Question

In: Computer Science

You are consultants who have been called in to address a significant security breach in a...

You are consultants who have been called in to address a significant security breach in a medium sized manufacturing company. Detailed in the following link the organization was forced to halt the production of boots because a dismissed IT employee took steps to sabotage. https://www.bleepingcomputer.com/news/security/sysadmin-gets-18-months-in-prison-for-shutting-down-former-employers-network/ Your goal is to recommend a security policy and associated implementation of this policy (procedures supported by standards and guidelines) that limits or eliminates the security risks associated with departing employees.

task is to “slam the door shut”. You need to recommend immediate implementation measures. This will be primarily described in a procedures document supported by standards and guidelines.

Solutions

Expert Solution

There are three important strategies for controlling risks in an organization. Privilege management is the process of assigning and revoking privileges to users on a network. Change management is a methodology for making modifications and keeping track of changes, such as new servers or routers being introduced to a network. Incident management is a framework and functions required to enable incident response. Another way of reducing risks is through a network security policy. A policy is a document that outlines the protections that should be enacted to ensure that the organization’s network stability and assets face minimal risks. This defines how an organization plans to protect the company’s network.

The primary purpose of a network security policy is to inform users and staff the requirements for protecting various assets. These assets take many forms, including passwords, documents, or even servers. These policies also lay guidelines for acquiring, configuring, and auditing computer systems and networks. Things companies should consider when creating a network security policy include; what do you have on the network that others want? What processes, data, or information systems are critical to your organization? What would stop your company from functioning? The answers to these questions identify network assets in a wide range. These include critical databases, vital applications, personal data, shared network storage, e-mail servers, and web servers. Network security policies must consider all entities that deal with your network. Not only employees, but end users and anyone who has confidential data on your networks. Employees are considered potential threats in security policies. However, these policies must be implemented so that employees are still able to complete their jobs without being overly burdened by security measures.

An audit policy is used to conduct audits and risk assessments, investigate incidents, ensure adherence to security policies, and monitor user and system activity when needed. Global web server policy defines the standards that are required by all web hosts on the network. E-mail policy defines standards to prevent tarnishing the public image of the organization, restrict automatic e-mail forwarding to external destinations without prior approval, and spam policies. Remote access policies define the standards for connecting to the network from any host or network external to the organization. A VPN security policy defines the requirements for remote-access IP security or Layer 2 tunneling protocol VPN connections to the organization network. Application service provider policy defines the minimum security criteria that an ASP must execute before the organization uses their services on a project. Database credential policy defines the minimum requirements for securely storing and retrieving database usernames and passwords.

Inter-process communications policy defines the security requirements that any two or more processes must meet when they communicate with each other using a network socket or operating system socket. Source code protection policy establishes minimum security requirements for managing product source code. Extranet policy defines requirements that third-party organizations that need access to the organization networks must sign a third-party connection agreement.

Network encryption is another key factor. Sometimes called “network level encryption” is a network security process that applies crypto services at the network transfer layer. Using existing network services and application software, network encryption is invisible to the end users and operates independently of any other encryption processes used. Businesses can utilize network encryption methods to ensure communications between local networks are confidential. One popular form of network encryption is Ipsec, otherwise known as Internet protocol security. It includes a set of cryptographic tools to protect communications, encrypting each IP packet going between network systems.

So these are basically the security policy and associated implementation that I would suggest to limit or eliminates security risks associated with departing employees even these techniques are very powerful to secure the company network with most of the potential threats.


