Keeping data safe is not only a responsibility of the security

I have been asking to write up a brief report dealing with “Internal Use Only” data
classification for Richman Investments. Are IT infrastructure is at risk of not have all
securely issue in place. We as company need to look over are Availability, Integrity and
Confidentiality of the network. That we are working on to reduce the risk of the company
network system. I would go thru and check the whole system for malware, viruses and
hackers. The privacy data of clients are at risk of to hackers. Also are corporate
intellectual at risk of get take by hackers as well. So we need to address the problem at
hand sooner then later. We don’t need to be put are clients or company info at risk of
getting hacked. Are databases needs to be more secured and harder to accused. We need
to got thru the whole network ensure the secured of the system. So my recommends is to
less the risk, threat and vulnerability for the whole company.
We as a company need to ensure that all users on the network are aware of all the
rule of the network in the following ways. We first as a company need to ensure that all
employee understanding the rules of the company. So we need to provide an all hands
class for everyone that work there to go thru. Thru each and every domain of accessed to
the network to ensure it well check and secured. This would also help with the leak of
important info. Have every employee sign a statement of understand of the rules.
Everyone need to change his or her password every six months along with training needs
to be done at the same time.
We have to make the system harder to be hacked. We have to go thru the whole
LAN and WAN. Then go thru the whole system to ensure the security of the system and
user was up to date. We will start from the user workstation domain all the way to the
serves. We need to go thru the router and firewalls. To ensure there properly updated to

1

block against of any new viruses and malware. We would also set more way to stop
unauthorized user from enter the system. Such as give everyone in the company user
number for each employee. With in the company to make it harder for outside source to
hack the system. By this way we would verify all employee and hope that well stop
anyone calling the service desk and false as employee. We will also need to set up
random check of information daily to keep all employees on their toes. We need to set up
all information with a risk level. So it will make it harder to get the info. This is in hope
that the more difficult you make the network the less of the chance of get hacked by
outside user.
I do understand that you can’t make a network 100% bullet proof from outside
source but the more difficult you make it in hope to less the risk. With the step put in
place are in hope to less the following malware, viruses and hackers. We also need to
keep in mind that there is still user that untrustworthy. I fell the more you train your
employee and keep them up to date. Along with hold their feet to the fire of network
secured you can less the chance of your network be wrongful use. Also you should post
the information around the work section for everyone to be aware of the information set
forth.

With the CIA triangle it break down in to seven different categories. The first one

2

you have is confidentiality. Confidentiality also can be break down to authenticity. The
second one is integrity. The second one break down too accuracy. The three one is
availability, which break down in to two more. The following two this break down to are
utility and possession.
Confidentiality the only person to have accessed to company data is the employee
and user of the company. Each and every employee needs to ensure that they don’t share
their log in information with no one else. Along with classify information with the
employee that doesn’t have the accessed to the document. There will be monthly
education to all user in the company also are network security policies will be post
around the work section. All document well be secure to all unauthorized not allow to be
unsecured for any outside eyes. All document well be shred that have any information on
to avoided any employee or company information leaking out of the company.
Integrity we as all employees need to check every document for virus to ensure
that the document is not going to be hacked from outside source. By doing the following
set we well be able to prevent virus and hackers. This well keep the network safe from
unauthorized user get in the network as well. When we received a message we need to
check the file size and ensure that it not corrupted. When created a document for any user
to see you well be required to add a watermark with the company name in it so we all no
that the document came from with in the company.

The availability of the network and application will only be available to the users
that are authorized only to our company network. The networks well have an intrusion

3

detection system to prevent from unauthorized user get in the network. The firewall will
also be set up to prevent from going to unauthorized website and user to accessed are
network. This company interference well is only being available to the authorized user.
The accuracy of all is networking secure and document will need to be check for
any mistakes to prevent from document is missing read and understood. We will proved
an authorized listed of application to be use by all users. When your doing your document
you need to make sure that you go thru all info to ensure there is no typos with in your
document.
With have a listed authorized website we can ensure the website the authenticity
so the employee are not going to any spoofed website. We also need to start encryption
are document to ensure the authenticity stay true in the company. Along with all email
sent out will be sent with a digital signature and certificate. To ensure that the employee
aren’t open email from not authorized to be open on the network.
For the utility of all documents need to be secured so none of the data or
information get out of the network. This would put are company under and close the
doors. We have to ensure that all document are only in usable format for this company to
use. We wont want the information of are customer to leave the walls of are company.
This would hurt are company a great deal.

