Information Labelling and Handling Assignment
VerifiedAdded on 2022/11/26
|27
|3424
|442
AI Summary
This assignment provides a detailed explanation of data classification, data handling policy, dynamic access control (DAC), and active directory rights management services (RMS). It covers topics such as information labelling, data classification models, and procedures for data handling. The assignment also discusses the technical aspects of DAC and RMS, including their implementation and configuration. Suitable for students studying enterprise security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFT 5029 – ENTERPRISE SECURITY
Information Labelling and Handling Assignment
Name of the Student
Name of the University
Author’s Note
Information Labelling and Handling Assignment
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFT 5029 – ENTERPRISE SECURITY
Table of Contents
Part A - Data Classification and Data Handling Policy:..................................................................2
Statement of the Policy:...............................................................................................................2
Procedures:..................................................................................................................................2
Part B – Technical Explanation of DAC and RMS.........................................................................6
Technology..................................................................................................................................9
Installation of Active Directory Domain Services.................................................................10
Installation of Active Directory Certificate Services.............................................................11
Installation of Active Directory Rights Management Services.............................................14
Installation of File and Storage Services...............................................................................15
Use cases....................................................................................................................................16
Use Case 1.............................................................................................................................16
Use Case 2.............................................................................................................................18
Use Case 3.............................................................................................................................19
Bibliography..................................................................................................................................22
INFT 5029 – ENTERPRISE SECURITY
Table of Contents
Part A - Data Classification and Data Handling Policy:..................................................................2
Statement of the Policy:...............................................................................................................2
Procedures:..................................................................................................................................2
Part B – Technical Explanation of DAC and RMS.........................................................................6
Technology..................................................................................................................................9
Installation of Active Directory Domain Services.................................................................10
Installation of Active Directory Certificate Services.............................................................11
Installation of Active Directory Rights Management Services.............................................14
Installation of File and Storage Services...............................................................................15
Use cases....................................................................................................................................16
Use Case 1.............................................................................................................................16
Use Case 2.............................................................................................................................18
Use Case 3.............................................................................................................................19
Bibliography..................................................................................................................................22
2
INFT 5029 – ENTERPRISE SECURITY
Part A - Data Classification and Data Handling Policy:
Statement of the Policy:
1. Responsibility Regarding Information Service: All the employees of the organization who
are related with the ACME’s internal and sensitive information must familiarize themselves with
the provided policy of data classification. This sensitive information of the organization is either
restricted or confidential in nature. This policy is capable of providing a proper guidance for a
consistent protection of the information of the ACME organization. This policy document will
also provide a conceptual model for the information system for the classification of the
information which is based on the sensitivity of the data. Overview of the required approaches is
also presented which are important for protecting the information that is depending on these
same classifications.
2. Major Risk Addressing: In this policy document information system data classification
model has been defined and these are based on concept of need to know. Through this term it has
been defined that information must not be provided to any persons who are not having any type
of requirement of accessing those sensitive data of the organization. When this concept will be
combined with the defined policies in this document, it will protect ACME from any
unauthorized type of modification, use, disclosure, deletion and modification to the sensitive
data.
3. Information that is Applicable: The policy of data classification is applicable for all of the
electronic type of information which is under the information system.
INFT 5029 – ENTERPRISE SECURITY
Part A - Data Classification and Data Handling Policy:
Statement of the Policy:
1. Responsibility Regarding Information Service: All the employees of the organization who
are related with the ACME’s internal and sensitive information must familiarize themselves with
the provided policy of data classification. This sensitive information of the organization is either
restricted or confidential in nature. This policy is capable of providing a proper guidance for a
consistent protection of the information of the ACME organization. This policy document will
also provide a conceptual model for the information system for the classification of the
information which is based on the sensitivity of the data. Overview of the required approaches is
also presented which are important for protecting the information that is depending on these
same classifications.
2. Major Risk Addressing: In this policy document information system data classification
model has been defined and these are based on concept of need to know. Through this term it has
been defined that information must not be provided to any persons who are not having any type
of requirement of accessing those sensitive data of the organization. When this concept will be
combined with the defined policies in this document, it will protect ACME from any
unauthorized type of modification, use, disclosure, deletion and modification to the sensitive
data.
3. Information that is Applicable: The policy of data classification is applicable for all of the
electronic type of information which is under the information system.
3
INFT 5029 – ENTERPRISE SECURITY
Procedures:
1. Data Classification:
1.1 Production and Owner Data: All the electronic information is managed by the information
management need to have a designated owner. Information regarding production is used
routinely for fulfilling the requirement of the business. Owners must take the responsibility
assigning proper type of sensitivity classification. Some designated members of ACME
management team supervise the ways through which the information will be used or will be
protected.
1.2 Restricted Data: This is a typical type of classification which is applicable for most of the
sensitive business information. The main aim of this type of classification is protecting the
information of the business strictly within the ACME organization. Unauthorized type of
disclosure of the restricted data can adversely impact the ACME organization.
1.3 Confidential Data: This type of data classification is applicable for the organizational
information which is not sensitive as the restricted data but still intended to use within the
ACME. Unauthorized type of disclosure of the restricted data can also adversely impact the
ACME organization.
1.4 Public Data: This type of classification is applicable for the information that is permitted the
management of the ACME organization. For this data classification, unauthorized disclosure of
data is not applicable as this can be out publicly without any type of potential harm.
1.5 Data Access Decisions: Owners of the data need to take decisions who will be permitted for
access of the data and for what type of purpose this data can be used. Services regarding
INFT 5029 – ENTERPRISE SECURITY
Procedures:
1. Data Classification:
1.1 Production and Owner Data: All the electronic information is managed by the information
management need to have a designated owner. Information regarding production is used
routinely for fulfilling the requirement of the business. Owners must take the responsibility
assigning proper type of sensitivity classification. Some designated members of ACME
management team supervise the ways through which the information will be used or will be
protected.
1.2 Restricted Data: This is a typical type of classification which is applicable for most of the
sensitive business information. The main aim of this type of classification is protecting the
information of the business strictly within the ACME organization. Unauthorized type of
disclosure of the restricted data can adversely impact the ACME organization.
1.3 Confidential Data: This type of data classification is applicable for the organizational
information which is not sensitive as the restricted data but still intended to use within the
ACME. Unauthorized type of disclosure of the restricted data can also adversely impact the
ACME organization.
1.4 Public Data: This type of classification is applicable for the information that is permitted the
management of the ACME organization. For this data classification, unauthorized disclosure of
data is not applicable as this can be out publicly without any type of potential harm.
1.5 Data Access Decisions: Owners of the data need to take decisions who will be permitted for
access of the data and for what type of purpose this data can be used. Services regarding
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
INFT 5029 – ENTERPRISE SECURITY
information must ensure that there are appropriate controls have been implemented for handling,
storage, regular usage and distribution of the electronic information.
2. Data Handling:
2.1 System Access Control Handling: Appropriate controls need to be implemented so that
authentication can be established for identification of the users for validation each of the user’s
authorization before providing information access to the user or to the system services. Data
which are used for the authentication purpose must be protected from any type of unauthorized
type of accesses. The controls need to be placed in such a way that only the individuals who are
having proper authorization are capable of accessing the controls. Remote access will be also
allowed but it will be controlled through authentication and identification mechanisms.
2.2 Need to Know: Each of the policy which is set in this document is depending on need to
know concept. In such of the cases where employees of information service is unclear about how
the requirement in the policy should be properly applied to a particular type of circumstances.
The main aim of implementing this is that the organizational sensitive information must be only
be disclosed to the peoples who are possessing proper business need for the business.
2.3 Decision Regarding Access Granting: Access to the sensitive information of the ACME
organization will only be provided in case of written approval of the owner of the data. The
requests of access will be presented in front of the data owner. In case if further access is
required to some other information then it must be handled by request by request basis. The list
of individuals who are having access to some confidential and restricted data must be reviewed
by the owner of the data in some periodic manner.
3. Physical Security:
INFT 5029 – ENTERPRISE SECURITY
information must ensure that there are appropriate controls have been implemented for handling,
storage, regular usage and distribution of the electronic information.
2. Data Handling:
2.1 System Access Control Handling: Appropriate controls need to be implemented so that
authentication can be established for identification of the users for validation each of the user’s
authorization before providing information access to the user or to the system services. Data
which are used for the authentication purpose must be protected from any type of unauthorized
type of accesses. The controls need to be placed in such a way that only the individuals who are
having proper authorization are capable of accessing the controls. Remote access will be also
allowed but it will be controlled through authentication and identification mechanisms.
2.2 Need to Know: Each of the policy which is set in this document is depending on need to
know concept. In such of the cases where employees of information service is unclear about how
the requirement in the policy should be properly applied to a particular type of circumstances.
The main aim of implementing this is that the organizational sensitive information must be only
be disclosed to the peoples who are possessing proper business need for the business.
2.3 Decision Regarding Access Granting: Access to the sensitive information of the ACME
organization will only be provided in case of written approval of the owner of the data. The
requests of access will be presented in front of the data owner. In case if further access is
required to some other information then it must be handled by request by request basis. The list
of individuals who are having access to some confidential and restricted data must be reviewed
by the owner of the data in some periodic manner.
3. Physical Security:
5
INFT 5029 – ENTERPRISE SECURITY
3.1 Access to the Information Facility: Each of the hardware equipment for the network and
the server that are within the facilities need to be secured when there is no trusted authorized
personnel from the ACME. In this context the physical security defines that it is a condition
where the information is locked in a secured way that it is capable of protecting itself from any
type of unauthorized type of access.
3.2 Access to the Data Center: The data center is very much sensible location for every
organization. Thus this data center needs to be protected in an appropriate manner. Any type of
unauthorized access to the data center must be blocked physically in an appropriate way.
4. Special Consideration within Restricted Information:
In such of the cases when the restricted information are stored within a portable
computer, personal computer or in any type of single user system then the policies for data
handling must ensure that the data is saved by safeguarded by information services. While the
owners of the devices in which the restricted information are stored must not leave by the owner
in such conditions where anyone can access those data. This type of situation includes
unprotected system, leaving the machine while logging in and providing access to some
unauthorized persons.
5. Classification model for information:
The main principle of information classification is to review the level of security consequences if
information is accessed without proper authorization. According to this principle of information
classification, information is classified into following categories:
Top secret:
INFT 5029 – ENTERPRISE SECURITY
3.1 Access to the Information Facility: Each of the hardware equipment for the network and
the server that are within the facilities need to be secured when there is no trusted authorized
personnel from the ACME. In this context the physical security defines that it is a condition
where the information is locked in a secured way that it is capable of protecting itself from any
type of unauthorized type of access.
3.2 Access to the Data Center: The data center is very much sensible location for every
organization. Thus this data center needs to be protected in an appropriate manner. Any type of
unauthorized access to the data center must be blocked physically in an appropriate way.
4. Special Consideration within Restricted Information:
In such of the cases when the restricted information are stored within a portable
computer, personal computer or in any type of single user system then the policies for data
handling must ensure that the data is saved by safeguarded by information services. While the
owners of the devices in which the restricted information are stored must not leave by the owner
in such conditions where anyone can access those data. This type of situation includes
unprotected system, leaving the machine while logging in and providing access to some
unauthorized persons.
5. Classification model for information:
The main principle of information classification is to review the level of security consequences if
information is accessed without proper authorization. According to this principle of information
classification, information is classified into following categories:
Top secret:
6
INFT 5029 – ENTERPRISE SECURITY
It refers to security classification of highest level which if accessed without permission has
significant impact on the security process and hence it is required to access properly so that this
information is not easily available. Information belonging to this category should have highest
level of authentication as it is extremely important to ensure that this information is not accessed
by people other than one who are authorized to access this information, otherwise it will
compromise the overall security of the organization.
Secret:
Though not as confidential as top secret, but it has important security consequences as well and
hence also requires effective security control and needs to restrict illegal access to this
information. Information that belongs to this category might not require to integrate same level
of authentication, but should have security measurements that are not easy to exploit.
Confidential:
This is the lowest level of classification. However, this does not mean that this information
should be shared publicly. Although in terms of effect on the security impact, this information is
not that impactful, but this information should not be disclosed either. Hence information
belonging to this category should be properly authenticated as well.
Part B – Technical Explanation of DAC and RMS
Dynamic access control:
Dynamic access control is an important tool for windows server that is required for establishing
access control to the server. Dynamic access control is a tool for data governance that was first
INFT 5029 – ENTERPRISE SECURITY
It refers to security classification of highest level which if accessed without permission has
significant impact on the security process and hence it is required to access properly so that this
information is not easily available. Information belonging to this category should have highest
level of authentication as it is extremely important to ensure that this information is not accessed
by people other than one who are authorized to access this information, otherwise it will
compromise the overall security of the organization.
Secret:
Though not as confidential as top secret, but it has important security consequences as well and
hence also requires effective security control and needs to restrict illegal access to this
information. Information that belongs to this category might not require to integrate same level
of authentication, but should have security measurements that are not easy to exploit.
Confidential:
This is the lowest level of classification. However, this does not mean that this information
should be shared publicly. Although in terms of effect on the security impact, this information is
not that impactful, but this information should not be disclosed either. Hence information
belonging to this category should be properly authenticated as well.
Part B – Technical Explanation of DAC and RMS
Dynamic access control:
Dynamic access control is an important tool for windows server that is required for establishing
access control to the server. Dynamic access control is a tool for data governance that was first
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFT 5029 – ENTERPRISE SECURITY
introduced in the windows server 2012 and previous version of windows server before windows
sever 2012 does not support this tool due to compatibility issues.
In order to secure the files hosted into the server, it is not only enough to restrict access to the
files, these files need to be encrypted as well. Encryption is essential requirement for data
security. When the files are properly encrypted it ensures that even if the files are accessed
without the permission, it is not easy to retrieve the required information or data from those files.
However, integrating encryption with the server is not an easy thing to implement due to
technical complexity and complex infrastructure requirement. However, dynamic access control
or DAC through Rights Management Services encryption provides facility to protect Microsoft
Office files that are sensitive in nature. Hence, this is an excellent feature of DAC.
Active directory refers to group of services provided by the Microsoft, these services are
executed on the windows server for managing permission, and providing access to various
network related resources.
RMS:
Active Directory Rights Management Services or AD RMS also known as Rights Management
Services or RMS for server that were launched before windows sever 2008 is a type of server
software that is applied for managing information right in windows sever and it is provided with
the windows server itself. It offers encryption for the server files and also provides a set of
functionalities that decides whether to grant access to the server or not based on the authorization
information and thus ensures that access to the documents such as e-mail, word documents and
webpages is limited and authenticated properly.
INFT 5029 – ENTERPRISE SECURITY
introduced in the windows server 2012 and previous version of windows server before windows
sever 2012 does not support this tool due to compatibility issues.
In order to secure the files hosted into the server, it is not only enough to restrict access to the
files, these files need to be encrypted as well. Encryption is essential requirement for data
security. When the files are properly encrypted it ensures that even if the files are accessed
without the permission, it is not easy to retrieve the required information or data from those files.
However, integrating encryption with the server is not an easy thing to implement due to
technical complexity and complex infrastructure requirement. However, dynamic access control
or DAC through Rights Management Services encryption provides facility to protect Microsoft
Office files that are sensitive in nature. Hence, this is an excellent feature of DAC.
Active directory refers to group of services provided by the Microsoft, these services are
executed on the windows server for managing permission, and providing access to various
network related resources.
RMS:
Active Directory Rights Management Services or AD RMS also known as Rights Management
Services or RMS for server that were launched before windows sever 2008 is a type of server
software that is applied for managing information right in windows sever and it is provided with
the windows server itself. It offers encryption for the server files and also provides a set of
functionalities that decides whether to grant access to the server or not based on the authorization
information and thus ensures that access to the documents such as e-mail, word documents and
webpages is limited and authenticated properly.
8
INFT 5029 – ENTERPRISE SECURITY
With RMS it is possible to encrypt documents stored in word format and also integrate policies
with these documents which ensures that contents are not decrypted without permission and this
permission is only provided to those group of peoples that have the required authorization for
accessing those files. It also helps in defining if certain files are allowed or prevented from
executing activities like editing, printing, copying, deleting or sharing with others and allows to
customize as well based on the requirements.
Configure and implement policy on DAC and RMS:
DAC:
Before integration of DAC with windows server 2012, network administrator required to
consider shared folder and NTFS permissions for ensuring security of the resources associated
with the file server.
DAC provides Active Directory Administrative Center (ADAC) and network administrator
should consider this in defining claims, resource properties, resource property lists, central
access rules, and central access properties, which are required for defining a proper security
policy. This enhances the overall security process of the server and ensure data security through
enhanced access control over the access to the data and files that are hosted on the server.
Network administrator for enhancing data security have to consider DAC as it applies centralized
policies which allows administrator to monitor server access. Through this process administrator
needs to define which user has access to which files and thus it helps in identifying if there is any
access to the files without any authorizations and hence this is an excellent way to restrict users
from accessing files for which they do not have proper access or authorization. Hence it
increases security of the network which is connected with this server.
INFT 5029 – ENTERPRISE SECURITY
With RMS it is possible to encrypt documents stored in word format and also integrate policies
with these documents which ensures that contents are not decrypted without permission and this
permission is only provided to those group of peoples that have the required authorization for
accessing those files. It also helps in defining if certain files are allowed or prevented from
executing activities like editing, printing, copying, deleting or sharing with others and allows to
customize as well based on the requirements.
Configure and implement policy on DAC and RMS:
DAC:
Before integration of DAC with windows server 2012, network administrator required to
consider shared folder and NTFS permissions for ensuring security of the resources associated
with the file server.
DAC provides Active Directory Administrative Center (ADAC) and network administrator
should consider this in defining claims, resource properties, resource property lists, central
access rules, and central access properties, which are required for defining a proper security
policy. This enhances the overall security process of the server and ensure data security through
enhanced access control over the access to the data and files that are hosted on the server.
Network administrator for enhancing data security have to consider DAC as it applies centralized
policies which allows administrator to monitor server access. Through this process administrator
needs to define which user has access to which files and thus it helps in identifying if there is any
access to the files without any authorizations and hence this is an excellent way to restrict users
from accessing files for which they do not have proper access or authorization. Hence it
increases security of the network which is connected with this server.
9
INFT 5029 – ENTERPRISE SECURITY
RMS:
RMS also provides RMS template which allows to group right for creating, modifying, deleting
and sharing documents which applies for a set of documents or for all of the files hosted on the
server.
RMS administrator have to consider these templates for deploying security policies for securing
the server files for illegal access or access without proper permission from the server
administrator.
Classification model for information:
Bell-lapadula model:
The main principle of information classification is to review the level of security consequences if
information is accessed without proper authorization. According to this principle of information
classification, information is classified into following categories top secret, secret, confidential.
Biba model:
This model classifies data according to their impact on data integrity and hence this model
provides a comprehensive data classification based on their impact on their data integrity. It
provides a set of control measures for ensuring that integrity of the data is not compromised.
Data are classified according to their level of integrity and the model is designed in such a way
that data that are higher in integrity level is not corrupted by data that are lower in integrity level.
The Bell-lapadula model considers confidentiality of data, not data integrity that is an important
requirement for successful data classification. The Biba model however not only considers
confidentiality of data, it also considers data integrity as well. Hence, this model is more
INFT 5029 – ENTERPRISE SECURITY
RMS:
RMS also provides RMS template which allows to group right for creating, modifying, deleting
and sharing documents which applies for a set of documents or for all of the files hosted on the
server.
RMS administrator have to consider these templates for deploying security policies for securing
the server files for illegal access or access without proper permission from the server
administrator.
Classification model for information:
Bell-lapadula model:
The main principle of information classification is to review the level of security consequences if
information is accessed without proper authorization. According to this principle of information
classification, information is classified into following categories top secret, secret, confidential.
Biba model:
This model classifies data according to their impact on data integrity and hence this model
provides a comprehensive data classification based on their impact on their data integrity. It
provides a set of control measures for ensuring that integrity of the data is not compromised.
Data are classified according to their level of integrity and the model is designed in such a way
that data that are higher in integrity level is not corrupted by data that are lower in integrity level.
The Bell-lapadula model considers confidentiality of data, not data integrity that is an important
requirement for successful data classification. The Biba model however not only considers
confidentiality of data, it also considers data integrity as well. Hence, this model is more
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
INFT 5029 – ENTERPRISE SECURITY
appropriate compared to the Bell-lapadula model. When integrity of the data is not ensured
security of data has little application. Hence, this method should be considered compared to the
Bell-lapadula model.
Labelling of data:
Data are labelled in four categories based on the sensitivity of the information:
Top secret: It refers to security classification of highest level which if accessed without
permission has significant impact on the security process and hence it is required to
access properly so that this information is not easily available. Information belonging to
this category should have highest level of authentication as it is extremely important to
ensure that this information is not accessed by people other than one who are authorized
to access this information, otherwise it will compromise the overall security of the
organization.
Secret: Though not as confidential as top secret, but it has important security
consequences as well and hence also requires effective security control and needs to
restrict illegal access to these information. Information that belongs to this category
might not require integrating same level of authentication, but should have security
measurements that are not easy to exploit.
Confidential: This is the lowest level of classification. However, this does not mean that
this information should be shared publicly. Although in terms of effect on the security
impact, this information is not that impactful, but this information should not be disclosed
either. Hence, information belonging to this category should be properly authenticated as
well.
INFT 5029 – ENTERPRISE SECURITY
appropriate compared to the Bell-lapadula model. When integrity of the data is not ensured
security of data has little application. Hence, this method should be considered compared to the
Bell-lapadula model.
Labelling of data:
Data are labelled in four categories based on the sensitivity of the information:
Top secret: It refers to security classification of highest level which if accessed without
permission has significant impact on the security process and hence it is required to
access properly so that this information is not easily available. Information belonging to
this category should have highest level of authentication as it is extremely important to
ensure that this information is not accessed by people other than one who are authorized
to access this information, otherwise it will compromise the overall security of the
organization.
Secret: Though not as confidential as top secret, but it has important security
consequences as well and hence also requires effective security control and needs to
restrict illegal access to these information. Information that belongs to this category
might not require integrating same level of authentication, but should have security
measurements that are not easy to exploit.
Confidential: This is the lowest level of classification. However, this does not mean that
this information should be shared publicly. Although in terms of effect on the security
impact, this information is not that impactful, but this information should not be disclosed
either. Hence, information belonging to this category should be properly authenticated as
well.
11
INFT 5029 – ENTERPRISE SECURITY
Procedure to label data:
Marking in each page: sensitivity mark is provided in bold text in top and bottom of each
page and this should be provided at the center of each page
Labeling on cover of a file: sensitivity information is labelled on the file cover
Paragraph classification: sensitivity information is provided in the paragraph adjacent to
the first letter of the document in the left margin of the document
Metadata: some organization provide sensitive information in the metadata itself
RMS:
Active Directory Rights Management Services or AD RMS also known as Rights Management
Services or RMS for server that were launched before windows sever 2008 is a type of server
software that is applied for managing information right in windows sever and it is provided with
the windows server itself. It offers encryption for the server files and provides a set of
functionalities that decides whether to grant access to the server or not based on the authorization
information and thus ensures that access to the documents such as e-mail, word documents and
webpages is limited and authenticated properly.
With RMS it is possible to encrypt documents stored in word format and also integrate policies
with these documents which ensures that contents are not decrypted without permission and this
permission is only provided to those group of peoples that have the required authorization for
accessing those files. It also helps in defining if certain files are allowed or prevented from
executing activities like editing, printing, copying, deleting or sharing with others and allows to
customize as well based on the requirements.
INFT 5029 – ENTERPRISE SECURITY
Procedure to label data:
Marking in each page: sensitivity mark is provided in bold text in top and bottom of each
page and this should be provided at the center of each page
Labeling on cover of a file: sensitivity information is labelled on the file cover
Paragraph classification: sensitivity information is provided in the paragraph adjacent to
the first letter of the document in the left margin of the document
Metadata: some organization provide sensitive information in the metadata itself
RMS:
Active Directory Rights Management Services or AD RMS also known as Rights Management
Services or RMS for server that were launched before windows sever 2008 is a type of server
software that is applied for managing information right in windows sever and it is provided with
the windows server itself. It offers encryption for the server files and provides a set of
functionalities that decides whether to grant access to the server or not based on the authorization
information and thus ensures that access to the documents such as e-mail, word documents and
webpages is limited and authenticated properly.
With RMS it is possible to encrypt documents stored in word format and also integrate policies
with these documents which ensures that contents are not decrypted without permission and this
permission is only provided to those group of peoples that have the required authorization for
accessing those files. It also helps in defining if certain files are allowed or prevented from
executing activities like editing, printing, copying, deleting or sharing with others and allows to
customize as well based on the requirements.
12
INFT 5029 – ENTERPRISE SECURITY
RMS also provides RMS template which allows to group these right for creating, modifying,
deleting and sharing documents which applies for a set of documents or for all of the files hosted
on the server. RMS administrator often considers these templates for deploying security policies
for securing the server files for illegal access or access without proper permission from the server
administrator.
Technology
Installation, configuration and integration of DAC and RMS roles and service in
Windows Server 2016 VMs for the implementation of the scenario.
INFT 5029 – ENTERPRISE SECURITY
RMS also provides RMS template which allows to group these right for creating, modifying,
deleting and sharing documents which applies for a set of documents or for all of the files hosted
on the server. RMS administrator often considers these templates for deploying security policies
for securing the server files for illegal access or access without proper permission from the server
administrator.
Technology
Installation, configuration and integration of DAC and RMS roles and service in
Windows Server 2016 VMs for the implementation of the scenario.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Domain Services
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Domain Services
14
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Certificate Services
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Certificate Services
15
INFT 5029 – ENTERPRISE SECURITY
INFT 5029 – ENTERPRISE SECURITY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
INFT 5029 – ENTERPRISE SECURITY
INFT 5029 – ENTERPRISE SECURITY
17
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Rights Management Services
INFT 5029 – ENTERPRISE SECURITY
Installation of Active Directory Rights Management Services
18
INFT 5029 – ENTERPRISE SECURITY
Installation of File and Storage Services
INFT 5029 – ENTERPRISE SECURITY
Installation of File and Storage Services
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
INFT 5029 – ENTERPRISE SECURITY
Use cases
Use Case 1
Scenario
A new document is created by the Financial Analyst and it is classified as Financial and
distributed with ACME.
Test procedure
INFT 5029 – ENTERPRISE SECURITY
Use cases
Use Case 1
Scenario
A new document is created by the Financial Analyst and it is classified as Financial and
distributed with ACME.
Test procedure
20
INFT 5029 – ENTERPRISE SECURITY
Screenshot
INFT 5029 – ENTERPRISE SECURITY
Screenshot
21
INFT 5029 – ENTERPRISE SECURITY
Use Case 2
Scenario
A design document is created by Executives and classified as sensitive and is set to product
lifecycle state to “concept”. The document is emailed to a peer in executive team and a friend in
HR.
Test procedure
Screenshot
INFT 5029 – ENTERPRISE SECURITY
Use Case 2
Scenario
A design document is created by Executives and classified as sensitive and is set to product
lifecycle state to “concept”. The document is emailed to a peer in executive team and a friend in
HR.
Test procedure
Screenshot
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22
INFT 5029 – ENTERPRISE SECURITY
Use Case 3
Scenario
A document containing confidential customer information is created and is classified as customer
confidential. The document is shared with everyone in ACME.
Test procedure
INFT 5029 – ENTERPRISE SECURITY
Use Case 3
Scenario
A document containing confidential customer information is created and is classified as customer
confidential. The document is shared with everyone in ACME.
Test procedure
23
INFT 5029 – ENTERPRISE SECURITY
Screenshot
INFT 5029 – ENTERPRISE SECURITY
Screenshot
24
INFT 5029 – ENTERPRISE SECURITY
INFT 5029 – ENTERPRISE SECURITY
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
25
INFT 5029 – ENTERPRISE SECURITY
Bibliography
Carutasu, G., Botezatu, M.A., Botezatu, C. and Pirnau, M., 2016, June. Cloud computing and
windows azure. In 2016 8th International Conference on Electronics, Computers and Artificial
Intelligence (ECAI) (pp. 1-6). IEEE.
Chawla, P. and Chamcham, J., VMware Inc, 2016. Accessing virtual disk content of a virtual
machine without running a virtual desktop. U.S. Patent 9,477,531.
Jordan, P., Van Patten, C., Peterson, G. and Sellers, A., 2016, July. Distributed powershell load
generator (D-PLG): A new tool for dynamically generating network traffic. In 2016 6th
International Conference on Simulation and Modeling Methodologies, Technologies and
Applications (SIMULTECH)(pp. 1-8). IEEE.
Krause, J., 2016. Mastering Windows Server 2016. Packt Publishing Ltd.
Nichols, J.A., Taylor, B.A. and Curtis, L., 2016, April. Security Resilience: Exploring Windows
Domain-Level Defenses Against Post-Exploitation Authentication Attacks. In Proceedings of the
11th Annual Cyber and Information Security Research Conference (p. 26). ACM.
PONGSRISOMCHAI, S. and NGAMSURIYAROJ, S., 2019, May. Automated IT Audit of
Windows Server Access Control. In 2019 21st International Conference on Advanced
Communication Technology (ICACT) (pp. 539-544). IEEE.
Stiawan, D., Idris, M.Y.B., Abdullah, A.H., AlQurashi, M. and Budiarto, R., 2016. Penetration
Testing and Mitigation of Vulnerabilities Windows Server. IJ Network Security, 18(3), pp.501-
513.
INFT 5029 – ENTERPRISE SECURITY
Bibliography
Carutasu, G., Botezatu, M.A., Botezatu, C. and Pirnau, M., 2016, June. Cloud computing and
windows azure. In 2016 8th International Conference on Electronics, Computers and Artificial
Intelligence (ECAI) (pp. 1-6). IEEE.
Chawla, P. and Chamcham, J., VMware Inc, 2016. Accessing virtual disk content of a virtual
machine without running a virtual desktop. U.S. Patent 9,477,531.
Jordan, P., Van Patten, C., Peterson, G. and Sellers, A., 2016, July. Distributed powershell load
generator (D-PLG): A new tool for dynamically generating network traffic. In 2016 6th
International Conference on Simulation and Modeling Methodologies, Technologies and
Applications (SIMULTECH)(pp. 1-8). IEEE.
Krause, J., 2016. Mastering Windows Server 2016. Packt Publishing Ltd.
Nichols, J.A., Taylor, B.A. and Curtis, L., 2016, April. Security Resilience: Exploring Windows
Domain-Level Defenses Against Post-Exploitation Authentication Attacks. In Proceedings of the
11th Annual Cyber and Information Security Research Conference (p. 26). ACM.
PONGSRISOMCHAI, S. and NGAMSURIYAROJ, S., 2019, May. Automated IT Audit of
Windows Server Access Control. In 2019 21st International Conference on Advanced
Communication Technology (ICACT) (pp. 539-544). IEEE.
Stiawan, D., Idris, M.Y.B., Abdullah, A.H., AlQurashi, M. and Budiarto, R., 2016. Penetration
Testing and Mitigation of Vulnerabilities Windows Server. IJ Network Security, 18(3), pp.501-
513.
26
INFT 5029 – ENTERPRISE SECURITY
Thomas, O., 2017. Windows Server 2016 Inside Out (includes Current Book Service). Microsoft
Press.
INFT 5029 – ENTERPRISE SECURITY
Thomas, O., 2017. Windows Server 2016 Inside Out (includes Current Book Service). Microsoft
Press.
1 out of 27
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.