Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and information is typic
Length 3-4 pgs – Use APA 7 style, and cite references published within the last 5 years.
Only working on Section 3 for this assignment add to the file attached (the first part, including Section 1 & 2, has been completed).
Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and information is typical in many companies today. You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete each week are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit and to provide guidance on how it can provide security for its infrastructure.
Description
Create the following section for Week 3:
The case study company has provided you with the flexibility to identify many different information systems that are used by the employees. Some systems need strict access control, whereas others should be available to everyone. What access control methods need to be employed for the various systems? How can the company protect the new consultant network while providing the protection of data that the stakeholders and customers require?
In addition, you have been asked to describe 2 access control mechanisms and consider whether they can be used in the organization. Describe single sign-on (SSO) and virtual private network (VPN) technology and whether they can be used in the company.
Complete the following section for Week 3:
- Week 3: Access Controls and Security Mechanisms
- For each of the applications and systems that were described in Individual Project 2, describe the access control mechanisms that are needed for each.
- Describe how the new expanded network can be protected through access control.
- Describe SSO and VPN technology, and discuss whether they can be used in the company.
- Name the document "CS651_FirstnameLastname_IP3.doc."
The template document should follow this format:
- Security Management Document shell
- Use Word
- Title page
- Course number and name
- Project name
- Your name
- Date
- Table of Contents (TOC)
- Use an autogenerated TOC.
- This should be on a separate page.
- This should be a maximum of 3 levels deep.
- Be sure to update the fields of the TOC so that it is up-to-date before submitting your project.
- Section headings (create each heading on a new page with “TBD” as content, except for Week 1)
- Week 1: Introduction to Information Security
- This section will describe the organization and establish the security model that it will use.
- Week 2: Security Assessment
- This section will focus on risks that are faced by organizations and how to deal with or safeguard against them.
- Week 3: Access Controls and Security Mechanisms
- This section examines how to control access and implement sound security controls to ensure restricted access to data.
- Week 4: Security Policies, Procedures, and Regulatory Compliance
- This section will focus on the protection of data and regulatory requirements that the company needs to implement.
- Week 5: Network Security
- This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level.
- Week 1: Introduction to Information Security
1
Computer Systems Security Foundations CS651
TechSolutions Network Extension Project
Maria Thomas
May 14, 2024
Table of Contents Introduction to Information Security (Week 1) 3 Organization Description: TechSolutions 3 The Need for Information Security 3 Potential Issues and Risks 4 Project’s Benefits 4 Challenges with On-Site Consultants 4 Post-IPO Challenges 5 IP Security Assessment (Week 2) 5 A Description of Typical Assets 5 Risk Assessment 6 Risks that the New Consultant Network Will Create 6 Testing for Risk and Security Assessment 7 Risk Mitigation 8 References 9
Introduction to Information Security (Week 1)
Organization Description: TechSolutions
TechSolutions is a rapidly growing cybersecurity consulting company. The company identifies threats to organizations' networks and computer systems, assesses risk, evaluates security issues, and implements solutions to protect against such threats. When assessing security systems, TechSolutions considers numerous aspects and designs multiple levels of protection in a rapidly evolving IT environment. Following a successful Initial Public Offering (IPO), the company has attracted significant interest from investors and stakeholders, resulting in a substantial increase in its customer base and revenue. In addition, TechSolutions has additional regulatory requirements due to IPO.
TechSolutions staff meets with representatives from organizations to gather systems requirements and then return to TechSolutions premises to develop solutions. However, the company's network is limited to its premises, which is a significant problem. To perform effectively, the consulting staff requires a network solution that enables secure connection from various locations, facilitating interaction with other consultants.
The Need for Information Security
TechSolutions is responsible for managing confidential client data, which comprises personally identifiable information (PII), financial records, and proprietary business information. Therefore, it is critical to provide strong information security protocols in order to preserve client trust, adhere to regulatory standards, and protect the organization's reputation. Inadequate data security measures may result in the compromise or unauthorized access of critical information, thereby compromising client satisfaction and causing damage to the company’s reputation.
