In: Computer Science
You are consultants who have been called in to address a significant security breach in a medium sized manufacturing company. Detailed in the following link the organization was forced to halt the production of boots because a dismissed IT employee took steps to sabotage. https://www.bleepingcomputer.com/news/security/sysadmin-gets-18-months-in-prison-for-shutting-down-former-employers-network/ Your goal is to recommend a security policy and associated implementation of this policy (procedures supported by standards and guidelines) that limits or eliminates the security risks associated with departing employees.
task is to “slam the door shut”. You need to recommend immediate implementation measures. This will be primarily described in a procedures document supported by standards and guidelines.
There are three important strategies for controlling risks in an organization. Privilege management is the process of assigning and revoking privileges to users on a network. Change management is a methodology for making modifications and keeping track of changes, such as new servers or routers being introduced to a network. Incident management is a framework and functions required to enable incident response. Another way of reducing risks is through a network security policy. A policy is a document that outlines the protections that should be enacted to ensure that the organization’s network stability and assets face minimal risks. This defines how an organization plans to protect the company’s network.
The primary purpose of a network security policy is to inform users and staff the requirements for protecting various assets. These assets take many forms, including passwords, documents, or even servers. These policies also lay guidelines for acquiring, configuring, and auditing computer systems and networks. Things companies should consider when creating a network security policy include; what do you have on the network that others want? What processes, data, or information systems are critical to your organization? What would stop your company from functioning? The answers to these questions identify network assets in a wide range. These include critical databases, vital applications, personal data, shared network storage, e-mail servers, and web servers. Network security policies must consider all entities that deal with your network. Not only employees, but end users and anyone who has confidential data on your networks. Employees are considered potential threats in security policies. However, these policies must be implemented so that employees are still able to complete their jobs without being overly burdened by security measures.
An audit policy is used to conduct audits and risk assessments, investigate incidents, ensure adherence to security policies, and monitor user and system activity when needed. Global web server policy defines the standards that are required by all web hosts on the network. E-mail policy defines standards to prevent tarnishing the public image of the organization, restrict automatic e-mail forwarding to external destinations without prior approval, and spam policies. Remote access policies define the standards for connecting to the network from any host or network external to the organization. A VPN security policy defines the requirements for remote-access IP security or Layer 2 tunneling protocol VPN connections to the organization network. Application service provider policy defines the minimum security criteria that an ASP must execute before the organization uses their services on a project. Database credential policy defines the minimum requirements for securely storing and retrieving database usernames and passwords.
Inter-process communications policy defines the security requirements that any two or more processes must meet when they communicate with each other using a network socket or operating system socket. Source code protection policy establishes minimum security requirements for managing product source code. Extranet policy defines requirements that third-party organizations that need access to the organization networks must sign a third-party connection agreement.
Network encryption is another key factor. Sometimes called “network level encryption” is a network security process that applies crypto services at the network transfer layer. Using existing network services and application software, network encryption is invisible to the end users and operates independently of any other encryption processes used. Businesses can utilize network encryption methods to ensure communications between local networks are confidential. One popular form of network encryption is Ipsec, otherwise known as Internet protocol security. It includes a set of cryptographic tools to protect communications, encrypting each IP packet going between network systems.
So these are basically the security policy and associated implementation that I would suggest to limit or eliminates security risks associated with departing employees even these techniques are very powerful to secure the company network with most of the potential threats.