Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and informati
Length 3-4 pgs – APA 7 - Only working on Section 2 for this assignment (the first part up, including Section 1, has been completed). Add to the file attached.
Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and information is typical in many companies today. You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete each week are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit and to provide guidance on how it can provide security for its infrastructure.
Description
The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?
The tasks for this assignment are to identify the major applications and resources that are used by the company. Then, for each application, review the security threats that the company now faces and could face after the expansion. Describe how you can test for the presence of these (or new) risks. Provide a discussion about an approach that you will take after the risk assessment is complete to address the identified risks.
Create the following section for Week 2:
- Week 2: Security Assessment
- A description of typical assets
- A discussion about the current risks in the organization with no network segregation to each of the assets
- A discussion about specific risks that the new consultant network will create
- Details on how you will test for risk and conduct a security assessment
- A discussion on risk mitigation
- Name the document "CS651_FirstnameLastname_IP2.doc."
The template document should follow this format:
- Security Management Document shell
- Use Word
- Title page
- Course number and name
- Project name
- Your name
- Date
- Table of Contents (TOC)
- Use an autogenerated TOC.
- This should be on a separate page.
- This should be a maximum of 3 levels deep.
- Be sure to update the fields of the TOC so that it is up-to-date before submitting your project.
- Section headings (create each heading on a new page with “TBD” as content, except for Week 1)
- Week 1: Introduction to Information Security
- This section will describe the organization and establish the security model that it will use.
- Week 2: Security Assessment
- This section will focus on risks that are faced by organizations and how to deal with or safeguard against them.
- Week 3: Access Controls and Security Mechanisms
- This section examines how to control access and implement sound security controls to ensure restricted access to data.
- Week 4: Security Policies, Procedures, and Regulatory Compliance
- This section will focus on the protection of data and regulatory requirements that the company needs to implement.
- Week 5: Network Security
- This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level.
- Week 1: Introduction to Information Security
1
Computer Systems Security Foundations CS651
TechSolutions Network Extension Project
Maria Thomas
May 4, 2024
Table of Contents Organization Description: TechSolutions 3 The Need for Information Security 3 Potential Issues and Risks 4 Project’s Benefits 4 Challenges with On-Site Consultants 4 Post-IPO Challenges 5 References 6
Organization Description: TechSolutions
TechSolutions is a rapidly growing cybersecurity consulting company. The company identifies threats to the networks and computer systems of organizations, assesses risk, evaluates security issues, and implements solutions to protect against such threats. When assessing security systems, TechSolutions considers numerous aspects and designs multiple levels of protection in a rapidly evolving IT environment. Following a recent successful Initial Public Offering (IPO), the company has attracted significant interest from investors and stakeholders, resulting in a substantial increase in its customer base and revenue. In addition, TechSolutions has additional regulatory requirements due to IPO.
TechSolutions staff meets with representatives from organizations to gather systems requirements and then return to TechSolutions premises to develop solutions. However, the company's network is limited to its premises, which is a significant problem. To perform effectively, the consulting staff requires a network solution that enables secure connection from various locations, facilitating interaction with other consultants.
The Need for Information Security
TechSolutions is responsible for the management of confidential client data, which comprises personally identifiable information (PII), financial records, and proprietary business information. Therefore, it is critical to provide strong information security protocols in order to preserve client trust, adhere to regulatory standards, and protect the organization's reputation. Inadequate data security measures may result in the compromise or unauthorized access of critical information, thereby compromising client satisfaction and causing damage to the company’s reputation.
Potential Issues and Risks
Data breach is a significant risk. The ramifications of a data breach have far-reaching and profound impacts. These breaches have evolved from simple cyber security problems into instances of substantial financial losses, reputation damage, legal issues, and regulatory penalties (Alias, 2019). Although there is an increased focus on data security, hackers persistently discover novel methods to bypass defences and obtain vital corporate data and passwords. Hackers are employing every conceivable strategy to compromise, expose, and profit from confidential data, whether it is through malicious software, adept social engineering strategies, or third-party supply chain cyber assaults. Apart from data breaches, expanding the network infrastructure to accommodate on-site consultants introduces additional vulnerabilities, such as the potential for exposure to malware or cyber-attacks and unauthorized access to internal systems.
Project’s Benefits
By expanding the network’s infrastructure, TechSolutions will significantly improve the efficiency of its operations. Consultants will be able to work seamlessly onsite. Besides, the network will facilitate real-time collaboration among staff and remote access to resources. This will substantially enhance productivity and client satisfaction. Furthermore, the company will benefit by having an edge over its competitors. TechSolutions will be able to attract clients who emphasize data security and confidentiality.
Challenges with On-Site Consultants
Ensuring secure access for consultants working on-site while also limiting unauthorized access to critical data presents a challenge. Secure access pertains to a set of security measures or solutions that aim to prevent unauthorized entry into an organization's digital resources and safeguard sensitive information from being compromised (Whitman & Mattord, 2019). The dynamic and evolving nature of security risks has rendered safe access an indispensable component of the present-day IT environment (Whitman & Mattord, 2019). Another challenge is network segmentation. This refers to preventing data leakage and unauthorized access by isolating client data from internal systems.
Post-IPO Challenges
As a result of the recent IPO, TechSolutions is subject to increased regulatory scrutiny and is required to show adherence to industry standards and financial rules. This imposes further administrative and compliance responsibilities on the company. In addition, TechSolutions must now conduct its operations in accordance with investor expectations.
References
Alias, R. A. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224.
Whitman, M. E., & Mattord, H. J. (2019). Management of information security. Cengage Learning.
2
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.