Strayer SEC 402 Cyber Security, Assignment 2, Implementing Network and Personnel Security Measures, 9 pages, 1492 words, Graded A. Cybersecurity: The essential body of knowledge
The security consulting firm that you work for has been awarded a contract to implement a new IT Security Infrastructure to secure the Information Technology data assets of a local government agency. This agency has many remote workers that are in the field and need to connect back to the agency’s system servers. The remote workers use a wireless network infrastructure to connect their electronic pads to servers located within the local government’s facility. The remote workers have needs to access property records, cite zoning violations electronically, and validate building permits. The public demand to expand IT services has grown faster than its ability to provide an adequately secured infrastructure. In fact, this government entity was previously featured on the news for having minimal security controls and methods for accessing property tax information of citizens. The inadequate security allowed many construction trade businesses to illegally access property records and zoning violations. Your role in this project is to enhance and optimize the security mechanisms for accessing these systems.
Write a four to five page paper in which you:
1. Create an information flow diagram, using Visio or Dia, which:
a. Illustrates how remote users will securely connect to the government agency’s network.
b. Illustrates the patch of network devices that data packets must travel to get from server to remote user’s device and back to server.
Note: The graphically depicted solution is not included in the required page length.
2. Provide an equipment list of network security devices that would be needed to ensure the integrity and sensitivity of private information. In this list:
a. Propose at least two vendor brands per each device and the associate costs required to procure these items.
b. Identify the functionality each device serves and the expected benefits the government agency should experience upon the successful installation of this equipment.
3. Develop a maintenance plan that should be recommended to the government agency to ensure having the latest security measures available within the network in which you:
a. Describe the risks associated with not fulfilling the activities outlined within your maintenance plan.
b. Indicate specific activities, personnel / resources required, and frequency of execution.
4. Recommend at least four physical security measures that could be developed to ensure the electronic perimeter of electronic assets.
5. Recommend at least two physical security vendors that could achieve the four security measures you identified. Justify your recommendations with your response.
6. Evaluate and consider activities that the Human Resources Department could perform in order to complement and instill security from within the organization. Provide a rationale with your response.
Exclusive and Original document Available only on Course Answer
Download Now(sent via email)
Outline three parameters that should be considered when designing and implementing physical security into the information protection scheme. Suggest two activities that could be performed to address these parameters and explain how. Several parameters to consider when designing and implementing physical security into the information protection scheme are define the secure areas, assess the threats and risks against the business and these areas, and establishing the appropriate level of control for the secure areas based on the identified threats and risks. The secured areas have to be defined and the critical infrastructure within those areas has to be identified. This can be accomplished through a business assessment and security review. Once the secure areas have been identified the risks and threats agains the company and business can be identified through the business risk assessment, BIA, and a full security risk assessment of those areas. This risk assessment needs to be performed by a cross-functional team included a physical security professional, facilities, and and IT security professional. Once the risks are identified and the specific equipment, people, rooms, areas, etc. have been identified for protection then mitigation strategies including access, CCTV, guards, gates, burms, traffic control, etc. can be established to protect secured areas beginning with an extended perimeter and going all the way into the building to an R&D data center with dual control biometric access, video verification, and antitailgating technology to prevent more than one user from entering the room at a time. Again, the protections are determined by the risks and business needs, but the solutions need to be designed by an electronic and physical security specialist, who is normally a business consultant or an integration contractor hired to perform these duties. Suggest three activities that could be performed to ensure that physical security plans are adequate. Describe two measures that you could perform in order to evaluate the installed physical security. One activity to test the physical security controls is perform a penetration test and this can be done with in house staff, which is often available in larger companies, or through contracting companies that specialize in physical security penetration testing. By performing a penetration test a company can determine not only if the electronic physical security measures work, but they can also determine the level of awareness of their staff, including security staff, as social engineering to gain access is a large portion of the penetration test. Many security systems including access control, video, and physical intrusion detection systems have real-time status and supervisory monitoring that if installed and configured correctly will monitor the systems down to the cabling and power levels, but the problem is many companies do not specify these protections in their RFP because they are not educated on the need or because of budget cuts these additional measures are removed from the scope of work, but active status and health monitoring of systems is a critcal feature, which will let an end-user know their system is functioning as designed. Another measure is to perform routine system test and reviews bi-annually or annually, and perform quarterly, bi-annual, or annual preventive maintenance on the security systems. Change control management of the access control is also necessacy to monitor and track system additions, system layout, and overall system resource allocations.
Select what you believe to be the top-three benefits of making a business and assurance case prior to proceeding with a procurement plan. Support your response with a rationale. Describe potential challenges that the procurement process may experience by not having a proper business and assurance case The top three benefits of making a business and assurance case prior to proceeding with procurement are the ability to follow a standard procurement process, having management or executive buy-in, and having all needed business functions involved in the procurement process for buy-in and input. By following a standard process the business protects itself, employees of the business, and the vendor from someone being able to circumvent the procurement process, which is full of checks and balances to ensure GAAP are maintained. Not following a standard procurement process could result in fraudulent purchases, embezzlement of funds, and internal and external audit findings, which can carry significant penalties depending upon the nature of the business. Receiving management or executive buy-in means there is a champion for the project, products, and/or services being purchased and a case has been made for the business need. This buy-in is needed to determine where funding is coming from for the purchase (capital expenditure funds, WB funds, Project funds, etc). Finally having buy-in through the procurement process of all business functions or WB’s means any issues or additional needs associated with the procurement of the goods or services can be vetted and added to the project or procurement. Working in a silo and making decisions without involving the other parts of the business will often have ramifications far beyond what can be seen from a focused point of view. Recommend two practices that should be performed when administering procurement contracts and explain why you recommend them. Determine how these practices will ensure that subcontractors fully comply with the requirements of the contract within your recommendation A detailed request for proposal (RFP) and scope of work (SOW) should be made for evecy procurement so the business determines exactly what needs to be purchased and the vendor can provide exactly what has been asked of them from the business. Without this two documents in place there is too much ambiguity for the vendor to be held accountable for not providing what is needed by the business. Second, the procurment and project should be controlled by the business entirely so, again, the vendor can be held accoutable for their actions and the business gets what they are asking for from the vendor. Full commissioning and testing of the systems or equipment being delivered should be completed prior to any acceptance of completion by the business. This is a protection for the business and another level of accountability for the vendor to provided what has been asked for by the business.