Related Solutions

You have been hired as consultants to design and implement a widespread security initiative for a...
You have been hired as consultants to design and implement a widespread security initiative for a rapidly expanding global eCommerce corporation with two websites and locations in New York, Chicago, San Francisco, London, Paris and Johannesburg. Business is good! In the next three months, the corporation will be acquiring another company in a different line of business with plans to offer products for sale online. Part of your role is to recommend the best way for integrating both environments. However,...
Please answer question 1. Thank you. You and your team are financial consultants who have been...
Please answer question 1. Thank you. You and your team are financial consultants who have been hired by a large, publicly traded electronics firm, Brilliant Electronics (BE), a leader in its industry. The company is looking into manufacturing its new product, a machine using sophisticated state of the art technology developed by BE’s R&D team, overseas. This overseas project will last five years. They’ve asked you to evaluate this project and to make a recommendation about whether or not the...
Scenario            Imagine that you are on a team of counselors who have been called in...
Scenario            Imagine that you are on a team of counselors who have been called in to provide consultation. You begin your work by interviewing trainees at the site. Your first interview is with Kara, a master's level student at her local university who is doing an internship at the agency. Kara states that her most puzzling client is an Eastern European male named Dominik; he has been in the United States for about a year on a work visa...
You are an employee of University Consultants. Ltd., and have been given the following assignment. You...
You are an employee of University Consultants. Ltd., and have been given the following assignment. You are to present an investment analysis of a new small residential income producing property for sale to a potential investor. The asking price for the property is $1, 250,000; rents are estimated at $200,000 during the first year and are expected to grow at 3 percent per year thereafter. Vacancies and collection losses are expected to be 10 percent of rents. Operating expenses will...
You are an employee of University Consultants, Ltd and have been given the following information. You...
You are an employee of University Consultants, Ltd and have been given the following information. You are to present an investment analysis of a new small income-producing property for sale to a potential inventor. The asking price for the property is $8.5 million. You determine that the building was worth $7.225 million and could be depreciated over 39 years (use 1/39 per year). NOIs are estimated to be $901,375 for year 1, $900,681 for year 2, $899,962 for year 3,...
For this activity, you have been hired as a team of consultants on a multi-year basis...
For this activity, you have been hired as a team of consultants on a multi-year basis for a global washer and dryer manufacturer. They currently offer two core washer and dryer sets: a high-end model and an economic model. You are tasked to complete several calculations and present your findings to the company stakeholders. You may use any presentation software (Google Slides, Prezi, PowerPoint, etc.) and your completed presentation should consist of 8 – 12 slides. A copy of the...
For this activity, you have been hired as a team of consultants on a multi-year basis...
For this activity, you have been hired as a team of consultants on a multi-year basis for a global washer and dryer manufacturer. They currently offer two core washer and dryer sets: a high-end model and an economic model. You are tasked to complete several calculations and present your findings to the company stakeholders. You may use any presentation software (Google Slides, Prezi, PowerPoint, etc.) and your completed presentation should consist of 12 – 15 slides. A copy of the...
As an investment advisor, you have been approached by a client called Kiprono, who wants some...
As an investment advisor, you have been approached by a client called Kiprono, who wants some help in investment-related matters. Kiprono is currently 45 years old and has Ksh. 600,000 in the bank. He plans to work for 15 more years and retire at the age of 60. Kiprono’s present salary is Ksh. 400,000 per year. He expects his salary to increase at the rate of 12 percent per year until his retirement. Kiprono has decided to invest his bank...
What organisational policies and procedures have been breached and how? Has there been a breach of...
What organisational policies and procedures have been breached and how? Has there been a breach of duty of care towards Lenny? What are Lenny’s human rights regarding this situation? Have staff supported Lenny’s rights? If yes, how? If not, why not? What strategies need to be in place to guide staff in relation to cultural diversity issues? Give two examples. What mechanisms within the aged care sector are open to Lenny in regard to having his issues addressed?
You have been called to the scene of a 19-year-old college student who is at his parents' house for the weekend.
1 You have been called to the scene of a 19-year-old college student who is at his parents' house for the weekend. The patient complains of sensitivity to light and nausea. He also has a headache and is covered in what appears to be a red rash that does not blanch when pressed. Your partner asks the patient to sit up straight and then bring his chin down to his chest. For which of the following diseases is your partner...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT