Question

In: Computer Science

We have to design a security plan based on a given case study. The learning outcomes...

We have to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future workplace. Through your research, identify the threats, outline security guidelines, and develop a robust and pragmatic training program. You should develop a plan that you would regard as helpful to your information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide range of material.

Case Study Scenario: You are the recently appointed head of a security team responsible for protecting the information holdings of Innovations IT which is a consulting agency for IT based technologies comprising of 1500 staffs. The organization locates in the central business district of the city. The security team is responsible for administering the security of information from deliberate and accidental threats. The recent information security management team found that the security has not been properly addressed in some key areas such as incident response, disaster recovery, business continuity, social engineering attacks and lack of personnel awareness of the various threats to information, and poor password security. The above issues identified needed urgent remedy. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team. As the head of the team, it becomes your responsibility to ask your team to analyze the possible threats and provide a report on the detailed security countermeasures for all the possible threats.

As a part of the security analysis, the tasks of the team are to:

  1. Identify and describe the organizational holdings (assets) at risk
  2. Identify and describe the potential security threats to the organization
  3. Design the necessary security counter-measures to manage and address the threats
  4. Develop a comprehensive information security training and awareness program for the users of the organization belonging to the different levels of the organizational hierarchy

We have to write the materials under the following headings.

Executive summary
Introduction
Security Plan
Security Countermeasures
Training
Security Policy
Conclusion

Solutions

Expert Solution

Executive Summary-

The following basically describes the work as an Information Security Team in an infrastructure, describing all the essentials workflow in order to secure the infrastructure.

Introduction-

Information Security deals with the broader category of cybersecurity, covering many areas including social media, mobile computing, and cryptography, as well as aspects of cybersecurity. Information security basically relates to the information assurance in case of any disaster or any kinds of threats or during server malfunctioning.

Information security focuses on the three objectives-

  • Confidentiality - Preventing unauthorized access to data
  • Integrity - Ensuring the accuracy and authenticity of data
  • Availability - Ensuring data availability in case of server malfunctioning or disaster.

Security Plan-

Securing our infrastructure should be our primary goal. Our objective is to build a properly secured infrastructure. We start off from the ground level to provide better networking devices that will provide security to our environment. Moving down to application that will provide a foundation for the traffic flow. A threat is basically made on to the data server/ database server or any application that becomes a gateway to access such servers this is done by compromising the firewall or injecting any malicious bug, virus or any malware into the network. So our main objective is to protect the data server holding sensitive data from threats or any damage.

Security Countermeasures-

To build a proper security infrastructure, we need to first figure out the proper infrastructure to support the network system. A secured private infrastructure is to be developed in order to secure the infrastructure which might hold sensitive data information. There can be various steps that can be taken in order to implement such measures--

  • Use of Firewalls and security - Firewalls are basically networking security system that monitors incoming and outgoing traffic. They are said to be an invisible wall that limits the flow of traffic. The limitation can be in any form, that can be different protocols used, different ports which are used to communicate, and bandwidth usage or can be any communication security. These firewalls can be hardware machinery or software that can be implemented on the network system. An ideal firewall system can be called a machinery-software pair which holds effective in sensitive security areas. The firewalls monitor the incoming-outgoing traffic from routers so a firewall is to be always implemented before a traffic comes from ISP to the router or when working in a wireless spectrum, a firewall can be implemented in-between a wireless device and a wireless host machine.
  • Disaster Management and High Availability - In order to secure data recovery failover measures need to be supported. Every application and the server serving its purpose needs to have clustered availability and mostly avoid single point of failure. There can be an incident or some malfunctionality which can lead to loss of data or service.
  • Network-Monitoring - A network monitoring tool like Operation Manager ( Vendor - Microsoft), Zabbix, or any other such tool which are server monitoring tool which basically helps in taking note on all the appliances and applications that are connected to the network. Any malicious activity will be logged.
  • Log Analytics - Auditing logs is very much important when it comes to keeping workflow with the audit logs and all the application logs that might be beneficial in case of any intrusion. An application like Splunk, Netwrix is beneficial in log monitoring and audit logging.
  • Cloud Service - When working in a large infrastructure we need to keep updating the systems and also the Anti-Virus so protect from all the threats. It is not possible to manage all the devices one by one, we need a centralised control for this. We have a lot of products like Configuration Manager (Vendor - Microsoft) to take care of such software patches and also see if all the machines are in compliance, but the question is what if we have systems far off the coast in that case the local management procedure will not work, here we have to manage via the cloud. Cloud Service offers cloud security including Windows Defender Advanced Threat Protection is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. These are preventative and post-detection to Windows Defender and most importantly this is a cloud service and can be implemented to all servers irrespective to location.

