Question

You work as a security administrator of the “Medium Department Store” (MDS) chain. The CIO of the company has tasked you to research and design 2 courses of action (CoA) to update the current, non-existing, network security solution. It should cover the risk and how to mitigate the risk. The solution should cover at least: Policies must address at the least the following: Insider theftPhysical theft / prevention Subcontractor /third party Data transfer security / loss prevention Data breach response plan Social engineering Risk mitigation handling options Equipment need: Make / Model - Cost - Function Deliverables: Presentation document to the CIO of the company to: Presents your CoAs, Network Security Policy (NSP), User Agreement (UA).

Answer 1

1. The course of action to implement Network Security Solution

• Firstly we have to understand the security system of Medium Department Store unit thoroughly.
• Also, we will note down who is our intended audience(End Users/Customers) and where we have to implement our security system.
• Features and Components -
  • Analyzing the threat modelled by ill-disposed insiders, adversaries who have authorised users of the system, with the ability to install physical, cyber, and social engineering deeds to achieve their goals.
  • The analyst can then use this information to decide the sensitivity of his system to attacks by a particular type of adversary and to select the most reasonable safeguarding measures.
• Policies and Standards-
  • Including security policies such as Physical security policy, Encryption policy, Access control policy etc.
  • Introducing security standards in order to define the obligatory rules, instructions and actions required to achieve the goals set by top management in security policies.
• Risk Involved -
  • The lower level has a simplified version of access control based on user or group permission to read or write which can require more labour.
  • The cost will be increased in order to install new guidelines and this work will raise some interesting issues for planning as a field, as well.