Question

We have to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future workplace. Through your research, identify the threats, outline security guidelines, and develop a robust and pragmatic training program. You should develop a plan that you would regard as helpful to your information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide range of material.

Case Study Scenario: You are the recently appointed head of a security team responsible for protecting the information holdings of Innovations IT which is a consulting agency for IT based technologies comprising of 1500 staffs. The organization locates in the central business district of the city. The security team is responsible for administering the security of information from deliberate and accidental threats. The recent information security management team found that the security has not been properly addressed in some key areas such as incident response, disaster recovery, business continuity, social engineering attacks and lack of personnel awareness of the various threats to information, and poor password security. The above issues identified needed urgent remedy. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. As the head of the team, it becomes your responsibility to ask your team to analyze the possible threats and provide a report on the detailed security countermeasures for all the possible threats.

As a part of the security analysis, the tasks of the team are to:

1. Identify and describe the organizational holdings (assets) at risk
2. Identify and describe the potential security threats to the organization
3. Design the necessary security counter-measures to manage and address the threats
4. Develop a comprehensive information security training and awareness program for the users of the organization belonging to the different levels of the organizational hierarchy

We have to write the materials under the following headings.

Executive summary
Introduction
Security Plan
Security Countermeasures
Training
Security Policy
Conclusion

Answer 1

Executive Summary-

The following basically describes the work as an Information Security Team in an infrastructure, describing all the essentials workflow in order to secure the infrastructure.

Introduction-

Information Security deals with the broader category of cybersecurity, covering many areas including social media, mobile computing, and cryptography, as well as aspects of cybersecurity. Information security basically relates to the information assurance in case of any disaster or any kinds of threats or during server malfunctioning.

Information security focuses on the three objectives-

• Confidentiality - Preventing unauthorized access to data
• Integrity - Ensuring the accuracy and authenticity of data
• Availability - Ensuring data availability in case of server malfunctioning or disaster.

Security Plan-

Securing our infrastructure should be our primary goal. Our objective is to build a properly secured infrastructure. We start off from the ground level to provide better networking devices that will provide security to our environment. Moving down to application that will provide a foundation for the traffic flow. A threat is basically made on to the data server/ database server or any application that becomes a gateway to access such servers this is done by compromising the firewall or injecting any malicious bug, virus or any malware into the network. So our main objective is to protect the data server holding sensitive data from threats or any damage.

Security Countermeasures-

To build a proper security infrastructure, we need to first figure out the proper infrastructure to support the network system. A secured private infrastructure is to be developed in order to secure the infrastructure which might hold sensitive data information. There can be various steps that can be taken in order to implement such measures--

• Use of Firewalls and security - Firewalls are basically networking security system that monitors incoming and outgoing traffic. They are said to be an invisible wall that limits the flow of traffic. The limitation can be in any form, that can be different protocols used, different ports which are used to communicate, and bandwidth usage or can be any communication security. These firewalls can be hardware machinery or software that can be implemented on the network system. An ideal firewall system can be called a machinery-software pair which holds effective in sensitive security areas. The firewalls monitor the incoming-outgoing traffic from routers so a firewall is to be always implemented before a traffic comes from ISP to the router or when working in a wireless spectrum, a firewall can be implemented in-between a wireless device and a wireless host machine.
• Disaster Management and High Availability - In order to secure data recovery failover measures need to be supported. Every application and the server serving its purpose needs to have clustered availability and mostly avoid single point of failure. There can be an incident or some malfunctionality which can lead to loss of data or service.
• Network-Monitoring - A network monitoring tool like Operation Manager ( Vendor - Microsoft), Zabbix, or any other such tool which are server monitoring tool which basically helps in taking note on all the appliances and applications that are connected to the network. Any malicious activity will be logged.
• Log Analytics - Auditing logs is very much important when it comes to keeping workflow with the audit logs and all the application logs that might be beneficial in case of any intrusion. An application like Splunk, Netwrix is beneficial in log monitoring and audit logging.
• Cloud Service - When working in a large infrastructure we need to keep updating the systems and also the Anti-Virus so protect from all the threats. It is not possible to manage all the devices one by one, we need a centralised control for this. We have a lot of products like Configuration Manager (Vendor - Microsoft) to take care of such software patches and also see if all the machines are in compliance, but the question is what if we have systems far off the coast in that case the local management procedure will not work, here we have to manage via the cloud. Cloud Service offers cloud security including Windows Defender Advanced Threat Protection is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. These are preventative and post-detection to Windows Defender and most importantly this is a cloud service and can be implemented to all servers irrespective to location.

Traning-

The training course will not only be centred among the security team but also among the IT professionals or anyone who is working in the company should be aware of Do's and Don't. Everybody must be aware of what a security team is trying to achieve and how the management should help them protect the infrastructure. Every individual in the organization should be alert on whatever application they are using whatever network they are in.

Security Policy-

Information Security Policy (ISP) is a set of rules or can be said policies designed by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.

The purpose of the Information Security Policy is to establish a general approach to information security, to detect any compromise of information security such as misuse of data, networks, computer systems and applications, to protect the prestige of the company and rights of the customers. Information Security Policy deals with three main objectives -- Confidentiality, Integrity, and Availability. The primary goal is to protect this objective while working in an organization.

Apart from the Security Countermeasures, there are some general security policy that needs to be implemented.

This can be implemented using--

• Access Control
• Password Management
• Ports and IP configuration in firewall
• VPN security
• Physical Security

Conclusion-

In this world of the Internet and making everything possible for everyone, we need to expose ourself and the moment we expose we are vulnerable to all kinds of threats, but that doesn't mean we would stop using the Internet, it is not that difficult to protect ourself, we just need to think right and know what to protect and how to protect.

Thanks