Question

In: Computer Science

You have recently been hired by a new Japanese accounting firm, headquarter in Tokyo, as the...

You have recently been hired by a new Japanese accounting firm, headquarter in Tokyo, as the director of Information Systems and Telecommunications. Your assignment is to assist security posture of the firm and develop a security structure for this new company. Write your recommendations and reasons to the firm’s CEO. The firm has 600 employees in Tokyo, 50 in Houston, and is planning to open two branch offices in India and California. Ten accountants will be hired at each site. USA customers’ data from the Houston and California offices will be transmitted to the India and Japan offices for processing of payroll. The results are then sent back to the Firm’s USA office in Houston. Currently, only TCP/IP (pubic Internet) is being used. The firm’s network is a Windows environment, using CISCO products, with two IPv4 address, 211.156.13.0/24 and 211.156.14.0/24. You may create any subnet as needed.

Assume no security applications are in place since this is a new company. Design a detailed logical and physical security system to be used in the new firm’s plan. Provide information about specific hardware and software.

Also include needed policies and procedures. Provide security details and address policies, government

regulations and industry regulations as needed.

Your high level areas of requirements are as follows (this is a big list – focus on priorities!):

Install critical infrastructure that provides business continuity

Implement IDS/IPS solution

Investigate next generation technology

Implement VPN for Remote Users

Email Filtering (scanning for viruses, spam, etc)

Web Filtering

SIEM Solution (malware analysis, vulnerability scanning, internal penetration testing)

Penetration Testing and Security Auditing (outside service option)

HTTP to HTTPS Conversion

Centralized Management Services for all Networking/Security Devices

Recommend Standards for configuration of all devices and servers

ACL standards (allow/deny), Turn off services, ports, block protocols, etc.

Disaster Recovery (just backup at the config level & data)

Standard for offsite device config backup and recovery

Standard for data backup and recovery

Physical Security (recent incidents indicate espionage risk is high)

Standards for device and physical access (ex: BitLocker, disable USB, biometrics, cameras, security guards)

User awareness & training

Your project must clearly articulate methodologies that address the business needs, determining the infrastructure and

operations, developing timelines, and an implementation plan.

The network design must be robust, secure, functional, and support the speed of business. Your organization has a mix of email, web-services, patch/change management, virus protection, basic perimeter based security. Your team is free to make assumptions and recommendations so long as they are clearly documented and relayed to the stakeholders; include anything that your team believes will be needed.

To meet the stakeholder’s needs your solution and presentation will be assessed on:

I. Scope

II. Plan of Implementation (what will be implemented in months 1-3, 4-6, 6-9 and 9-12)

III. Design Document

IV. High Level Project Plan (Time to Implement)

V. Overall cost (guess since you will not have access to discounted prices)

Solutions

Expert Solution

The security details and policies are as follows:

Security Policy: Security policy is being used to maintain atleast a minimum required security in networks as well as in industrial control systems. This policy include following given steps:

1) Identify: Here in this very step, ve identify the various resource, that we have look for the security issues. In the other way, we can say that, here in this step, we identify, what we need to protect or look for the security issues.

2) Asses: As in the first step various assets have been identified, so now in this step, we perform a security assessment on the resources as well as assets identified on the very first step. Here in this step we take care of various aspects of processes as well as of procedures to look for vulenrability as well as of security concerns. On the bases of the assessment, we derive the security issues as well as the security results, which tells about the security related issues of resource as well as of assets.

3) Protect: Here in this step, we work on the security issues found in the assessment step. Here we try to protect our procedures as well as the processes for security threats.

We work on the security issure related results and try to protect and mitigate each and every resources involved in the process.

4) Monitor: After protecting the resources and the processes, we have to keep monitoring it, monitoring is required so that same process, procedure or the resource does not show the security concerns again.

The security system must include following tools.

1) Intrusion Detection System or Tools: For intrusion detection we required both of the mention things as these two tools are very useful in intrusion detection.

a). Antivirus Software: There are various free as well as licensed antivirus softwares avaialbe, which are being used by security professionals to find any malicious activities as well as threat. Proffesionals do various types of setting in the antivirus softwares to keep eye on performance as well as track on threats detected.

b. Wireshark: This tool is also used to analyized the snoop trace of the network, with this tools professionals can see the network activities and can easily see any malicious activities.

2) Security Audit Tools: The two most recommended tools are as follows:

a) Nmap: This tool is mostly used for the Network scanning and to find out and problem with in the network. Mostly used in various networking domains.

b) Tcpdump: Its used to capture the network packets. And with the help of these captured packets we can get the health of our network.

In the above given tools i will recommend the tool Nmap.

3) Network firewall Products: The best network firewall available are:

a) ZoneAlarm Firewall:

b) Comodo Firewall

c) Outpost Firewall

There are also following Recommendations of security solutions:

1. Secure the wifi network, so than any unauthorized user done not get access to network and get paitent information and their data.

2. Use latest antivirus software to keep your desktop safe from malicious virus.

3. Proper access rights should be given to the staff of physician office, only auhorized users can have access to paitent reports.

4. Operating system of desktop should be upgrade too.


Related Solutions

You have recently been hired by Jones & Co, a small public accounting firm as an...
You have recently been hired by Jones & Co, a small public accounting firm as an internal auditor. One of the firm's partners, Joe Jones, has asked you to deal with an unhappy client. The client, Susan Swan, is the owner of the city's largest jewelry store, DiamondsRUs. Ms Swan wants to remodel her store and is applying for $80,000 loan with Planters National Bank. The bank requires the use of accrual basis accounting for financial statements.  Ms Swan insists that...
You have recently been employed by a consulting firm as a management accounting specialist. The firm...
You have recently been employed by a consulting firm as a management accounting specialist. The firm specialises in the provision of information to companies that have discrete, short term problems. Your first assignment is to a company called Malvern who specialises in construction equipment and is having trouble identifying the reasons for volatility in the profitability of its main product: The Hammer. The managers of Malvern are aware that there are a number of factors which are potentially causing them...
You have been recently hired by a multinational firm that manufactures airplanes parts. They are interested...
You have been recently hired by a multinational firm that manufactures airplanes parts. They are interested in investing in a new factory. However, the CEO is unsure of where they should invest. The CEO would like to either invest in a developed or a developing country and your input is valuable to his decision. Your focus will be on providing specific information on both a developed and developing country, providing that both countries have data for the last 20 years....
You have recently been appointed as contract manager of a new Japanese airline, 新しいサニー航空 (in Japanese...
You have recently been appointed as contract manager of a new Japanese airline, 新しいサニー航空 (in Japanese : The New Sunny Airline). This company is opening new destinations and is interested to contract with General Sales Agents in a few countries. Those countries include at the moment : France, Bhutan, Afghanistan, Venezuela and Iran. A) A major question arises : which legal system to regulate the contract to choose ? Where to sue and which may be the applicable law ?...
Accounting ethics cases You have recently been hired as the assistant controller for Stanton Temperton Corporation,...
Accounting ethics cases You have recently been hired as the assistant controller for Stanton Temperton Corporation, which rents building space in major metropolitan areas. Customers are required to pay six months of rent in advance. At the end of 2018, the company's president, Jim Temperton, notices that net income has fallen compared to last year. In 2017, the company reported before-tax profit of $330,000, but in 2018 the before-tax profit is only $280,000. This concerns Jim for two reasons. First,...
Assume you have recently been hired as a new manager of EyeTech Company, an innovative company...
Assume you have recently been hired as a new manager of EyeTech Company, an innovative company that sells specialized eye care treatment equipment to Ophthalmologists, Optometrists, clinics, and hospitals. Over the course of your first year, you will face 4 challenges as set forth below: 1. March 2. June 3. September 4. December. Respond to each and every challenge one at a time with insights you have gained from your study of the material presented in modules 1 through 5....
You have recently been hired by a company that wants to “go global” and you have...
You have recently been hired by a company that wants to “go global” and you have been selected to help research this possibility. The CEO has selected you to research your chosen country and report back. You must prepare a report on your country’s four cultural values and provide examples of how they relate to business transactions. For your chosen country of France write a three-page paper on the following: Individual and collective dimension of the country Equality and hierarchy...
Case: You have recently been hired as an OR nurse at Community Hospital. Recently divorced and...
Case: You have recently been hired as an OR nurse at Community Hospital. Recently divorced and the mother of two very small children, you were thrilled and relieved to get a job with these hours at the only hospital in this small mid-western city. However, on your second day, you are confronted with an unusual situation. A 35-year-old woman is scheduled to undergo the surgical removal of a benign uterine tumor. While preparing for surgery, you discover that the two...
You have just been hired as the new treasurer of an Australian firm called Sun Solar...
You have just been hired as the new treasurer of an Australian firm called Sun Solar Panels (SSP). SSP produces commercial solar panels. It is a well established brand in both the UK and New Zealand. In fact, it distributes (sells) its entire output to UK and New Zealand retailers. These sales are made through SSP’s UK and New Zealand subsidiaries which act as distributors of the product. Each wholesale transaction in the UK is settled in GBP and each...
You have been recently hired in the human resources department at the company you have always...
You have been recently hired in the human resources department at the company you have always dreamed of working for. At the end of your first day, your manager, I. M. DeBoss, on her way out of the office says to you: “So Mr./Ms. Jones, what things come to mind when you think of the word “ethics”? Before you can answer, she asks you if you believe ethics are important for a company and if so why do you feel...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT