Reference no: EM132343123
Introduction
The growth and explosion of the internet has led to a global market place. Companies can sell products all over the world and never have to leave the bounds of their physically secure location. With this move to a global economy we see an increase in security threats to organizations, individuals and agencies. All these models must have an information system to process, store, and retrieve information for their internal stakeholders, customers, and external users. Information systems have inherent risks and vulnerabilities to attacks from internal users, external customers, hackers and criminals. Organizations must have a robust security program in place to meet these attacks and be proactive in their security stance.
Your group has the responsibility of creating a robust security policy that covers all the needs of the organization. The security policy identifies administrative, physical, and technical controls that must be in place to identify security risks and develop mitigation strategies to minimize the effects of these risks. You will evaluate the IT infrastructure of Solomon Enterprises and its global business model.
Organizational structure
Solomon Enterprises employees 500 people in five different locations throughout the domestic United States. Solomon Enterprises generates $200 million in annual revenue through its business model so they would be a huge target for hackers or criminals. Their business products can be purchased through an online web site. They have one central database/data center located in West Virginia and regional offices in Florida, Texas, Arizona, Montana, and Missouri. Customers, clients, and users have access via the Internet throughout the world. The company has a disaster recovery site located in Billings, Montana. Solomon Enterprises users can work remotely or within one of the regional offices. They have a VPN connection that ensures that their connection is encrypted. The central data center has a firewall and each regional office has a firewall to monitor traffic and keep unauthorized access from the facility. They have company issues devices located within the office and laptops that can be taken for remote access. All these devices are running Windows XP and their server is running Windows 2003.
Objective
The goal of your group is to develop a plan that evaluates the current security posture of the organization of the company and what controls need to be put into place to safeguard their information. You only have the brief synopsis for guidance so if something is not identified either it is not being done or they do not have enough information to provide you. Use your text as the key source when determining what security controls need to be in place for your company. Ensure that you cover each component that we have discussed within our class room videos in order to increase the security posture of your organization.
Deliverables
15-page written paper. Ten scholarly sources in addition to your text. The entire paper must be properly APA formatted with an APA running header, all references properly formatted, and cited within your writing. The entire paper will be double spaced in Times New Roman.
Minimum components that must be covered
1. Introduction
Introduce your organization, security posture and business model
2. Administrative controls
i.e., Backgrounding employee's/training employees/any agreements
3. Physical Controls
Physical protection of the facility
4. Technical Controls
i.e., firewall, user identification, passwords, event logs, IDPS, encryption, etc.
5. Security Policies
What security policies will need to be built into your company's overall existing security program to ensure that data is safeguarded, i.e., media destruction policy, incident response policy, acceptable use policy, etc.
6. Legislation/Regulations or industry standards
How do legislation and regulations affect and govern your company. Identify one federal legislative component and one regulation/industry standard that could impact your company. These should focus on IT security, Cyber security, etc. Graham Leach Billey Act.
7. Network Security Tools
What tools are instrumental in monitoring, detecting, and alerting your company when an someone is trying to gain unauthorized access to your organizations network. Wireshark, Nessus, Snort, etc. are good examples of tools
8. Conclusion