In: Computer Science
We have to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future workplace. Through your research, identify the threats, outline security guidelines, and develop a robust and pragmatic training program. You should develop a plan that you would regard as helpful to your information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide range of material.
Case Study Scenario: You are the recently appointed head of a security team responsible for protecting the information holdings of Innovations IT which is a consulting agency for IT based technologies comprising of 1500 staffs. The organization locates in the central business district of the city. The security team is responsible for administering the security of information from deliberate and accidental threats. The recent information security management team found that the security has not been properly addressed in some key areas such as incident response, disaster recovery, business continuity, social engineering attacks and lack of personnel awareness of the various threats to information, and poor password security. The above issues identified needed urgent remedy. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. As the head of the team, it becomes your responsibility to ask your team to analyze the possible threats and provide a report on the detailed security countermeasures for all the possible threats.
As a part of the security analysis, the tasks of the team are to:
We have to write the materials under the following headings.
Executive summary
Introduction
Security Plan
Security Countermeasures
Training
Security Policy
Conclusion
Executive Summary-
The following basically describes the work as an Information Security Team in an infrastructure, describing all the essentials workflow in order to secure the infrastructure.
Introduction-
Information Security deals with the broader category of cybersecurity, covering many areas including social media, mobile computing, and cryptography, as well as aspects of cybersecurity. Information security basically relates to the information assurance in case of any disaster or any kinds of threats or during server malfunctioning.
Information security focuses on the three objectives-
Security Plan-
Securing our infrastructure should be our primary goal. Our objective is to build a properly secured infrastructure. We start off from the ground level to provide better networking devices that will provide security to our environment. Moving down to application that will provide a foundation for the traffic flow. A threat is basically made on to the data server/ database server or any application that becomes a gateway to access such servers this is done by compromising the firewall or injecting any malicious bug, virus or any malware into the network. So our main objective is to protect the data server holding sensitive data from threats or any damage.
Security Countermeasures-
To build a proper security infrastructure, we need to first figure out the proper infrastructure to support the network system. A secured private infrastructure is to be developed in order to secure the infrastructure which might hold sensitive data information. There can be various steps that can be taken in order to implement such measures--
Traning-
The training course will not only be centred among the security team but also among the IT professionals or anyone who is working in the company should be aware of Do's and Don't. Everybody must be aware of what a security team is trying to achieve and how the management should help them protect the infrastructure. Every individual in the organization should be alert on whatever application they are using whatever network they are in.
Security Policy-
Information Security Policy (ISP) is a set of rules or can be said policies designed by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.
The purpose of the Information Security Policy is to establish a general approach to information security, to detect any compromise of information security such as misuse of data, networks, computer systems and applications, to protect the prestige of the company and rights of the customers. Information Security Policy deals with three main objectives -- Confidentiality, Integrity, and Availability. The primary goal is to protect this objective while working in an organization.
Apart from the Security Countermeasures, there are some general security policy that needs to be implemented.
This can be implemented using--
Conclusion-
In this world of the Internet and making everything possible for everyone, we need to expose ourself and the moment we expose we are vulnerable to all kinds of threats, but that doesn't mean we would stop using the Internet, it is not that difficult to protect ourself, we just need to think right and know what to protect and how to protect.
Thanks