David Kim and Michael G. Solomon. Fundamentals of Information Systems Security - Jones & Bartlett Learning, LLC. 40 - Tall Pine Drive Sudbury, MA 01776 – Copyright 2012
Multi Layered Security Plan:
This Multi-layered Security Plan will give a brief overview of the security strategies that will be implemented at each level of the Information Technology (IT) infrastructure.
2.) User Domain
a. Security awareness training will be implemented to instruct employees of Richman Investments ...view middle of the document...
Utilizing the correct network switches per each domain.
g. WPA 2 encryption policies to wireless access points.
h. Securing server rooms from unauthorized access.
5.) LAN to WAN Domain
i. Deactivating and closing off unused ports per the firewall to reduce the chance of unwanted network access.
j. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent.
k. All networking hardware is to have up to date security patches, and operating systems.
6.) WAN Domain
l. Enforce encryption, and VPN tunneling for remote connections.
m. Configure routes, and network firewalls to block ping requests to reduce chance of denial or service attacks.
n. Enforce anti-virus scanning of email attachments.
o. Isolate found malicious software (virus, Trojans, etc.) when found per anti-virus software.
7.) Remote Access Domain
p. Establish strict user password policies, as well as lockout policies to defend against brute force attacks.
q. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen.
r. Encrypt the hard drive of company computers, laptops and mobile devices to prevent the loss of sensitive data.