Reference no: EM133712561

Information Systems Security

Learning Outcome 1: Demonstrate a thorough knowledge of important security tools such as authentication, access control, and cryptographic techniques used within information systems.

Learning Outcome 2: Analyse and explain various security technologies, scanning and probing tools to master the best practices in protecting information.

The Report: You are working in a financial company called Resimac (resimac.com.au). "Resimac Group is a leading alternative lender for residential mortgages and asset finance in Australia and New Zealand, with a broad suite of competitive, award-winning products that cater to diverse customer types and needs".
The company has a small data centre in its own premises.
The company uses the cloud services of AWS and Microsoft Azure. Moreover, they use Google services.
The company is connected with Macquarie bank for borrowing money and paying back the money loans. (site to site VPN)
The company has branches in New Zealand / Auckland, in Melbourne, in Tasmania and in Perth.
The branches are connected with each other using WAN connection.
A diagram shows the network map at the end of this document.
The company setup a separate VLAN for IP telephony, so they can connect their own branches over the WAN line.
There are some web app services running in-premises such as resimac-v1.apexgroupportal.com.
Resimac implements Citrix Gateway as a Single Sign on to allow own customers accessing home loans held through other partners such as ING, AMS, StarNet, Adelaide Bank, LinkLoan and Volt.
Recently, you have been designated to work as a cybersecurity engineer. The company has already been certified with PCI-DSS, and now it is the time to certify itself with ISO27001.
You have been asked to participate in the Business Continuity Plan documentations, and mainly in Risk Management.
The risk management and analysis will help the organization to get certified with ISO27001.
There are around 35 PC's and 20 Laptops for the company's employees. The PC's are from (HP Z1 G9 Core i7 Workstation, 16GB 512GB 1TB Win10/11 Pro), while the laptops are: XPS 15 Laptop

Resimac has the following services on the cloud:

Resimac had the following major security incidents since 2018.

According to the above information, you need to write around 2000 words report about the security and privacy control for federal information system. You need to complete the followings:

Use the framework addressed in NIST SP 800-53 document to conduct access control, and Risk Assessment.
List all assets available in the organization.
Choose the appropriate Acs, between AC-1-AC-25.
Describe RA-3, RA-5, and RA-6 in details

Re-draw the network design with your recommendations. For example, ePO McAfee, Anti-Spam, second firewall, SD-WAN, Zero-trust gateway, SAML with SSO, two exchange emails instead of one, encrypting data.... etc
After drawing the suggested network plan, explain the new things that you added to the network.
Add extra security services to the cloud and give that in priorities. Fr example the first year, the second year...etc

Conduct a quantitative analysis to decide whether to replace WAN with SD-WAN or not. Currently WAN is connected to all branches and costs Resimac around $3500 / Month. The failure time since 2018 was a total of 13 days and 15 hours, which cost around $35,000

Explain the backup and recovery services by explaining the Identification of control and recovery strategies.