a. Top Secret – The highest security level. Information is classified Top Secret if unauthorized disclosure would cause “exceptionally grave damage” to national security b. Secret – This is the second-highest classification. Information is classified Secret when its unauthorized disclosure would cause “serious damage” to national security. Most information that is classified is held at the secret sensitivity. c. Confidential – This is the lowest classification level of information obtained by the government. It is defined as information that would “damage” national security if publicly disclosed, again, without the proper authorization.
d. Public Trust – Certain positions which require access to sensitive information, but not information which is classified, must obtain this designation through a background check. Public Trust Positions can either be moderate-risk or high-risk. e. Unclassified – Is not actually a classification level, it is the lack of classification level. It is used for information that the government has not classified under the security classification system 2. Create a new domain wide GPO and enable “Deny logon locally” user right to the source domain user accounts and disable multiple logon. Educate all employees on strong password knowledge use and force change through Password GPO.
3. List Folder/Read Data, Read Attributes, Read Extended Attributes, Create Files/Write Data, Create Folders/Append Data, Write Attributes, Write Extended Attributes, Read Permissions, and Synchronize.
4. In Windows Explorer from the command line you can use icacls.exe to set all file-system security options that are accessible. icacls.exe does this by displaying and modifying the access control lists (ACLs) of files.
5. I would prefer to add them to the groups. This way when editing permissions it is easier to grant permission or take it away for users quicker and more efficiently.
6. A Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level. You can block inheritance for a domain or organizational unit.
7. A security group is composed of people who have similar roles in the enterprise. It makes administration of permissions easier because all members of the group automatically get all of the permissions of the group. If I was adding a person new to the company by putting them in a group, they automatically gain all of the permissions of that group and I don’t have to individually assign the permissions which could mean that a specific permission gets overlooked accidentally. Changing permissions in large amounts is easier to accomplish.
8. POLP states that every module of a system, such as a process, user or program should have the least authority possible to perform its job. The principle of least privilege (POLP) is an information security term that refers to a design objective in computing that a given user should only be able to access the information and resources he or she requires for legitimate reasons.
9. The tiered architecture reduces costs, with access to current data kept quick and efficient, and archived or compliance data moved to cheaper offline storage. Data classification is the need for a tiered storage architecture, which will provide different levels of security within each type of storage, such as primary, backup, disaster recovery and archive — increasingly confidential and valuable data protected by increasingly robust security.
10. The purpose of this principle is that if an account is compromised then nothing will be able to be done from that account to harm the network because it is the POLP.