Reference no: EM133689603
Assignment: IP Security
Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and information is typical in many companies today. You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete each week are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit and to provide guidance on how it can provide security for its infrastructure.
Description
The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?
The tasks for this assignment are to identify the major applications and resources that are used by the company. Then, for each application, review the security threats that the company now faces and could face after the expansion. Describe how you can test for the presence of these (or new) risks. Provide a discussion about an approach that you will take after the risk assessment is complete to address the identified risks.
Create the following section:
Security Assessment
1) A description of typical assets
2) A discussion about the current risks in the organization with no network segregation to each of the assets
3) A discussion about specific risks that the new consultant network will create
4) Details on how you will test for risk and conduct a security assessment
5) A discussion on risk mitigation
The template document should follow this format:
Security Management Document shell
A. Use Word
B. Title page
1. Course number and name
2. Project name
3. Your name
4. Date
C. Table of Contents (TOC)
1. Use an autogenerated TOC.
2. This should be on a separate page.
3. This should be a maximum of 3 levels deep.
4. Be sure to update the fields of the TOC so that it is up-to-date before submitting your project.
D. Section headings (create each heading on a new page with "TBD" as content, except for Week 1)
I. Part I: Introduction to Information Security
• This section will describe the organization and establish the security model that it will use.
II. Part II: Security Assessment
• This section will focus on risks that are faced by organizations and how to deal with or safeguard against them.
III. Part III: Access Controls and Security Mechanisms
• This section examines how to control access and implement sound security controls to ensure restricted access to data.
IV. Part IV: Security Policies, Procedures, and Regulatory Compliance
• This section will focus on the protection of data and regulatory requirements that the company needs to implement.
V. Part V: Network Security
• This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level.