User Account

All Pages

Create a security plan and procedures for system security

Assignment Help Computer Network Security
Reference no: EM131920340

Assignment: Case Study

Scenario

You are working as a Systems Security Engineer at Peterson Security Solutions. You have been given a project to design a System security for a new customer called The Great Northern Hotel Pty Ltd.

The Great Northern Hotel Pty Ltd is a 4-star luxury hotel and restaurant in Melbourne. They are running this business from last 7 years and has seen a rapid client growth in last 7 years. The hotel has an overall policy goal for the enterprise is to provide the customers with a high quality experience in staying at the hotel, and protecting the hotel's good reputation. The CEO is concerned that system security breaches could undermine those enterprise objectives.

Currently they are having 10 admin computers, 2 reception computers and 4 computers for management. They also provide Wi-fi access to their customers. Their Wi-Fi is running on Wired

Equivalent privacy (WEP) protocol and they haven't implemented any strong encryption for Wi-Fi security.

They have experienced a lot of attacks on their network in last few months and credit card details for some of their customers has also been hacked. Clients are also complaining about identity theft and login credentials being hacked. An information systems auditor engaged by the company has said that threats to the hotel's system can come from both hackers outside the organization, and disgruntled employees within the organization, and that both threats need to be defended. The CEO is also concerned that tech-savvy customers could be spying on other customer connections to the network, as the hotel has many VIPs using their services.

The main users of the network are customers (WIFI access on a guest network), and employees (both WIFI and bounded media access to a corporate network). The CEO would like to secure all these interactions with the network if possible. Based on discussions with the information systems auditor, the CEO rates the probability of employees violating security as low, the probability of eavesdropping as medium, and the probability of hackers attempting to steal credit cards as high. The CEO also believes that risks are higher when there are more conference goers attending meetings in the hotel, as they are unfamiliar with the hotel systems.

Currently all the financial information and customer records are saved on server machine which is running Windows Server 2003. Windows server 2003 has already passed end of life and there is no support provided by Microsoft for this server operating system.

Management of the hotel is worried as they haven't implemented any security system to protect their IT assets and data. Being a reputed hotel in Melbourne they don't want their client's personal details and credit card details to be lost. Management also wants to ensure that the threat identification and risk management process has ongoing relevance as business conditions change

You as a Systems Security Engineer needs to prepare a detailed report on the current situation of the organization including threats & potential risks to the present IT system.

In your security report, you need to identify the potential threats and risks. You are supposed to document the human interaction with the system. You should identify appropriate controls and procedures that needs to be implemented to make system more secure and less vulnerable to attacks.

General information

The report should be concise and well-structured e.g. using the provided report template. Excessive verbiage should result in the students resubmitting the report No handwritten assessments will be accepted.

Maximum of three students listed as authors of the report.

1. Evaluate the current system as per enterprise guidelines and procedures.

2. Conduct a risk analysis on the system and document the results.

3. Identify threats to the system and document your findings.

4. Identify and analyse human interactions with the system.

5. Conduct risk assessment on the current system to categorize risks.

6. Conduct risk assessment on human operations and interactions with the system.

7. Categorize risks based on risk assessments performed.

8. Match risk plans with risk categories.

9. Use risk categories to identify and plan resources.

10. Identify and describe effective controls to manage and monitor risk.

11. Create policies and procedures to manage user access of the system.

12. Identify and document training requirements for effective use of system policies and procedures. You should also be prepared to conduct training e.g. a five minute oral presentation to the trainer about one of these policies and procedures, e.g. the need to have strong passwords for user authentication.

13. Identify high risk categories and times (e.g. is there any time in the business when risks are greater than normal? ) and create a plan to monitor those identified categories.

14. Design a template to record system and network breakdown.

15. Create a security plan and procedures for the system security.

16. Design and document security recovery plan.

17. Identify and document controls to minimise risks in human interaction with the system.

18. Identify security benchmarks from vendors, security specialists and organisational reviews.

19. Review risk analysis process based on identified security benchmarks.

20. Create a plan for system re-evaluation to uncover new threats and risks.

21. Describe how you would implement and manage security functions, such as a password policy and audit log reviews, on a Windows Server 2012 system. You should provide what specific features of Windows Server 2012 would be needed to implement these security functions.

Attachment:- Assignment-Case-Study.rar

Reference no: EM131920340

Questions Cloud

What are the annual order costs associated with the EOQ : The interest rate is 2.40%. What are the annual order costs associated with the EOQ?
Write reply to post related to cryptography : You need to write reply with 2 APA format references - Cryptography, as stated in the forum description, has been around since ancient times
Determine net present value : A company is considering 7 year property for tax purpose, Determine net present value and recommendation to the company
What is the optimal order amount according to the EOQ : If the interest rate is 2.80%, what is the optimal order amount according to the EOQ?
Create a security plan and procedures for system security : Create a security plan and procedures for the system security. Review risk analysis process based on identified security benchmarks.
Calculate cash conversion cycle : Calculate Chastain's cash conversion cycle. Assuming Chastain holds negligible amounts of cash and marketable securities, calculate total assets turnover-ROA
What does contribution margin contribute towards : Ace Company reports the following for the first quarter of 2014: Sales $700. What does contribution margin contribute towards
Calculate the direct materials purchase price variance : Omaha Company manufactures special electrical equipment and parts. Calculate the direct materials purchase price variance
Interest rates are increasing-other things held constant : A private placement. Assuming that interest rates are increasing, other things held constant, this change will cause B to become more preferable than A.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd