SSCPDomain Research Paper
Table of Contents
1.0. POLICY 3
2.0. OBJECTIVE 3
3.0. ACCEPTABLE USE POLICY (AUP) 3
4.0. UNACCEPTABLE BEHAVIOR 4
5.0. TRAFFICS FORBIDDEN ON RICHMAN COMPANY NETWORK 4
6.0. AUDITING 5
7.0. SANCTIONS 5
8.0. WORKSTATION SECURITY STANDARDS 6
8.1. OVERVIEW 6
8.2. OBJECTIVE 6
8.2.1 WORKSTATION HARDENING 6
8.2.2 ACCESS CONTROL 6
8.2.3 SHARED RESOURCES 7
8.2.4 SYSTEM LOGS 7
8.2.5 WORKSTATION ACCOUNT MANAGEMENT 7
8.2.6 PHYSICAL SECURITY 8
8.2.7 VIRUS AND MALWARE SCANNING 8
8.2.8 INTRUSION DETECTION AND PREVENTION 8
9.0 LOCAL AREA NETWORK SECURITY STANDARD 8
10.0 PHYSICAL SECURITY 9
11.0 LAN TO WAN SECURITY STANDARD 9
12.0 WIDE AREA NETWORK (WAN) SECURITY STANDARDS 9
13.0 REMOTE ACCESS SECURITY STANDARDS 9
Policiesoutline user information, administrators, and security configurationresponsible for order execution which ensures the integrity,availability, and confidentiality of Richman Company’s networks. Itacts as a guideline from which, all contractors and employees must beaccustomed to, and also states rules that all users are required tofollow. It is a tool for the Information Technology department inRichman Company illustrating mandatory guidelines and policies,concerning the acceptable use of the company’s informationprocessing, windows explorer, network resources, web browsing,e-mail, and equipment. The rules and regulations defined in thisproposal will apply to every data transmission services, software,hardware, and infrastructure.
Thisproposal describes the conventional security measures for RichmanCompany staff and systems that transmit, process, access, store,maintain, or create information. It applies to information resourcesaccessible to others, such as contractors or suppliers in instanceswhere the company has a legal obligation to safeguard resources inits possession. The proposal will cover all the company’s networksystems designed to aid in the security and access of information.This will include equipment connected to the company’s VirtualLocal Area Network (VLAN) or domain either wirelessly or hardwired.
3.0.ACCEPTABLE USE POLICY (AUP)
Theuse of Richman Company e-mail, the internet, and network services byits employees is encouraged and permitted in a situation where theutilization supports the mission and vision of the business. Theproposal will provide a guideline which ensures all employees:
Avoid use of unencrypted and unmonitored network services that may pose a risk to the company.
Use the company’s network domain in a manner that is acceptable to the company’s code of conduct.
Follow current rules and regulations as provided for in Richman’s manual.
Theproposal will cover the following practices and conduct bystakeholders and employees considered as unacceptable and potentiallya risk factor.
Use of internet for any personal or illegal activities such as gambling, pornographic content or terrorist activities that are not in conformity with company’s code of conduct.
Downloading unauthorized or copyrighted content for personal use.
The unintended or intended introduction of any form of malware or computer virus into the company’s network.
Participating in activities that are unproductive on the system network.
Distribution of unsolicited advertising or commercial material.
Unauthorized access to copyright material that infringes its right to use.
Availing of company’s confidential information to external sources.
5.0.TRAFFICS FORBIDDEN ON RICHMAN COMPANY NETWORK
Remoteconnections from systems that do not meet the minimum securityrequirement will not be accepted this includes but is not limitedto:
Sending of junk mail or unsolicited e-mail to company recipients is disallowed.
Commands, scripts, or programs that interfere with other network users are forbidden.
Legitimate users will have full access to the company’s network.
Data interception or port scanning is prohibited on the network.
Internal resources or data will not be obtained from unencrypted external sources.
Unrestricted redistribution of copyrighted material that violates the export control laws.
Executable files download from software sites is forbidden.
Externally reachable File Transfer Protocol (FTP) servers or peer to peer file sharing is prohibited.
RichmanCompany is aware that use of its network and domain is a valuablebusiness tool. On the other hand, misappropriation of these sameresources amounts to a breach of policy and may have an adverseimpact on the security of the business, and employees’productivity. The company has the responsibility of availing itsnetwork resources to its employees for business purposes. Therefore,it is the company’s right to scrutinize all network systems andreview all data recorded onto its database. In ensuring compliancewith the proposal, the company reserves the right to access and usesoftware to regulate information and content. The software to monitorand regulate the network activity should be for legitimate purposesand adhere to the company’s code of conduct.
Theproposal will provide measures for disciplinary action if it isbelieved an employee has failed to comply with the company’spolicy. Measures to be taken if an employee is found to be in breachwill include, but not limited to dismissal or verbal warning. Thepreferred choice of disciplinary action will depend on severalaspects, such as the seriousness of the actions, and previouswarnings on the employee’s record.
8.0.WORKSTATION SECURITY STANDARDS8.1.OVERVIEW
Improperlyconfigured devices and workstations pose the risk of beingcompromised and have data stolen, used inappropriately, or damaged.
Thisproposal provides security standards for devices and workstationsthat connect to the Richman’s domain and network includingsuppliers’ external equipment. This section of the proposal listsguidelines that are mandatory for all connected devices on Richman’snetwork.
Allworkstation ought to be configured in a way that decreases the riskof system penetration, through the elimination of potential activitythat presents network vulnerabilities. Controls that are involved inhardening are:
Establishing restrictions on database access and user accounts.
Managing file permission.
Eliminating services or programs that pose a security risk for spamming.
Uninstalling and eliminating services that take control of the network.
Upgrading or patching vulnerable services and applications.
Physical securing the console operations and workstation.
Passwordsfor local user accounts must conform to the established RichmanCompany password criteria, which includes account lockoutconfigurations, and password complexity. The configuration of theworkstation must be in a method that requires interactive userauthentication, rather than an automatic login where passwords arestored on the workstation. An automatic screen saver should be setto ten minutes or less for when the workstation is idle, and onreturn to the desktop area, a password should be input to log on tothe system.
Allshared files and resources must have authorizations set to restrictgroups or individuals accounts not permitted on the network. Toensure access levels are maintained and still secure, there should bea review of the system passwords on a regular basis.
Forcommonly used services, operating system event logging must beenabled for security events such as, unauthorized connections orsuccessful and failed logins. Workstation applications that manageconfidential high-risk data must device event logging to record trackconfiguration changes, and unauthorized access attempts. Alldepartments are instructed to implement measures that regularlyreview logs, which ensure information integrity is protected, andaccess is authorized.
8.2.5.WORKSTATION ACCOUNT MANAGEMENT
Alluser accounts must require authentication that is uniquelyidentified. Account authorization and creation processes must beestablished on the principle of least privilege, granting access tothe system for the authorized individuals. Access and permission tothe system will be removed or modified, when an account’s userterms of engagement with the company change. For emergencytermination of all user accounts, there must be a clearly laid outprocedure. Applications and operating systems that have a defaultpassword, and accounts built in for the installation or developmentprocess, must be disabled.
Workstationcontaining high-profile confidential information must be physicallyattached or housed in an area providing a restricted controlledaccess, or a user access control system.
8.2.7.VIRUS AND MALWARE SCANNING
Allworkstations and devices connected to the Richman Company domain mustbe installed with approved antivirus software. The configuration forthe antivirus should include:
Protection from an unauthorized configuration change.
The presence of a virus on the workstation should be cleaned and then quarantined.
On system start-up, the antivirus must be initiated.
Real-time protection should be enabled.
A scheduled scans for drivers and file should be done regularly.
Signature update for the antivirus should be done daily.
8.2.8.INTRUSION DETECTION AND PREVENTION
Devicesand workstations owned by Richman Company must use the approvedconfiguration and firewall software. Workstation data need to bebacked on the company’s server, which will depend on the dataclassification. For a standalone workstation, a local backup isrequired, and the process occasionally tested for efficientrestorations. There should be a consistently used backup plan that isdocumented and established for all workstations.
9.0.LOCAL AREA NETWORK SECURITY STANDARD
Encrypt password and WAP protection requiring second level authentication.
Utilize network switches.
Alllocations where network equipment such as servers, firewalls,switches or routers are housed, must be locked and secured at alltimes.
11.0.LAN TO WAN SECURITY STANDARD
Run all networking hardware with the up-to-date operating system, software, and security patches.
Enable antivirus scanning and content filtering of all communication on the browsers.
Security monitoring software for intrusion detection.
Disable probing, port scanning, and ping on all external IP devices.
Close unused ports with a firewall to reduce interference from unauthorized network access.
12.0.WIDE AREA NETWORK (WAN) SECURITY STANDARDS
Deployment of internet connections to optimize accessibility.
Isolate malicious software upon discovery.
Scheduled a mandatory antivirus scanning for all attachments and e-mails.
Configure firewalls and routers to block ping requests on open connections.
Enforce VPN tunneling and encryption for remote connections.
13.0.REMOTE ACCESS SECURITY STANDARDS
Encrypt Richman Company hard drives and servers to prevent hacking.
Real-time lockout procedure that uses authorization tokens to mitigate risks.
Enforce strict account user passwords that need to be changed periodically.
Require second level authentication and follow data classification standards.
Develop a Disaster Recovery Plan (DRP) and Bulk Copy Program (BCP).
Encrypt local private data within storage devices and database