Richman Investments _internal Use Only_ Essay

I have been asked to draft a brief report concerning the “Internal Use Only” data classification standard for Richman Investments. The purpose of the report is to describe the standards set by Richman Investments, the potential of a security threat and recommendations to remedy any possible vulnerability. “Internal Use Only” definition – is any information or data shared internally by a company or organization. Even though confidential information is not included this data is not intended to leave the company or organization. The following three IT infrastructure domains affected by the “Internal Use Only” data classification standard I will be discussing are; User Domain, Work Station Domain and LAN-to-WAN Domain. I believe by understanding these areas will help minimize the threat and help keep the information internal. There are several modifications I will be recommending that are very simple fixes that will make Richman Investments more secure. The User Domain is the first layer and also the weakest link in the infrastructure that is affected by the “Internal Use Only” standard. Your personal information is created in this domain. The information that is obtained in this area is for “Internal Use Only”. This is also where you will find your acceptable use policy (AUP); this is the rulebook for employees to follow. Once you enter this domain it allows users to have access to the system and applications. Some of the most common threats to the system are not intentional. They include but are not limited to: installing CD’s, USB’s, photos, music and downloading anything. Just by disabling the USB ports and CD drives will help reduce the number of threats to the system. Access control works within the Work Station Domain and the second layer of the infrastructure that is affected by the “Internal Use Only” standard.

This is where users first access the system; it requires a

login and password authentication before you are allowed to view any information. A work station can be described as a computer, laptop, smart phone or any devise that allows you access to the system. It also has some of the same common threats as the user domain by an employee installing and downloading. While logged onto the workstation you are now open to viruses and malaises acts from outside sources. By reducing the access to certain areas to a need to know basis, this will reduce the number of employee access to areas and the number of internal and external threats. Security Architecture and Design work in the LAN-to-WAN Domain and the fourth layer of the infrastructure that is affected by the “Internal Use Only” standard. This is where you can access the internet and you can become open to anyone. Understand internet traffic is broadcasted in cleartext and it is not encrypted. This area uses Transmission Control Protocol (TCP) and User Diagram Protocol (UDP) when you transmit a packet it attaches a port number in the header and it tells what type of packet it is and allows others to see what you are transmitting. It is the area where information enters and leaves your network. This area is made up of physical and logical pieces. Placing additional restrictions, firewalls and or another password authentication is mandatory for protecting all personal information. After careful consideration, I believe the layers discussed in this report explain the cause and affects that “Internal Use Only” data standards have on the IT Infrastructure. I believe security priority in these areas should be carefully monitored, updated and implemented right away. Along with training, modifying work stations, and restricting access to a need to know basis will help secure the network. These few small changes will keep Richmond Investment secure, safe and trusted by its investors and clients.

Read also  How to Handle Information

References

Kim, David;Solomon, Michael.2012. Fundamentals of Information Systems Security. Jones &Bartlett Learning.

More Essays

  • Impacts of Data Classification Standards

    Through my research I have found three basic domains that are affected by the "internal use only" data classification standard. What I would like to discuss in this report addressing IT infrastructure is how these three domains are affected. I will be discussing the User Domain, Workstation Domain, and LAN...

  • Design an Encryption Strategy

    Using the table given the encryption strategy for Richmond investments would go as follows. I will be using the privacy or confidentiality objective. The basic description for the privacy or confidentiality objective is to keep information secret from all person or persons, except those who are authorized...

  • Impact of a Data Classification Standard

    IMPACT OF A DATA CLASSIFICATION STANDARD Being a mid-level financial investment and consulting firm, we are governed by laws to protect personal data of our customers. To reduce risks and threats the company needs to develop an IT Security Policy Framework that contains four main components: Policy,...

  • Access Control Proposal

    Proposal Statement Integrated Distributors Incorporated (IDI) will establish specific requirements for protecting information and information systems against unauthorised access. IDI will effectively communicate the need for information and information system access control. Purpose Information security...

  • How to Handle Information

    1.1 Identify legislation and codes of practice that relate to handling information in social care settings Data Protection Act 1998 – it gives rights to individuals in respect of personal data held about them. Freedom of Information Act 2000 – it gives you the right to ask any public sector organisation...

  • Standards and Legal Issues

    During a recent audit of the electronic health record (EHR) it had been discovered that the system was vulnerable to threats, misuse, and theft because no security controls had been placed before accounts were created. To help meet legal and industry standards, the company can implement the ISO/IEC 27002...

  • Riordan Manufacturing Service

    After the previous meeting we discussed many important subjects that required additional research to present the safe way to process the transitions of new changes. Also we had reviewed different data flow that will work in the best of improve the proper handling between Riordan Manufacturing and the plants...

  • Modification and Justification of Sla

    The physical protection of Finman's data will need to be protected by proper configuration and setup of data network infrastructure. Both thirds parties will need to ensure ACL systems are set and configured to ensure access and data flow is running properly. There is to be granted access to only privilege...

  • Final Exam_ Study Guide

    1. Which of the following is an action that could damage an asset? 2. Which law requires all types of financial institutions to protect customers' private financial information? 3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? 4....

  • Multi Layered Security Plan

    Hardware and software are key pieces of any organization's infrastructure. Components in each domain of the seven domains of the IT infrastructure may connect to a network or to the internet, and can be vulnerable to malicious attacks. Malicious attacks on hardware and software can also lead to more...

Read also  Mysql Server