Cyber Security Question
Learning Goal: I’m working on a cyber security multi-part question and need an explanation and answer to help me learn.
The components that make up cyberspace are not automatically secure. This includes cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. There is a raging information security war. The goal is to protect systems, applications, and business information. Therefore, IT is in great need of proper security controls.
In the 5.5 project, you created an outline of a multilayered security strategy for a fictitious financial organization, and then identified security challenges and suggested proper security controls for the company’s information systems environment. In this next phase of the project, you will demonstrate your understanding of the course concepts so far by preparing a follow-up report for the fictional company’s leadership regarding their outdated security policies. You will need to effectively document the vulnerabilities, methods, and controls.
This project provides you an opportunity to apply the competencies gained in various lessons of this course to identify security challenges and apply strategies of countermeasures for information systems.
Upon successful completion of this assignment, you will be able to:
- Understand information systems security (ISS) fundamentals including the definition of terms, concepts, elements, and goals.
- Understand the purpose of a multilayered security strategy.
- Incorporate industry standards and practices with a focus on the confidentiality, integrity, availability, and vulnerabilities of information systems.
- Fulfill the role of a security professional implementing proper security controls in a specific business situation.
- Textbook: Principles of Information Security
(See 5.5 Assignment: Project 2, Part 1)
Continuing the Richman Investments scenario explained in Project 2, Part 1 of this project, the offices have a total of 5,000 employees, and the office technology inventory includes desktops, mobile computers, and wireless devices. There is a mix of computers running Windows 8, 9 and 10, and Mac OS X 10.10. Most of the managers have iPhone devices for instant communication, and all employees are provided cell phones. A Windows Active Directory forest with domains is set up for each office, and seven file and print servers are located in the Phoenix office. The Phoenix office also contains two proxy servers, configured as an array, that provide Web cache services and Internet access control for the organization. The majority of applications are Web-based and hosted from the Phoenix office.
The Phoenix office has an Internet connection to all the remote offices, and the redundancy is extremely important to the company. There are several sensitive applications that all offices use. The management from each office shares application information that is hosted at the corporate office for accounting and reporting purposes.
All employees have Internet access. There is no policy on the use of removable media. Recently several of the branch offices have encountered issues with malware.
Richman hosts an intranet for employees to access information about the company and to enroll in company benefits programs. Richman also hosts an extranet for its business partners.
Due to many recent technology and process improvements within Richman, the corporate security policy is out of date, and each branch office policy differs.
- Review the rubric to make sure you understand the criteria for earning your grade.
- You must submit a proposal to Richman’s senior management addressing two of the points of concern, considering the following:
- Richman has 5,000 employees throughout the main office and several branch offices; therefore, you must research solutions and detail the appropriate access controls, including policies, standards, and procedures that define who the users are, what they can do, which resources they can access, and which operations they can perform on a system.
- Most of the managers have iPhone devices for instant communications, and all employees are provided cell phones; therefore, you must research and detail the cryptography methods to protect organizational information using techniques that ensure the information’s integrity, confidentiality, authenticity, and nonrepudiation, and the recovery of encrypted information in its original form.
- There is a mix of computers running Windows 8, 9 and 10, and Mac OS X 10.10; therefore, you must research and devise a plan to thwart malicious code and activity by implementing countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created deviant code.
- All employees have Internet access to browse the Web, there is no policy on the use of removable media, and several of the branch offices have encountered issues with malware recently; therefore, you must research and formulate a plan to implement monitoring and analysis. You must determine system implementation and access in accordance with defined IT criteria as well as how to collect information for identification of and response to security breaches or events.
- Richman hosts an intranet for employees to access information about the company and enroll in company benefits programs, and that Richman also hosts an extranet for its business partners; therefore, you must research and devise a method to secure networks and communications. This should include the network structure, transmission methods and techniques, transport formats, and security measures used to operate both private and public communication networks.
- The Phoenix office contains two proxy servers configured as an array, which provide Web cache services and Internet access control for Richman, and the majority of applications are Web-based and hosted from the Phoenix office; therefore, you must assess risk, response, and recovery. Conduct a review of the implementation processes essential to the identification, measurement, and control of loss associated with uncertain events.
- The corporate security policy is out of date and each branch office policy differs; therefore, you must research and define security operations and administration, including the identification of information assets and documentation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability.
- Write the proposal as detailed in the instructions above. Create a professional, well-developed proposal with proper documentation, grammar, spelling, and punctuation. In addition, document the vulnerabilities, methods, and controls effectively.
- After reading the scenario and explanation above, submit your response in a Microsoft Word document following APA Style. Your paper should be two pages in length, excluding the APA title and Reference pages. Cite any sources utilized in-text and in the References following APA style.
- When you’ve completed your assignment, save a copy for yourself and submit a