Possession of all are data need to be safe guard so we don’t breach of
confidentiality to you as employee and are customers. There will be a policy in place to
avoid the documents get in the wrong hands. All documents will be control by only

4

authorized with in accounted no one else will have accessed to this due to the classified
of the info.
The only sections allow adding new software to the system is the network security
employee. You as employee in any section with in the company are not authorized to add
new software to the computer in the company. The hardware of all the computer with in
the company well only be upgraded by the information tech. Every night before you go
home you well power down your computer.

Richman Investment Remote Access Policy

5

Purpose
The reason for this policy is due to our company growing. This is to give every network
user a clear understanding of all exposure well on Richman Investment network.
This well also keep unauthorized user off are network. This will help from documents
with in the company from be damage or corrupted. This will also help to prevent from
hacker or viruses corrupted are sensitive and confidential data.

Scope
The policy will be in place to all Richman Investment network user. That will be uses are
network with in the company or remote accessed. These will clearly up what is allowed
and not allowed on the network. Along what kind of connected to the Internet you are
allow having.

Policy

General
1. The same consideration for all Richman Investment firm will be use for all user
included remote accused and on-site user

2. The remote accused user are allow to accused internet for recreational only if they are
pay a flat rate for there internet service. When use internet accused for remote accused
user you are responsible to enforce the policy set forth by the firm. The use of internet
should not be misused against the policy by any family member will on are network.

3. Take the time to review the following polices to protecting the information of the
6

Richman Investment firm.

a. Encryption Policy
b. Remote accused Policy
c. Wireless Communications Policy
d. Acceptable Use Policy

4. When need help with your remote access connection this can be done thru network
help desk or via website. You will need to provide certain info to accused the system.

3.2 Requirements
1. You will need to set up pass-phrases and password this not allowed to be shared with
no one.
2. At no time you should your give no one your login or email password info this
included not even family member.
3. With be a remote accused user this fall completed on the user to safe guards all
company network information. You can’t connecter to no other network the only
exception is your own network at home.
4. You are not allowed to accuse no personal email but your company will on the
company network.
5. There is a dedicated router for all authorized user. At no time will you reconfigure
your home connected in any spade or form.
6. When connected to the internal network with remote access you must keep all
software up dated and this included your anti-virus software. You can find the

7

authorized software on the company help desk website.

4.0 Enforcement
If any user violated anything with in the policy you will face disciplinary and
termination of all employment.

Richman Investments
Acceptable usage Policy
Overview
This will be the Acceptable usage Policy for Richman Investments firm this will be
applies to all Internet users with in this company. This will be apply who access the
Internet through the computing or networking for any resources. You as an employee of
Richman Investments will be expected to uphold the policy set forth. You must use good
judgment while using the Internet services with Richman Investments.
This is to define a LAN-to-WAN, Internet, and Web surfing Acceptable usage Policy that
restricts usage of the company’s Internet connection and permits the company to monitor
usage of the corporate Internet connection.
Purpose
The purpose for this policy is to outline the acceptable use of computer equipment at

8

Richman Investments. The rules are in place to protect the employee and Richman
Investments. Inappropriate will exposes Richman Investments to the risks including virus
attacks, compromise of network systems and services, and legal issues.
Scope
This policy applies to all Richman Investments network user. This policy applies to all
equipment that is owned or leased by Richman Investments. I strongly recommended all
employees with in this company read and fully understand this policy. When access the
company Internet this applies to all users no matter how you connected to the network.
By signed acknowledgment form will be turned in and will be kept on file at the facility
granting the access. Please don’t heisted to call or email Information Technology (IT)
Department.
Policy
General Use and Ownership
While Richman Investments ‘s network administration desires to provide a reasonable
level of protecting to the company users should be aware that the data they create on the
corporate systems remains the property of Richman Investments.
Unacceptable Use
Requires the enforcement of strict ingress-egress filtering policies for network traffic.
Certain traffic is expressly forbidden:
No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers.
No downloading executable from known software sites.
No unauthorized redistribution of licensed or copyrighted material
No exporting internal software or technical material in violation of export control laws
9

No introduction of malicious programs into networks or onto systems.
No accessing unauthorized internal resources or information from external sources
No port scanning or data interception on the network
No denying service or circumventing authentication to legitimate users
No using programs, scripts, or commands to interfere with other network users
No sending unsolicited e-mail messages or junk mail to company recipients
No accessing adult content from company resources
No remote connections from systems failing to meet minimum-security requirements
Enforcement
If any employee violations this Network Policy will be documented and will lead to
revocation of system privileges or disciplinary action up to and including termination.
Depend on how bad you violated this policy this company will seek legal action. You
could seek jail time. This matter shouldn’t be taking lightly by anyone in the firm.

Leap-a Oompa-a computer virus
This virus has a many way of working as it can be a worm and trojan. This virus was
real different then most virus it target many different operating system. It was able to

10

infect the window and macintosh operating system. It would act as a simple image
file. It would show up in your latest picture and acted like it was something from
apple to view. It would deliver it self like a trojan horse it would make you think it
was something different then what it real was. There was code hide in the file named
latestpics.tgz, It would show a picture of something interesting. Once you doubleclicked on the image as it appear as image file on your computer it would start install
itself on your system. On the macintosh it would first try and send everyone in your
iChat buddy listed an iChat file message. This would rapidly start share the download
with everyone in your contacted it could attacked. It shared the file automatically
send to everyone with in your contacts. This would use external applications to do all
the work so it could move a lot easier. You wouldn’t even know it was doing it. Then
it would infected your InputManger start infected the Cocoa application. It would use
your Spotlight search to get your top used applications and infect them. It shows up
something different then it real is. This virus holds many different form with in it self.
Once it attacked a applications it won’t allow you to open it so you have to install a
new copy of the software. It takes a human to spread thru your computer. This virus
came up in early 2006 to start attacked macintosh system. You can prevent this from
happen by installing antivirus software on you Mac. Ensure you only open files from
knowing sources or user that will limit the risk of you download it on your Mac. Keep
your Mac up to date with all the security updates that apple sends out. You can
defend from get this infection by watch what you do on your Mac. There are many
different ways to stop the intrusion. One of the best ways to prevent it is not allowing
access to the input manger. Then going terminal and looking for a file called apphook

11

and remove it.

Employee Computer Security
Microsoft Windows operating systems are arguably the most common and
popular platform for enterprise workstations. The Microsoft Windows operating systems
of the past have been known for their lack of security and ease with which they could be
compromised by both malware and “hackers.” Microsoft responded with their Trusted
Computing initiative, which included a requirement that all Microsoft developers read
and apply the principles contained in the book “Writing Secure Code.” The currently
deployed Windows 7 operating system and recently introduced Windows 8 operating
system are both a product of this security initiative, and include a large number of
security features that far surpass the level of security attained by previous Windows
operating systems. Hence, current editions of the Windows operating system can be
hardened to a significantly higher level of security, which is extremely important since
the Windows operating system has the largest number of PC based computer installations
on the planet, making Windows operating systems the largest target by far for malicious
attacks, (Microsoft, 2013).
Current versions of the Windows operating system (specifically Windows 7 and
Windows 8) are designed with built in tools that can protect data from unauthorized
access to file system storage contents. Bitlocker is a tool designed to encrypt information
on the file system so that only authorized individuals have access. Bitlocker was available
in Windows Vista however the feature was limited to internal hard drives. However, with
12

the release of Windows 7, Bitlocker can now be used to secure information on external
drives such as USB flash drives, as well (this feature is known as “Bitlocker to Go”). The
Bitlocker tool is especially important for those employees that travel because if a laptop
containing sensitive company information is lost or stolen, the company information
stored on the device will be inaccessible to would be data thieves due to the high level of
secure Bitlocker encryption, (Microsoft, 2013).
To enable the Bitlocker tool, an employee (or administrator) must access the
Windows Control Panel area, and then select System and Security and then Bitlocker
Drive Encryption. At that point they should select the Turn On Bitlocker item. Bitlocker
will then scan the drive and create a second partition if one does not already exist, and
then require a reboot. During the reboot, the employee must enable TPM (the Trusted
Platform Module) on the system, usually through software on the system or by accessing
the feature in the BIOS. Bitlocker uses TPM to protect both the boot up sequence and
storage drive contents from tampering. Then the employee will be directed by Bitlocker
to select a recovery key method such as storing the key to a USB flash drive, saving the
key to a network drive, or printing the recovery key. Then the employee should select the
Run Bitlocker System Check, click Continue, then click Restart Now, and after booting,
Bitlocker encrypts the drive contents. Then if unauthorized access is attempted in any
way, the TPM and operating system immediately resort to “Recovery Mode” where the
recovery key must be presented in order to access contents of the storage drive, even if
the drive is removed from the computer, (Microsoft, 2010).
Hence, by requiring employees to enable the use of Microsoft’s Bitlocker tool,
confidential company information can be kept safe from prying eyes, especially on the

13

road if a company owned device such as a laptop or tablet or even USB flash drive lost or
stolen.

