I have been asked to draft a brief report concerning the “Internal Use Only” data classification standard for Richman Investments. The purpose of the report is to describe the standards set by Richman Investments, the potential of a security threat and recommendations to remedy any possible vulnerability. “Internal Use Only” definition – is any information or data shared internally by a company or organization. Even though confidential information is not included this data is not intended to leave the company or organization. The following three IT infrastructure domains affected by the “Internal Use Only” data classification standard I will be discussing are; User Domain, Work Station Domain and LAN-to-WAN Domain. I believe by understanding these areas will help minimize the threat and help keep the information internal. There are several modifications I will be recommending that are very simple fixes that will make Richman Investments more secure. The User Domain is the first layer and also the weakest link in the infrastructure that is affected by the “Internal Use Only” standard. Your personal information is created in this domain. The information that is obtained in this area is for “Internal Use Only”. This is also where you will find your acceptable use policy (AUP); this is the rulebook for employees to follow. Once you enter this domain it allows users to have access to the system and applications. Some of the most common threats to the system are not intentional. They include but are not limited to: installing CD’s, USB’s, photos, music and downloading anything. Just by disabling the USB ports and CD drives will help reduce the number of threats to the system. Access control works within the Work Station Domain and the second layer of the infrastructure that is affected by the “Internal Use Only” standard.
This is where users first access the system; it requires a
login and password authentication before you are allowed to view any information. A work station can be described as a computer, laptop, smart phone or any devise that allows you access to the system. It also has some of the same common threats as the user domain by an employee installing and downloading. While logged onto the workstation you are now open to viruses and malaises acts from outside sources. By reducing the access to certain areas to a need to know basis, this will reduce the number of employee access to areas and the number of internal and external threats. Security Architecture and Design work in the LAN-to-WAN Domain and the fourth layer of the infrastructure that is affected by the “Internal Use Only” standard. This is where you can access the internet and you can become open to anyone. Understand internet traffic is broadcasted in cleartext and it is not encrypted. This area uses Transmission Control Protocol (TCP) and User Diagram Protocol (UDP) when you transmit a packet it attaches a port number in the header and it tells what type of packet it is and allows others to see what you are transmitting. It is the area where information enters and leaves your network. This area is made up of physical and logical pieces. Placing additional restrictions, firewalls and or another password authentication is mandatory for protecting all personal information. After careful consideration, I believe the layers discussed in this report explain the cause and affects that “Internal Use Only” data standards have on the IT Infrastructure. I believe security priority in these areas should be carefully monitored, updated and implemented right away. Along with training, modifying work stations, and restricting access to a need to know basis will help secure the network. These few small changes will keep Richmond Investment secure, safe and trusted by its investors and clients.
Kim, David;Solomon, Michael.2012. Fundamentals of Information Systems Security. Jones &Bartlett Learning.