Information Security Officer Internet Resume Leon Blum Copy
Project
1. Elizabeth Nunez
NT2580
Mr. Smith
Unit 10 Project Part 2
Due: 5/29/2015
Richman Investments has expanded, adding several new offices in multiple locations.
This establishes the need for protection of the company’s assets and because of this there are
several different policies that should be implemented into the company. Richman Investments
will refrain from using removable hardware on any and all systems that are owned or leased by
the company unless otherwise specified by IT management. Any sensitive information should
only be stored on removable media if it is required in the performance of your assigned duties or
when providing information that is required by other state or federal agencies. Any sensitive
information stored on removable media must be encrypted within the Richman Investments
Encryption Policy.
Richman Investments will require security assurances and user-friendly sites for
attracting customers via internet sites. Understanding the business requirements is crucial in the
translation of security procedures and policies into a public network. With real time business
requirements and economic drivers there has been a force for rapid change to the methods used
to conduct business-to-business and business to client communication.
Employees are given PCs so they can deliver on assigned tasks; it is crucial that they
understand that these PCs are the property of Richman Investments and are not to be used for
personal use. There is to be no offensive material or pirated material downloaded or stored on
business PCs or any other company hardware. Provided email systems should only be used for
business purposes and care needs to be taken of material sent via email. The company is held
liable for the actions of employees making it Richman Investments priority to ensure all
employees are well educated on the harm that can be caused by not following the policies they
have been given. Spam, mass mailing lists, playing games or engaging in online chat groups is
2. Elizabeth Nunez
NT2580
Mr. Smith
Unit 10 Project Part 2
Due: 5/29/2015
strictly prohibited. All company PCs are required to use the businesses loaded antivirus software
to check all data on their PCs, downloaded data or data transferred via disks. Any and all data
that is loaded onto the network servers or sent outside the company must be virus checked. Users
will not be allowed to disable the antivirus software and the administrators can maintain better
control of PCs by implementing group policies as per department functions so users can’t tamper
with configurations. All updates and patches for the operating systems and applications must be
checked on a regular basis and installed to ensure any and all vulnerabilities are prevented.
Ensuring that users are aware of security policies and the risks a business can face if these
policies aren’t followed correctly. Richman Investments will continue to educate users through
emails and awareness classes. Since the “ILOVEYOU” virus of 2000, it imperative that users are
aware of the dangers of opening an email message especially with any attachments because it
could potentially flood your email servers and gateways.
With the office expansion, added number of employees and the crossing of the U.S.
borders, Richman Investments will implement a virus and malware program to thwart malicious
code and activity with the following countermeasures and prevention techniques.
A list of countermeasure suggestions and a brief description for the implementation of
said countermeasures is as follows. PacketFence is a fully supported and trusted, free and open
source network access control solution. It boasts an impressive feature set that includes a
captive-portal for registration and remediation, centralized wired and wireless management,
powerful guest management options, 802.1X support, and layer-2 isolation of problematic
devices. It can be used to effectively secure small to very large heterogeneous networks and can
be tailored for use as a firewall and router. In addition it is also very powerful, flexible
3. Elizabeth Nunez
NT2580
Mr. Smith
Unit 10 Project Part 2
Due: 5/29/2015
firewalling and routing platform and it includes a long list of related features and a package
system that allows further expandability without the added bloat and potential security
vulnerabilities to the base distribution.
Administration software will be implemented as follows. Wireshark will be used, it is the
world’s foremost network protocol analyzer that allows you to captures and interactively browse
the traffic that is running on a computer network. AMANDA is the Advanced Maryland
Automatic Network Disk Archiver which is a backup solution that allows the IT administrator to
set up a single master backup server to back up multiple hosts over a network to tape
drives/chargers, disks or optical media. AMANDA uses native utilities and formats that can
backup a large number of servers and workstations running multiple versions of Linux or Unix.
It also uses a native Windows client to back up Microsoft Windows desktops and servers.
The audit and monitoring software will be used as follows. Spiceworks which is free
network monitoring software with network management tools, help desk ticketing app, network
mapper and more will be used for the Richman Investment Company. Nagios is a powerful
monitoring system that enables organizations to identify and resolve IT infrastructure glitches
and problems before they affect any critical business processes.
Cryptography software that will be used is as follows. Firstly Richman Investments will
use 7-Zip which is open source software that is under the GNU LGPL license. It has a ZIP
container-based AES-256 encryption which allows you to easily create a compressed archive of
files and add a password to it. AxCrypt is also an open source file encryption software that
4. Elizabeth Nunez
NT2580
Mr. Smith
Unit 10 Project Part 2
Due: 5/29/2015
allows you to compress encrypt, decrypt, store, send and work with individual files. It works
with Windows shell and it uses AES 256 encryption.
The use of Data Communications Software is required; JITSI is a VoIP video
conferencing and instant messaging application for Windows, Linux and Mac OS X. It supports
severel popular instant messaging and telephony protocols. FreeSWITCH is a scalable open
source, cross-platform telephony platform designed to route and interconnect popular
communication protocols which use audio, video, text or any other form of media.
ClamAV will be used to guard against malicious code and malware. This is an open
source antivirus engine which is designed to detect Trojans, viruses, malware and other
malicious threats. Gateway Anti-Virus is a Vermont Department of Taxes project which allows
applications across an enterprise to check files for viruses by providing a SOAP-based virus
scanning web service. The client applications will submit files to the web service and that web
service uses ClamAv to scan them for viruses.
Data recover software will also be used; software such as BackTrack which is distributed
based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing
use. It is a bootable software CD which contains a number of diagnostic programs such as
partitioning agents, system performance benchmarks, disk cloning and imaging tools. It also uses
data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer
malfunctions.
5. Elizabeth Nunez
NT2580
Mr. Smith
Unit 10 Project Part 2
Due: 5/29/2015
References
(n.d.). Retrieved from http://www.packetfence.org/
(n.d.). Retrieved from http://www.7-zip.org/
(n.d.). Retrieved from http://www.backtrack-linux.org/
(n.d.). Retrieved from http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-
filter-and-inspect-packets/
Jonathan. (2015, January 19). Welcome to the Spiceworks Community. Retrieved from
Spiceworks:
http://community.spiceworks.com/help/Setting_Up_Monitors_And_Email_Alerts