Purpose
George Washington University Campus/ Corporate Network houses sensitive government research and non-public information of students and faculty. This security plan establishes the framework to ensure network security and regulatory compliance.
Scope
This Security Plan establishes will describe the GWU network and identify key roles and responsibilities. Threats and impacts to assets are disclosed. Access controls and methods that identify polices detailing procedures and guidelines will be established.
1. Information System Name/Title:
Triple Sec Inc. Corporate Network
Assets Sys Name
Server 2008 R2/ AD/DNS/DHCP DC1
Server 2008 R2/ AD/DNS/DHCP BU DC2
Server 2008 R2/ Exchange Symantec email filter EX1
Server 2008 R2/ Exchange Symantec…show more content… Other Designated Contacts:
• James Mays, Security Manager, GWU, 123 Main St., Washington D.C. 12345, jmays119@itt-tech.edu, 865-***-****.
6. Assignment of Security Responsibility:
• John Smith, CIO, GWU, 123 Main St., Washington D.C. 12345, jsmith@gwu.edu, and 123-456-7890
7. General System Description/Purpose
• GWU Campus/ Corporate network assets include o 14 Servers running MS Server 2008r2 operating
Active Directory
DNS
DHCP
ERP
Oracle
MS Exchange
Web Sense
Apache
o 390 PC’s/Laptops running Windows 7 operating
MS Office 2007
Adobe Reader
Visio 2007
MS project 2007
• NASA and GWU Management has determined sensitive contract information will be stored on the network.
• 3rd Party appointed by NASA agents will maintain personnel investigation information and will be inherited by GWU network security.
• GWU stores data such as: o (PII) and is used for administrative and operational Tier III o MAC-II (Public) o Controlled Unclassified Information (CUI)
8. Minimum Security Controls Technical Controls
• Remote Logging o Regular Log checks with email alerts.
See Vulnerability Management & Vulnerability Window Policy.
• Intrusion Detection o Constant IDS…show more content… • Least Privilege User Account Architecture
See Access Control Policy
• Strong Password Requirements
See AUP Policy
Physical Controls
GWU buildings and grounds will have the following security measures in place.
• 24hr. video surveillance
• Grounds patrolled by Campus Police.
• University ID card w/ RFID tags.
• Backup Generator
• Fire Suppression System
All servers will remain in the server room with the following Physical Security Controls:
• Insulated Magnetic Lock (48hr backup power supply)
• Fish bowl design allowing clear visibility of personnel but no view of server screens.
• 24hr video surveillance of Server Room.
• Server Room Access Logs.
• Halon Fire Suppression
• Liquid tight sealed room w/ sump pump backup
Operational Controls
Operational Controls include but are not necessarily limited to:
• USB Ports will be disabled and not allow booting from USB.
• DVD drives will be disabled.
• Stored data will be encrypted to meet NIST 800-137 specifications.
• Remote Desktop will be disabled.
9. System Level Continuous Monitoring Strategy
NIST Special Publication 800-137 requires organizations take the following steps to establish, implement, and maintain