Potential Issues and Risks
Data breach is a significant risk. The ramifications of a data breach have far-reaching and profound impacts. These breaches have evolved from simple cyber security problems into instances of substantial financial losses, reputation damage, legal issues, and regulatory penalties (Alias, 2019). Although there is an increased focus on data security, hackers persistently discover novel methods to bypass defenses and obtain vital corporate data and passwords. Hackers are employing every conceivable strategy to compromise, expose, and profit from confidential data, whether it is through malicious software, adept social engineering strategies, or third-party supply chain cyber assaults. Apart from data breaches, expanding the network infrastructure to accommodate on-site consultants introduces additional vulnerabilities, such as the potential for exposure to malware or cyber-attacks and unauthorized access to internal systems.
Project’s Benefits
By expanding the network’s infrastructure, TechSolutions will significantly improve the efficiency of its operations. Consultants will be able to work seamlessly onsite. Besides, the network will facilitate real-time collaboration among staff. This will substantially enhance productivity and client satisfaction. Furthermore, the company will benefit by having an edge over its competitors. TechSolutions will be able to attract clients who emphasize data security and confidentiality.
Challenges with On-Site Consultants
Ensuring secure access for consultants working on-site while also limiting unauthorized access to critical data presents a challenge. Secure access pertains to a set of security measures or solutions that aim to prevent unauthorized entry into an organization's digital resources and safeguard sensitive information from being compromised (Whitman & Mattord, 2019). The dynamic and evolving nature of security risks has rendered safe access an indispensable component of the present-day IT environment (Whitman & Mattord, 2019). Another challenge is network segmentation. This refers to preventing data leakage and unauthorized access by isolating client data from internal systems.
Post-IPO Challenges
As a result of the recent IPO, TechSolutions is subject to increased regulatory scrutiny and is required to show adherence to industry standards and financial rules. This imposes further administrative and compliance responsibilities on the company. In addition, TechSolutions must now conduct its operations in accordance with investor expectations.
IP Security Assessment (Week 2)
A Description of Typical Assets
TechSolutions has an array of typical assets essential for its operations. The network infrastructure, which consists of routers, switches, firewalls, and additional networking devices, serves as the fundamental support system for TechSolutions' activities by enabling communication and the exchange of data. The organization also has computers and workstations. Computers are utilized by employees in the course of their daily activities. They contain confidential data and necessitate endpoint security protocols. While these devices are critical for facilitating staff collaboration and productivity, they also serve as potential points of entry for security threats. The mail server is also a crucial asset of the organization. With the dual purpose of safeguarding the internal network and enabling external email delivery, the mail server is situated within the demilitarized zone (DMZ) and is tasked with coordinating email correspondence within the organization. Additionally, TechSolutions has intranet resources. Company resources and applications, including internal systems and applications, are hosted on the same network as staff desktops within the flat network of the corporate site.
Risk Assessment
Without network segregation, TechSolutions is exposed to several risks. The first risk is data breaches. In a flat network, the lack of segmentation increases cybersecurity vulnerabilities. In the event that hackers successfully infiltrate a specific part of the network, they have the ability to effortlessly navigate to other parts, potentially leading to extensive security breaches (Jaeger, 2018). Segmenting the networks into subnetworks enhances the capacity to limit cyber threats and manage network traffic with greater efficiency. The second risk is insider threats. Insider threats refer to cybersecurity risks that emanate from authorized users, including contractors, business partners, and employees (Jaeger, 2018). These individuals may intentionally or unintentionally exploit their authorized access or enable cybercriminals to compromise their accounts. An unsegmented network is characterized by a flat internal structure that facilitates user movement across resources. An attacker may exploit this structure as well. However, segmenting a network establishes internal barriers alongside external ones (Lundgren & Möller, 2019). The third risk is malware attacks. In the absence of network segmentation, there is a lack of clearly defined security boundaries between various network domains, including user, production, and critical system networks. Network segmentation is crucial for mitigating malware because it limits the extent and consequences of a malware attack.
Risks that the New Consultant Network Will Create
Wireless technology enables a computer to connect to a wireless local area network (WLAN) using "access points" that transmit radio waves, eliminating the need for cables or wires. This enables several users to utilize the same Wi-Fi access point or 'hotspot' within a specific range. Although mobile Internet connectivity benefits businesses, it also presents security concerns and the possibility of illegal activities. Unsecured Wi-Fi networks can be accessed and intercepted by unauthorized individuals, who can then steal, alter, or delete the transmitted data (Jaeger, 2018). The unsecured connection can also be utilized for illegal or undesired activities. “Hitchhiking,” "Wi-Fi mooching," "piggybacking," and "joyriding" are all common risks associated with an unsecured Wi-Fi connection. These several terms refer to the same practice of obtaining wireless Internet connectivity without the consent or awareness of the subscriber. In addition, excessive user logins can significantly impede subscribers' speed of Internet access (Jaeger, 2018).
Testing for Risk and Security Assessment
TechSolutions will employ a multifaceted strategy to identify risk and conduct a thorough security assessment. Penetration testing is a highly effective method for assessing and enhancing the security of a wireless network. A wireless network penetration test is conducted to examine the network in a way that mimics potential attackers but with the goal of enhancing the network's security (Bergström et al., 2019). The process commences with a thorough reconnaissance phase, during which vital information pertaining to the network's scope, encryption methods, and possible avenues of entry is collected. The initial step is crucial in establishing the foundation for more focused and efficient testing (Bergström et al., 2019). The fundamental aspect of the procedure involves conducting thorough examinations of wireless security protocols and assessing obsolete techniques or weak passwords. Besides penetration testing, TechSolutions will employ vulnerability scanning. Vulnerability scanning is the systematic procedure of detecting and pinpointing security vulnerabilities and flaws in systems and the software they operate (Bergström et al., 2019).
Wireless security assessment is an essential procedure that TechSolutions will undertake to guarantee the authenticity and privacy of its wireless networks and data. In the current era of widespread wireless communication, it is crucial to emphasize the significance of solid security measures. The wireless security assessment will aim to identify all access points and evaluate their vulnerabilities (Bergström et al., 2019). The assessment will also assess the strength of the network’s encryption security and user authentication.
Risk Mitigation
In order to mitigate the identified risks, TechSolutions will put into effect a comprehensive array of measures specifically designed to tackle each category of risk. The first measure is network segmentation. Network segmentation is a network security strategy that involves dividing a network into smaller, separate sub-networks. This allows network teams to isolate and protect each sub-network individually by implementing specific security measures and services (Jaeger, 2018). Another measure is to employ access control. Access control is a critical component of security that dictates the individuals who can access data and the conditions under which specific data, applications, and resources can be accessed. Encryption is another crucial security measure. Encrypting Techsolution’s wireless data ensures that unauthorized individuals who may gain access to the organization’s network are unable to view it (Jaeger, 2018). In addition, employee training will be conducted in an effort to protect against risks. The organization will implement consistent security awareness training for workers and consultants to educate them on security protocols, rules, and procedures in order to minimize human errors and proactively prevent security incidents.
References
Alias, R. A. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224.
Whitman, M. E., & Mattord, H. J. (2019). Management of information security. Cengage Learning.
Bergström, E., Lundgren, M., & Ericson, Å. (2019). Revisiting information security risk management challenges: a practice perspective. Information & Computer Security, 27(3), 358-372.
Jaeger, L. (2018). Information security awareness: literature review and integrative framework.
Lundgren, B., & Möller, N. (2019). Defining information security. Science and engineering ethics, 25, 419-441.
2
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.