Nt2580 Final Project
Richman Investments |
Richman Internet Infrastructure Security Management Upgrade |
ITT Technical Institute NT2580 Course Project |
Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. |
Final Project
I. Richman Internet Infrastructure Security Management Upgrade
A. Purpose
Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates
…show more content…
This will be taught to all Richman users by corporate video training followed by password reset script for users to change their passwords to the new method. SFSP works on a three part method.
a. Input Rules are static procedures dictating where certain information is to be typed
b. Secret Code is a static number that a user secretly chooses that is easy to remember.
c. Memory Cue is a an easy to remember word the user secretly selects
2. This is an example of the new password method for Richman employees. You can make as many input rules as the company deems necessary. For this password example there are two rules. The static number is the first number before the rule changes the number. The memory cue is the easy to remember word.
a. R1 = Add doubling numbers in between each character of simple word, before, through and after
R2 = Insert the special character “*” (not including quotes) as the first and last character, as the last step in creating the password
b. Secret Code number is 1
c. Memory Cue is internet
d. New Password is *1i2n4t8e16n32e64t128*
e. Memory Cue is oranges
f. New Password is *1o2r4a8n16g32e64s128*
C. Permissions and Rights (What they can do. . Which operations they can perform on a system.)
All users will be reviewed to insure they are set up correctly with their user rights and permissions. The Administrator will review and updates roles and objects to insure each user has
All user-chosen passwords should be complex in nature (e.g., containing mixed case and two non-alphabetic characters. Non-alphabetic characters include numbers (0-9) and punctuation. The use of control characters and other non-printing characters is discouraged because they may inadvertently cause network transmission problems.
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
accessible by assigned staff, via their corporate login. The system is deemed to be secure but
The organization has a security objective of protecting the database from being altered. Since the data is held in the system, there are regulations that have been set to the users, and there are also limits to the functions that each user performs. In this case, there are three categories of users each with clearly defined responsibilities. For instance, the administration team has been given full control of the application in that they can even alter codes and perform any variations to the database objects. The other groups of users are the executives; these have the ability to access all the information
An employee’s supervisor must request for role-based access to e-PHI using the employee’s job descriptions. IT Department provides restricted role-based access to a client’s network environment/e-PHI and reviews audit logs and information systems activities as needed to monitor the appropriate workforce member is logging into the client environment at any given time.
Technical safeguarding for our unique user identification and secure password should be changed every so often so no one can access your system.
* providing all employees, contractors and third parties with guidelines/rules that state the security expectations of their roles within the organization;
Moreover, information security policies are important in a way that they help reduce the risks associated with employees' acceptable and unacceptable use of the company's information resources. As would confirm Danchev of Windows Security, the first step towards enhancing a company's security is the introduction of a precise yet enforceable security policy, informing staff on the various aspects of their responsibilities, general use of company resources and explaining how sensitive information must be handled and by also describing in detail the meaning of acceptable use, as well as listing prohibited activities (Danchev, 2003). By the same source, a good and well developed security policy should address how sensitive information must be handled, how to properly maintain your ID(s) and password(s), as well as any other accounting data, how to respond to a potential security incident, intrusion attempt, how to use workstations and Internet connectivity in a secure manner, how to properly use the corporate e-mail system (Danchev, 2003).
Now press the numbers on the keypad of your selected pass code. After entering it you can successfully operate the door to open and close.
This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing.
In order to establish system design controls that are directly related to the data input mechanism of a network and in order to control data entry operations and prevent unauthorized access to information or data; Role Based Access Controls (RBAC) are required. The basic principle of these controls is that the data entry personnel, on any level, should be allowed limited access to only specific information in order to get their jobs done. Because of higher data requirements, more data access streams, higher employee turnover and outsourcing of data-entry processes there are many avenues where data can acquired illegally from an outside source and within the organization
the directory, such as the addition, modification or deletion of users that should otherwise not be.
6. If password is incorrect, display ‘Try again” and goto line #5 if else see line #7
W hat password does system bydefault generate for these Service User/s while insta lling a new client within the system? 16. From where we can create new Authorization field? 17. Is it possible to assign ABAP role to Portal user? If yes, how? 18. How can we gain control over Infotypes? 19. Why we have to generate the profile again after saving the authorization dat a while role creation/modification? 20. When does a profile become 11 character string? 21. How can we find out the roles that got directly generated into Production & not imported from Quality System? Please note, you don't have any Quality user i d. 22. How CUA can help from Management standpoint of a Business, having SAP instal led?
Operator: Operator Means in the any organization unit or in our home unit who have responsible for the controlling, maintaining (taking backup) and monitoring the machine it’s called operator. in the organization operator have only read only access. They can’t do modify or edit. Operator can work on different different operating systems and software as well as on applications. And restriction only will applied by the network administrator if operator is member of that particular network.