Nt2580 Unit 1 Assignment 2

In: Computers and Technology

Submitted By scaldave
Words 537
Pages 3
Unit 1 Assignment 2
Impact of a Data Classification Standard

Internal use only is information that may or may not be confidential. But is shared within a organization and kept away from the public. With that being said it is imperative that we seek the following to be incorporated within the standards in each domain.
User Domain refers to the people who have access to the organizations equipment User domains is the worst domain for security and personal information can be obtained on this domain under internal use only. The reasoning for this is the multitudes of social networking and the fallacy’s of the employee’s not even meaning to release information that could be detrimental. Employees are responsible for their own equipment. The best way to avoid this is to set up an Acceptable use Policy (AUP) that informs employees what they can and cannot do with company information, equipment, and resources. We must hold employees accountable who are abusing company’s AUP.
Workstation Domain (WSD) refers to the computers or electronic devices in which a user uses to access the system. The WSD is where users first access the systems, applications, and data. This layer requires a login and password authentication before access is allowed to view information. The threats to this domain which vary from unauthorized access to downloading personal files, the best way to fix this is to “Harden” the system by setting up firewalls, anti-virus, malware programs and restricted access to popular web page such as Social networking websites, Music sites, and video web pages. Monitor of disable the installation of software and Restrict or disable the use of removable data devices unless authorized by system Administrators. A user that violates the AUP they should be given restricted access until further security training is completed and every user should have an annual…...

Similar Documents

Nt2580 Unit 5 Assignment 1

...It255 Unit5 Assignment TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges to outside users. |...

Words: 258 - Pages: 2

Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard

...Unit 1 Assignment 2: Impact of a Data Classification Standard * User Domain This Domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. * Workstation Domain Workstation Domain is where all the users work. Before a user can log into the machine, he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username and password. A security protocol requires the password to be changed every 30 days. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network. * LAN Domain The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel. It......

Words: 364 - Pages: 2

Unit 2 Assignment 1

...Unit 2 Assignment 1: Strengths and Challenges Reflection Letter Course Objectives and Learning Outcomes Define terms and concepts related to strategies for technical professionals. Communicate information using Microsoft Office productivity tools and email. Assignment Requirements This assignment coordinates with Unit 2 Lab 1: Introductory Word Lab. Create and send a letter to your instructor executed in MS Word that discusses your questions, concerns, and what you look forward to in Strategies for the Technical Professional. As a part of your letter, make an assessment of your strengths, such as the skills and experience you bring to the class. Also discuss your challenges, perhaps your circumstances, habits, or past academic history, as well as the parts of the curriculum that may be new to you, may not appear as relevant to your goals and objectives, or may be difficult for you to learn and apply. Required Resources Computer with Internet access and MS Word installed. Submission Requirements Your letter should meet the following specifications: Orientation: Portrait Font: 12-point Times New Roman or 10-point Arial Spacing: Double spaced Margins: Normal, Narrow, or Moderate Length: Two to five paragraphs Header: Right justified, including your name, the course number, day, and time Text format: Body of letter left justified Salutation: Appropriate greeting to open letter Closing: Appropriate sign-off and full name as......

Words: 1181 - Pages: 5

Unit 3 Assignment 2 Nt2580

...1. Discretionary Access Control – For Shovels and Shingles I would use Discretionary Access Controls. This way certain user groups have certain access. Considering there is only 12 clients I would assume the employee base and small and only 2-3 groups would be required with different access levels. 2. Rule Based Access Control – Due to the small client base and the fact most users would most likely be sharing information in a small advertising company I would go with Rule Based. This way there is certain files that everyone can access and ones that can’t be accessed. It allows for a personal data structure while allowing some files to be shared freely. 3. Non-Discretionary Access Control – Due the company being larger and associated with IT, I would go with the non-discretionary controls. This way the employees will only have access to what is dictated to them by the administrators. This is especially recommended because there are employees traveling and using the network from the outside. All control for the network should be done administratively. 4. Role-Based Access Controls – For Backordered Parts defense contractor I would recommend Role-Based access controls. As there are many facets to a design and building company there will be many access levels and areas that should only be accessed by certain personnel. Using this role-based control will allow for all users to only see what they need to see, and not see what they don’t need to see as pertaining to......

Words: 321 - Pages: 2

Nt2580 Unit 9 Assignment 2

...Kimberly Warren November 18, 2014 NT2580 Summary of Malicious Attack The CIH virus (which also has names known as CIH, Spacefiller, and Win32.CIH, and Chernobyl) is a virus that was developed in 1998 that infected the 32-bit Windows 95, Windows 98 and Windows NT operating system executable files having the .EXE extension. The contents of this virus can damage the contents of the BIOS flash memory chip and completely ruin the configurations set or even the default. Most of the newer computers sold around this time have had their BIOS programmed into the flash memory chips (Yamamura). Various strains of this virus have been reported to exist such as: • CIH v1.2/CIH.1103 – which contains the string CIH v1.2 TTIT and was activated on the 26th of April. • CIH v1.3/CIH.1010A and CIH1010.B – which contains the string CIH v1.3 TTIT and was also activated on that same day. • CIH v1.4/CIH.1019 – which contains the string CIH v1.4 TATUNG and is not a common virus but is activated on the same day. • CIH.1049 – which activated on August 2nd as opposed to the April 26th date. Concerning infections that have been reported, there have been at least four underground pirate software groups got infected with the CIH virus during summer 1998. They inadvertently spread the virus globally in new pirated softwares they released through their own channels. These releases included some new games which spread world-wide very quickly. There's also a......

Words: 379 - Pages: 2

Unit 2 Assignment 1

...10/ 1/ 2014 NT2580 Unit 2 assignment 1 The workgroup consists of three primary workgroups, which contain group membership lists of users within the Active Directory infrastructure that currently exists on the SMB Server that is located within the confines of the LAN structure. The security breach, which is defined as any event that results in a violation of any of the CIA (confidentiality, integrity, availability) security principles, was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available until possible as long as three days, but hopefully within that timeframe. In addition, the LAN administrator needs at least one week (minimum) to download, test, and install the patch. To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation: First it is important to understand the variables considered in this timeline formula. The WoV is the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. It is also important to explore the device(s) that were targeted by the attack. In this instance, being the SMB server within...

Words: 286 - Pages: 2

Nt2580 Unit 4 Assignment 2

...Dallas Page July 17, 2015 Unit 4 Assignment 2 NT2580 Acceptable Use Policy Definition 1. Overview To protect the integrity, confidentiality and accessibility along with the safety of our clientele and employees it is necessary that a precise set of standards must be defined for anyone who utilizes the electronic devices to access information via the internet. Richman Investments is committed to protecting employees, partners and the company from illegal or destructive actions whether knowingly or unknowingly. Internet or Intranet related systems, including but not limited to the World Wide Web, storage media, operating systems, network accounts and electronic mail are intended to be used for business pertaining to Richman Investments. It is the responsibility of each electronic device user to know the guidelines of the Acceptable Use Policy and to adhere to the Acceptable Use Policy of Richman Investments. 2. Purpose To outline and give a clear precise definition of what is and what isn’t acceptable when using the property of Richman Investments. Property including but not limited to computers, internet service, email service, storage media, operating systems or network accounts. Inappropriate use of either of the aforementioned exposes Richman Investments to legal liability and/or risks of damage to company hardware and/or software. 3. Scope The Acceptable Use Policy applies to all employees, contractors, clients, visitors and partners to...

Words: 689 - Pages: 3

Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard

...Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Unit 1 Assignment 2: Impact of a Data Classification Standard * User Domain This Domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. * Workstation Domain Workstation Domain is where all the users work. Before a user can log into the machine, he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username and password. A security protocol requires the password to be changed every 30 days. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network. * LAN Domain The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements...

Words: 341 - Pages: 2

Nt2580 Unit 1 Assignment 2

...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system.   * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation......

Words: 508 - Pages: 3

Nt2580 Unit 1 Assignment 1

...NT2580 Information Security Sonja Moskal Unit 1 Assignment 1 Worksheet: Match Risk/Threats to Solutions F. Mohamed 1. Violation of a security policy by a user C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance review. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the Internet to an employer owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown files. 4. Malware infections of a user’s computer. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, procedures, and guidelines. Conduct LAN domain vulnerability assessment. 7. Download of unknown file types from unknown sources by local users. B.......

Words: 380 - Pages: 2

Nt2580 Unit 1 Assignment 1

...1. Violation of a security policy by a user C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance review. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the Internet to an employer owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown files. 4. Malware infections of a user’s computer. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, procedures, and guidelines. Conduct LAN domain vulnerability assessment. 7. Download of unknown file types from unknown sources by local users. B. Apply filter transfer monitoring, scanning, and alarming for unknown file types and sources. 8. Errors and weaknesses of network router, firewall,......

Words: 363 - Pages: 2

Nt2580 Unit 1 Assignment 1

...1. Violation of a security policy by a user C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance review. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the Internet to an employer owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown files. 4. Malware infections of a user’s computer. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, procedures, and guidelines. Conduct LAN domain vulnerability assessment. 7. Download of unknown file types from unknown sources by local users. B. Apply filter transfer monitoring, scanning, and alarming for unknown file types and sources. 8. Errors and weaknesses of network router, firewall,......

Words: 363 - Pages: 2

Nt2580 Unit 4 Assignment 1

...Nt2580 Unit 4 Unit 4 assignment 1 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman investments's network from any host. These standards are designed to minimize the potential exposure to Richman investments from damages which may result from unauthorized use of Richman investments resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Richman investments internal systems, etc. 2.0 Scope This policy applies to all Richman investments employees, contractors, vendors and agents with a Richman investments-owned or personally-owned computer or workstation used to connect to the Richman investments network. This policy applies to remote access connections used to do work on behalf of Richman investments, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc. 3.0 Policy 3.1 General 1. It is the responsibility of Richman investments employees, contractors, vendors and agents with remote access privileges to Richman investments's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman investments. 2. General access to the Internet for recreational use by immediate household......

Words: 300 - Pages: 2

Nt2580 Unit 1 Assignment 2

...Unit 1 Assignment 2 Impact of a Data Classification Standard Internal use only is information that may or may not be confidential. But is shared within a organization and kept away from the public. With that being said it is imperative that we seek the following to be incorporated within the standards in each domain. User Domain refers to the people who have access to the organizations equipment User domains is the worst domain for security and personal information can be obtained on this domain under internal use only. The reasoning for this is the multitudes of social networking and the fallacy’s of the employee’s not even meaning to release information that could be detrimental. Employees are responsible for their own equipment. The best way to avoid this is to set up an Acceptable use Policy (AUP) that informs employees what they can and cannot do with company information, equipment, and resources. We must hold employees accountable who are abusing company’s AUP. Workstation Domain (WSD) refers to the computers or electronic devices in which a user uses to access the system. The WSD is where users first access the systems, applications, and data. This layer requires a login and password authentication before access is allowed to view information. The threats to this domain which vary from unauthorized access to downloading personal files, the best way to fix this is to “Harden” the system by setting up firewalls, anti-virus, malware programs and restricted access......

Words: 537 - Pages: 3

Nt2580 Unit 1 Assignment 2

...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...

Words: 364 - Pages: 2