ipl-logo

Blue Stripe Tech Security Policies And Procedures

600 Words3 Pages

Draft Report: Infrastructure Research Introduction This report explains the rules and controls that Blue Stripe Tech will follow for its new contract with the U.S. Air Force Cyber Security Center (AFCSC). It focuses on the User, Workstation, LAN, and LAN-to-WAN Domains within Blue Stripe Tech's IT setup. Policy Frameworks NIST Cybersecurity Framework (CSF): This framework helps manage cybersecurity risks. It includes five main parts: Identify, Protect, Detect, Respond, and Recover. Blue Stripe Tech will use this framework to guide the creation and use of security policies and procedures. Risk Management Framework (RMF): The RMF is used by the DoD to integrate security and risk management into the system's development process. It focuses …show more content…

Security Awareness Training Policy: This policy requires regular training sessions for all employees on cybersecurity best practices, phishing awareness, and recognizing security threats. Standards:. Multi-Factor Authentication (MFA): MFA is required for accessing critical systems and sensitive data. Role-Based Access Control (RBAC): Users can access the information and systems needed for their roles. Controls:. User Account Management: Regular checks of user accounts to ensure they follow access control policies. Security Training Programs: Ongoing training and awareness programs for employees based on their roles and responsibilities. Workstation Domain:. Policies: - - Endpoint Protection Policy: Specifies the use of anti-virus software, endpoint detection and response (EDR) tools, and encryption for all workstations. Patch Management Policy: Requires regular updates and patches for all operating systems and software. Standards:. Encryption Standards: All sensitive data on workstations must be encrypted using strong encryption methods like AES-256. Configuration Management: Following CIS benchmarks to secure Windows 10 workstations. …show more content…

Network Segmentation: Use VLANs to split the network, keeping sensitive areas separate from general traffic. LAN-to-WAN Domain:.. Policies: - - Secure Communication Policy: Mandates using secure communication protocols for data transmission between LAN and WAN. Web Security Policy: Specifies using secure web gateways, URL filtering, and monitoring web traffic to prevent data breaches and malware infections. Standards:. VPN Standards: Use VPNs with strong encryption (e.g., AES-256) for secure remote access. TLS/SSL Standards: Implementing TLS/SSL to secure data in transit between LAN and WAN. Controls:. Virtual Private Networks (VPNs): Deploying VPNs for secure remote access to the network for authorized users. Secure Web Gateways: Implementing secure web gateways to monitor and filter web traffic, preventing access to harmful websites, and controlling data leaks. Conclusion This draft outlines the policy frameworks and DoD-compliant policies, standards, and controls that Blue Stripe Tech will follow to meet the requirements of the U.S. Air Force Cyber Security Center. By following the NIST, CSF and RMF frameworks and implementing the specified policies and controls, Blue Stripe Tech will ensure a strong and compliant IT

Show More
Related

Nt1330 Unit 3

630 Words | 3 Pages

37. Are all our email servers configured to check all incoming and outgoing emails for viruses, spam and other threats? 38. Are only authorised staff can access operating system utilities and perform software upgrade and administration to network components? 39.

Read More

Nt1310 Unit 3 Pest Analysis

131 Words | 1 Pages

1. Policies governing the network insecurities which include Email and communications policy, Remote Access Policy, BYOD Policy and Encryption policy 2. User accounts management through training and assigning of user roles depending on their access levels to information in the organization. 3. Setting up workstations and assigning every user a workstation.

Read More

Nt1330 Unit 7 Group Policies

500 Words | 2 Pages

Registry based policy: Only the users allowed by the library staff must be able to use the computers. This will protect the systems from unidentified access. The library staff must provide temporary login credentials to the users. 2. Disable USB ports and other external access: All the external access to the computer must be disabled which prevent the computers from hacking.

Read More

Nt1330 Unit 3 Information Security Risk Management

223 Words | 1 Pages

The Information Security Manager reports in their capacity to the CEO. Company officers, executives, directors, employees, contractors and third party service providers cooperate and work with the Information Security Manager to ensure the protection of customer’s non-public information and Licensee’s Information Assets. Policies, such as Enterprise Antivirus Program, Network Access, Software Development Security Standards, Physical Security, Vendor Manangmenet Ativirus, Mobile Computing/Remote Access, Inromation Security Risk Assessment, Social Media, Data Loss Prevention, and Secuiryt Incident Response Policies have been implemented to protect customer’s non-public personal information and company Information

Read More

Nt1330 Unit 6 Paper

684 Words | 3 Pages

Moreover, management should conduct privacy protocol training, so everyone is on the same page. The policy needs to state clearly the company’s rules about protecting customer’s personal data. Also, staff needs to know that there will be monitoring of phone calls and well as computer activity and emphasizes that per Muhl, (2003) “an employee’s personal use of an employer’s e-mail system and Internet access is not protected under the law.” Hence, organizations can encounter legal troubles due the inappropriate use of the system. The privacy of customer is important, and it needs protection.

Read More

Nt1310 Unit 3 Types Of Security Policies

490 Words | 2 Pages

These are (Virtual Private Network) VPN Policy, Password Policy and Acceptable Use Policy. Acceptable Use Policy is a policy that outlines the acceptable use of computer equipment. This policy is in place to protect employees in regards to inappropriate use. Any case of inappropriate use can expose the network to several risks, including viruses. Passwords are the frontline of protection of user accounts.

Read More

Hcr 220 Week 3 Term Paper

449 Words | 2 Pages

Procedures and policies required to address this are: • Access control using unique user Identification protocols, emergency access, procedures, timed auto logoff, and encryption and decryption mechanisms. • Auditing system that ensures that the IT system with the PHI is being recorded and examined. • Having an IT system that is dependable and protects PHI from alteration and being destroyed. • Making sure that the person accessing the PHI has the proper proof to identify who they are and are authorized to access.

Read More

Nt1310 Unit 3 Network Management

1021 Words | 5 Pages

Group Policy Objects (GPOs): Security settings on workstations and for users should be uniformly applied across all company devices, and should not be modifiable by users. Microsoft Active Directory allows an administrator to set numerous configurations and settings that can be applied on all workstations and user accounts. If it is configurable in Windows, it can be managed by a Group Policy Object (GPO). Any company policy that requires a specific setting, should be enforced by creating a GPO that forces user and workstation compliance. For example, if the Password Policy requires users to choose a password of a specific length and complexity, a GPO can be set that enforces that requirement

Read More

Information Security Standards FIPS 200 Week 2

1008 Words | 5 Pages

Introduction Information security plays a significant role in the protection of the organization's assets. There is no single formula that guarantees 100% security. There is a need for a set of standards or benchmarks in order to attain an adequate level of safety, efficient usage of resources and the best practices. This paper consists of a detailed analysis of the security standards used by the Department of Health and Human Services. DHHS is the nation’s largest health insurer and also the biggest grant-making agency in the federal government.

Read More

Wig1 Information Security Plan

1390 Words | 6 Pages

(Information Security Resources, 2017) This plan intends to establish how WigIT will achieve information protection from information threats so that it can guarantee business continuity. WigIT’s information security program will be achieved by implementing controls, including

Read More

Data Room Risk Assessment Paper

891 Words | 4 Pages

An example would be prox card entry with security pin to unlock the doors. Along with electronic security access into the data room, a security staff will need to be formed that will be responsible for monitoring the data room and manage assigning access into the data room. Internal Server and Desktop Security Policies A risk assessment will need to be conducted in order to identify all locations where sensitive and classified information is

Read More

Understanding The Core Security Principles Of The CIA Triad

246 Words | 1 Pages

In addition to the CIA triad, other core security principles include authorization, authentication, auditing standards, and data encryption standards. Authorization involves

Read More

Nt1330 Unit 3 Project Management Plan

691 Words | 3 Pages

It continuously monitors configurations for drift, vulnerabilities and risk-inducing changes, and provides a suite of workflows to simplify change reconciliation, incident investigation, and daily management. (Open Source Roots to Secure Enterprise Security,

Read More

Homeland Security Definition

1093 Words | 5 Pages

These partnerships create an environment to share critical threat information, risk mitigation, and other vital information and resources” (DHS, n.d.). This is, in my opinion the best way to combat these vulnerabilities. It is essential that these private companies work with the DHS and allow them to conduct vulnerability assessments. Without the use of these assessments, then a company may not know where it stands. And with the growing threat of cyber-attacks, it is essential that our infrastructure be protected.

Read More

COBIT V4.1 Framework

993 Words | 4 Pages

Week 2: Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Lab #2 Lab Report File: Risk Management – IS355 Sherry Best Nicole Goodyear January 23, 2018 Describe the primary goal of the COBIT v4.1 framework. Define COBIT. The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT with understanding and managing the risks associated with IT. COBIT also bridges the gaps between control requirements, business risk, and technical issues.

Read More

More about Blue Stripe Tech Security Policies And Procedures

Open Document