Traning-

The training course will not only be centred among the security team but also among the IT professionals or anyone who is working in the company should be aware of Do's and Don't. Everybody must be aware of what a security team is trying to achieve and how the management should help them protect the infrastructure. Every individual in the organization should be alert on whatever application they are using whatever network they are in.

Security Policy-

Information Security Policy (ISP) is a set of rules or can be said policies designed by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.

The purpose of the Information Security Policy is to establish a general approach to information security, to detect any compromise of information security such as misuse of data, networks, computer systems and applications, to protect the prestige of the company and rights of the customers. Information Security Policy deals with three main objectives -- Confidentiality, Integrity, and Availability. The primary goal is to protect this objective while working in an organization.

Apart from the Security Countermeasures, there are some general security policy that needs to be implemented.

This can be implemented using--

  • Access Control
  • Password Management
  • Ports and IP configuration in firewall
  • VPN security
  • Physical Security

Conclusion-

In this world of the Internet and making everything possible for everyone, we need to expose ourself and the moment we expose we are vulnerable to all kinds of threats, but that doesn't mean we would stop using the Internet, it is not that difficult to protect ourself, we just need to think right and know what to protect and how to protect.

Thanks


Related Solutions

Case Study: Renal Physiology Learning Outcomes: Apply physiological and biochemical knowledge to analyze case studies on...
Case Study: Renal Physiology Learning Outcomes: Apply physiological and biochemical knowledge to analyze case studies on pathological states. Communicate biological information effectively in written work. Apply physiology to relevant societal impacts. Directions: Please read the provided case study and then answer the following questions. Your answers should be complete and detailed, including all relevant physiological details including hormones and renal control mechanisms. Each answer should be at least one paragraph. A 24-year-old man visits his primary care physician after suddenly...
Students are expected to design a qualitative study based on the case study.
Case StudyStudents are expected to design a qualitative study based on the case study.Sandersburg is located about 90 miles from a large city and has a population of about 30,000 people. For the past 5 years, the local community hospital has lost money. Because it is a small, 80-bed hospital, it is not able to offer the extensive services of the two larger regional hospitals. However, the people living in Sandersburg do come to the hospital for minor emergencies and...
Given the discussion on the comparison between the population based design and the exposure-based design, we...
Given the discussion on the comparison between the population based design and the exposure-based design, we can compare the case-control design with the population-based design of the same sample size following the same logic. Please argue that a) the most powerful choice of sample sizes in case-control study is nD = nD(bar) = n/2. b)case-control study with equal sample sizes of cases and controls always leads to more powerful test than a population-based design of the same sample size
Explain performance based learning? Incorporating the ideas presented in the readings, create a study plan that...
Explain performance based learning? Incorporating the ideas presented in the readings, create a study plan that will help you to be successful.
This week we will be continuing our journey to develop and communicate a cyber-security improvement plan in our case study assignment for PureLand Chemical.
This week we will be continuing our journey to develop and communicate a cyber-security improvement plan in our case study assignment for PureLand Chemical. During week-4, we’ll be developing and submitting a description of the threats and vulnerabilities facing PureLand Chemical.1. First, read the document titled,  COMMON VULNERABILITIES IN critical infrastructure control systems.pdf  available in Blackboard or u can directly search in google. This document will provide an overview of common vulnerabilities of ICS systems.2.Using the information in the common vulnerabilities document...
PPT Case Study- The Nguyen's... Create a plan of care based on the information and questions...
PPT Case Study- The Nguyen's... Create a plan of care based on the information and questions in the PPT. Ma i Nguyens,Nam Ngugens mother has been experince blurred vision .What are possible causes of blurred vision? She reports to the primary care clinic today, accompanied by Nam. Mai tells you, “I don’t know what happened. I was pulling into a parking space at the grocery store, and the next thing you know, I hear this loud boom. I don’t know...
What is meant by the case study approach to learning business?
What is meant by the case study approach to learning business?
In your opinion or through research, how successful have case, disease, and outcomes management been? Based...
In your opinion or through research, how successful have case, disease, and outcomes management been? Based on your answer, give examples.
Identify which study design is applicable for studying the following health outcomes and why?
  PHC 131 Identify which study design is applicable for studying the following health outcomes and why? Number of new cases of obesity among college students in Saudi Arabia in 2019.         – 2 marks The number of students with obesity who are physically active and the number of students with obesity who are physically inactive.                – 2 marks Give two difference between descriptive and analytic cross-sectional study.             – 1 mark
Case Study Design and Analysis Create a fictional case study using these terms Persuasion (may not...
Case Study Design and Analysis Create a fictional case study using these terms Persuasion (may not be related to actual individuals). You will use the following guidelines while writing your case study: Background: You need to describe the demographics of individuals involved in the case study such as their age, gender, occupation, education, relationships, and family history. The case story: You need to describe a scenario using third person in which individuals have joined a nonreligious cult or group prescribing...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT