT&T. They are allowed to compete for long distance telephone traffic under certain circumstances. RBOCs are generally in competition for digital data and internet traffic with wireless service providers and cable TV companies. ILEC is short for incumbent local exchange carrier. IT is a telephone company that was providing local service when the Telecommunications Act of 1996 was enacted. They are in contradistinction to CLEC. GTE was the second largest ILEC after “The Baby Bells” but has since been absorbed into Verizon. CLEC stands for competitive local exchange carrier. IT is a telecommunications provider company competing with other, already established carriers. CLECs have evolved from the competitive access providers that began to offer private line and special access services in competition with the ILECs beginning in 1985. MSO is short for multiple-system operator. This is an operator of multiple cable or direct-broadcast satellite television systems. Though in the strictest sense any cable company that serves multiple communities is......

Words: 274 - Pages: 2

Premium Essay

Unit 1 Assignment 2

...September 25, 2014 NT 2580 Unit 1 assignment 2 A Data Classification Standard is information or data shared internally by an organization. The private information or data may not be included; core communications are not planned to leave the organization. The report is designed to describe and explain the standards for the “Internal use only” data classification at the Richman Investments location, this report will address which IT set-up domains are affected by the standard and how. The first IT set-up affected by core use is the User Domain. The User Domain describes the people who access an organization’s information system. The user domain will enforce an Acceptable Use Policy (AUP) that defines what each user can and cannot do with the company’s data. With company users, any outsiders, contractor’s or third party agents will also need to agree and comply with the Acceptable Use Policy. Any violation will be taken up with management or the proper establishments to access further corrective action. Work Station Domain: This is where most of the company’s users connect to get to the IT set-up. No personal devices or removable media may be allowed on this network ever. All devices and removable media will be issued by the company for official work use. Access Control Lists (ACLs): ACLs will be tired up to appropriately define which access the users are allowed to use. Any violation causes an immediate suspension of rights and the person(s) in violation will be subject to......

Words: 413 - Pages: 2

Premium Essay

Unit 2 Assignment 1

...10/ 1/ 2014 NT2580 Unit 2 assignment 1 The workgroup consists of three primary workgroups, which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within...

Words: 286 - Pages: 2

Premium Essay

Nt2580 Unit 4 Assignment 2

...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...

Words: 689 - Pages: 3

Premium Essay

Unit 2 Assignment 1

...Course GS1145 06/28/2015 6:00PM Dear Mrs. Phifer, As a returning student to college I have very few if any questions. I know you are thinking if that is the case then why you haven’t graduated from a college or university. But the reason for so little questions and concerns is because I’ve realized my mistakes and I’ve come to terms with those mistakes and I’m currently in the process of making corrections to those mistakes. Anyways some of the few questions that I do have are as follows: 1. What if I want to go ahead on assignments am I allowed to? 2. How will this course assist me with my goals of obtaining an associate’s degree? 3. How will this course benefit me? Along with these questions and concerns I also have a few challenges that I need to overcome, one of those being time management with having to work all day attend school after gives me a very limited amount of time to finish and complete assignments. That’s one thing that be fixing this semester because procrastination has been my friend for far too long. Another challenge I would say is a big factor would be as previously mentioned procrastination I put tasks off for long periods of time, school being one of those tasks and it has caused some pretty good opportunities to slip away from me. Even though I have some challenges I still possess some good strengths a couple of them being persistence and motivation, both of them are essential qualities that are needed to finish and complete school......

Words: 464 - Pages: 2

Free Essay

Unit 2 Assignment 1

...NT1310 Week 2 – Unit 2 Assignment 1 Service Provider Types There are five different types of telecommunication types to date. First of which is RBOC – (regional bell operating company) which was a telephone company created as a result of the breakup of AT&T. The seven original regional Bell companies were Ameritech, Bell Atlantic, BellSouth, NYNEX, Pacific Bell, Southwestern Bell, and US WEST. The reason why this was so important was because these companies are what provided local telephone service while AT&T provided the long distance phone service. These are what made up the Local Exchanges or the LEC’s. ILEC or incumbent local exchange carrier was a telephone provider that provided local service prior to the telecommunications act of 1996. These play a major role because these carriers are what own the local loops/exchange and facilities in that area. CLEC’s are the exact same thing except they are the competitor to the ILEC’s but provided their own networking and switches for local service. MSO or Multi system Operator – is owner of multiple cable and satellite television systems. This ties into what an ISP is. An ISP is simply and Internet service provider that provides a mean for accessing the internet. MSO is majorly known for being cable companies, because of this cable companies are providing internet to cable customers (usually as bundles with their plan). They work within each other because......

Words: 314 - Pages: 2

Free Essay

Nt2680 Unit 1 Assignment 2

...Dallas Benning NT2580 Unit 1 Assignment 2: Impact of a Data Classification Standard The “Internal Use Only” data classification standards will affect the user domain, the work station domain and the LAN domain. These three domains are the most basic infrastructure domains and the will cover all users in the company. The classification will cover the company telephone directory, employee training materials and internal policy manuals. The User Domain explains the people who have access to the company’s information. This domains will contain all of the user’s information and will enforce the policies that control what information each user is allowed to access. This domain can also be the greatest weakness in a system and needs to be carefully monitored. The Workstation domain is where users are verified and accounts are set up. They will need to have a user name and password assigned to them by the IT department before they can access any systems or data. Also, no personal devices or any forms of removable media will be allow on the network. There will also be policies in place to ensure that each employee only has access to the information that they need to perform their jobs. The LAN domain includes all physical elements of the LAN network. There must be strong security for this domain because it is the entry point to any WAN networks and makes accessing workstations far easier. Users must have background checks and be screened before given access to the......

Words: 290 - Pages: 2

Free Essay

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2