The four key security tips that I would share with coworkers to keep their data safe, their
computers free from malware, and to threat any attacks are listed below:
First security key tip is to install latest antivirus software: Latest anti-virus software is
installed on every system that protects the system from new viruses, worms, and Trojan
horses. Also antivirus program that is installed is configure to scan e-mail and files as
they are downloaded from the Internet. Many Information technology organizations like
Symantec, McAfee and Sophos have released their anti-virus software in order to prevent
or block spyware. The company called Grisoft also released their own anti-virus software
with the name of AVG Anti-Virus. Free version of AVG antivirus is also available for
private and non commercial users. The different way of preventing Trojan is never open
any e-mails or download any attachments from unknown senders.
This security tip is implemented by installing free version of antivirus software from
internet or purchases your own antivirus software online/ buys CD from market.
Installing latest antivirus software is very important because it helps user to detect any
virus threat to their system immediately as they usually runs on the back thread always.
Also antivirus software provides complete details of virus, with options to remove or to
move into vault. [Nortan 2006]
Install Firewall program: Other security key tip is to install firewall to keep their
operating system and network secure. A firewall is a program that prevents unauthorized
use and access to computer. A firewall can be either hardware or software. Hardware

14

firewalls provide a strong degree of protection from most forms of attack coming from
the outside world and can be purchased as a stand-alone product or in broadband routers.
Unauthorized access is often viewed as hackers gaining access to user data files and
resources from across the Internet.
This security tip is implemented by either enabling it from control panel of Microsoft
windows or user can also do some third party firewall installation which might help them.
Installation of firewall is important as intruder unauthorized access to the system is
stopped and overall system gets protected. [Pinktec 2011]
Authentication: This is the process to test the users credential for system, whether the
user is actually have their valid user login details, such as user id or password to access
the system or not. If it validates than the user is entitled to enter the system otherwise he
will not be allowed to enter the system. This usually keeps unwanted or harmful hackers
away from the system.
It is implemented by setting user id and password to access your system. This is
important because it prevent unauthorized access to your system.
Password Protection Standards: Password Protection Standards are the control for
accessing confidential data on network or remote system. Passwords and Passphrases are
used for accessing the confidential data. And this is generally accomplished by the use of
public and private key concept.
It is implemented by setting passwords and passphrases to access confidential data on
system or network. Passphrases is generally implemented in order to support for
public/private key authentication. A public/private key system enables the process of
establishing a mathematical relationship between the public key that is known and

15

confirmed to all, and the private key, that is confirmed as well as known to only one user.
It is important because this mechanism enables to implement security with which the
access can only be given only to the desired user with the aid of the private key. A
passphrase is an enhanced copy or can say advance version of a password and hence,
more secure. A passphrase is typically composed of multiple words. This enables the
security against "dictionary attacks." [Broder 2006]

Reference:
http://alum.cs.sunysb.edu/files/policies/Remote_Access_Policy.pdf
http://ptdiocese.org/files/Remote_Access_Policy.pdf
http://www.sans.org/security-resources/policies/Remote_Access_Policy.pdf
http://www.sans.org/security-resources/policies/internet-usage-policy.pdf
http://www.sans.org/security-resources/policies/Acceptable_Use_Policy.pdf
http://www.howstuffworks.com/worst-computer-viruses.htm – page=9
http://www.macworld.com/article/1049459/leapafaq.html
http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms
http://www.macworld.com/article/1051426/protectmac.html
http://www.macshadows.com/kb/index.php?title=Leap-A_Trojan
Microsoft, (2010), Turning on Bitlocker Drive Encryption on an Operating System Drive,
Retrieved from

16

http://technet.microsoft.com/enus/library/ee424299%28v=ws.10%29.aspx
Microsoft, (2013), Lock up your data using Bitlocker Drive Encryption, Retrieved from
http://www.pcadvisor.co.uk/opinion/windows/3419767/how-set-up-bitlocker-encryptionin-windows-8/
Microsoft, (2013), Microsoft Trustworthy Computing, Retrieved from
http://www.microsoft.com/about/twc/en/us/default.aspx
Broder, J., (2006). Risk analysis and the security survey. Third edition. Elsevier Inc.
http://books.google.co.in/books?id=quicDYAi6fUC&printsec=frontcover

Nortan. (2007), Keeping OS and Antivirus Software up to Date,
http://www.nortonantiviruscenter.com/security-resource-center/os-antivirus-software-upto-date.html

Pinktec Computer Services. (2011), Firewalls Advantages and Disadvantages,
http://kimberleytaylor.com/articles/firewalls_advantages.htm

17

18

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order