You've been hired as a network and information security officer for a private IT security firm...

Transcribed Image Text:

You've been hired as a network and information security officer for a private IT security firm that offers private and public clients security services and expertise. You've been given the task of providing network and information security to a company that deals with data communication and e-commerce. Because their business is rapidly expanding, they must develop effective network security strategies because: ▸ Security breaches can be extremely costly in terms of business disruption and potential financial losses. Increasing amounts of sensitive data are being exchanged over the internet or intranets that are connected to it. It was discovered that hackers were attempting to take advantage of the company's less technical employees. As a result, the organisation has asked you to supply a complete security solution. Available Assets: Information assets • Databases: Contains information critical to your business. • Data files: Information stored within file outside of a database. Software assets Application software: Implements business processes. System software: Operating Systems, Mobile OS', VOIP, Firewall etc. Physical assets Computer equipment: Desktops, laptops, phones, servers. Communication equipment: PBX, POP gateway, routers, switches. • Storage media: Off/on site backup media, software inventory, etc. Technical equipment: UPS, server racks, wiring closet(s), etc. • Security equipment: Firewall. Your company carried out the security risk assessment for the hazard identification, risk analysis, and risk evaluation based on the available assets. As a result, they identified several threats: 1) Database threats a. Credential threats b. Privilege Threats c. System Threats i. SQL injections ii. Cloud 2) Network Security Threats a. Network Ransomware Attacks b. Denial of Service Attacks c. Identity Spoofing d. SSL/TLS Attacks e. Penetration Testing f. Browser Attacks Based on the security risk assessment, your task is to create a report that includes the following information: ➤ Purpose of the Project (Background) > Based on your company's Risk assessment, justify and answer the following questions o Explain briefly about the identified threats (any two from each identified threats) o Based on the identified threats, explain the possible consequences of failing to manage threats. ➤ Propose Solution o Overview of Security Mechanism o Propose a solution, which employs a security mechanism including, cryptographic algorithms, network access control and other possible security solutions. Justify the selection of your security mechanism. o Explain how the company will maintain the security (security policies), considering the CIA triads. o The company has both software and hardware firewalls. Explain the purpose of having both firewalls. Conclusion You've been hired as a network and information security officer for a private IT security firm that offers private and public clients security services and expertise. You've been given the task of providing network and information security to a company that deals with data communication and e-commerce. Because their business is rapidly expanding, they must develop effective network security strategies because: ▸ Security breaches can be extremely costly in terms of business disruption and potential financial losses. Increasing amounts of sensitive data are being exchanged over the internet or intranets that are connected to it. It was discovered that hackers were attempting to take advantage of the company's less technical employees. As a result, the organisation has asked you to supply a complete security solution. Available Assets: Information assets • Databases: Contains information critical to your business. • Data files: Information stored within file outside of a database. Software assets Application software: Implements business processes. System software: Operating Systems, Mobile OS', VOIP, Firewall etc. Physical assets Computer equipment: Desktops, laptops, phones, servers. Communication equipment: PBX, POP gateway, routers, switches. • Storage media: Off/on site backup media, software inventory, etc. Technical equipment: UPS, server racks, wiring closet(s), etc. • Security equipment: Firewall. Your company carried out the security risk assessment for the hazard identification, risk analysis, and risk evaluation based on the available assets. As a result, they identified several threats: 1) Database threats a. Credential threats b. Privilege Threats c. System Threats i. SQL injections ii. Cloud 2) Network Security Threats a. Network Ransomware Attacks b. Denial of Service Attacks c. Identity Spoofing d. SSL/TLS Attacks e. Penetration Testing f. Browser Attacks Based on the security risk assessment, your task is to create a report that includes the following information: ➤ Purpose of the Project (Background) > Based on your company's Risk assessment, justify and answer the following questions o Explain briefly about the identified threats (any two from each identified threats) o Based on the identified threats, explain the possible consequences of failing to manage threats. ➤ Propose Solution o Overview of Security Mechanism o Propose a solution, which employs a security mechanism including, cryptographic algorithms, network access control and other possible security solutions. Justify the selection of your security mechanism. o Explain how the company will maintain the security (security policies), considering the CIA triads. o The company has both software and hardware firewalls. Explain the purpose of having both firewalls. Conclusion

Answer rating: 100% (QA)

Project Report Enhancing Network and Information Security Purpose of the Project Background The purpose of this project is to strengthen the network and information security of the client a rapidly ex... View the full answer