IT286 CliftonJones_Unit_9_Lab_Assignment

.docx

School

Purdue Global University *

*We aren’t endorsed by this school

Course

286

Subject

Information Systems

Date

May 14, 2024

Type

docx

Pages

12

Uploaded by CaptainSeahorse4196 on coursehero.com

Clifton Jones March 3, 2024 Unit 9 Assignment Professor Noel Broman IT286 Network Security Concepts
In response to recent security events and management concerns, this paper provides recommendations to improve the information security posture of Web Site 101, a website development company with 300 personnel and a $2 million yearly revenue. The highlighted security issues include data loss due to employee carelessness, physical break-ins, a lack of staff awareness of security standards, uncontrolled network access, and recent website hacking events. To solve these challenges, this study suggests establishing access control mechanisms, physical access restrictions, doing frequent risk assessments, and improving environmental controls. Recommendations: Access Control Methods: The three access control methods I would use are Role-Based Access Control (RBAC), Mandatory Access Control (MAC), and Multi-Factor Authentication (MFA). Implement RBAC to control access to sensitive data and systems based on employee roles and responsibilities. Define specific access levels and permissions for distinct job responsibilities to reduce the risk of data loss due to illegal access. Use MAC techniques to provide strong access restrictions and prevent unwanted changes to vital system files and configurations. Implement MAC policies that follow the concept of least privilege to restrict access to just essential resources. Employees must utilize multi-factor authentication (MFA) to access important systems and apps, particularly while remote. MFA increases security by forcing users to authenticate their identity using several factors such as passwords, fingerprints, or tokens. Physical Access Controls:
For physical access control, I would recommend Access Control Systems and Surveillance Cameras. Install access control systems, such as electronic keycards or biometric scanners, at the corporate office building entrances. To prevent illegal entrance and break-ins, restrict physical access to various floors and locations based on employee permission levels. Install security cameras in key areas throughout the office building to watch and record activity. Ensure appropriate covering of entrance points, server rooms, and critical locations to dissuade unwanted access and aid investigations. Employee Awareness and Training: Security Awareness Program and Clear Security Policies are the employee awareness and training tools I would recommend. Create and implement a complete security awareness program to educate staff on security best practices, rules, and procedures. Hold frequent training sessions, workshops, and simulations to enhance awareness about the significance of data protection and security compliance. Employees should be well informed about security policies and requirements through employee handbooks, training materials, and frequent reminders. Provide instruction on correct data handling, password management, and security incident reporting to enable staff to properly carry out their security obligations. Network Access Controls: Access Control Lists (ACLs) and Network Segmentation are the network access restrictions that I recommend. Set up ACLs on network devices and systems to limit access to specified IP addresses, protocols, and services. Establish and implement stringent access controls based on the concept of least privilege to reduce the risk of unauthorized access and network breaches. Separate the corporate network into VLANs or subnets to protect critical systems and
resources from less secure locations. Implement firewalls and intrusion detection/prevention systems to monitor and manage network traffic while also enforcing security regulations. Regular Risk Assessment: I would undertake frequent risk assessments and vulnerability management. Conduct periodic risk assessments to identify and prioritize security threats and vulnerabilities inside the organization. Determine the likelihood and possible effect of security risks on corporate operations, and then prioritize risk mitigation activities appropriately. Implement a vulnerability management program that scans and assesses systems, applications, and network infrastructure on a regular basis for security vulnerabilities. Create remediation strategies to quickly resolve detected vulnerabilities and reduce possible security threats. Environmental Controls: Physical security measures and environmental monitoring are the environmental controls that I would recommend. Increase physical security measures such as secure door locks, alarms, and perimeter fence to safeguard the corporate office building from unwanted entry and break- ins. Review and update security controls on a regular basis to stay current with changing threats and vulnerabilities. Install environmental monitoring systems to identify and alert to potential threats like temperature changes, humidity levels, and water leaks. Maintain sufficient environmental controls in server rooms and data centers to reduce the risk of equipment damage and downtime. Conclusion: Implementing the suggested security procedures provided in this paper would allow this company to become successful at deterring, preventing, and creating a safe environment for
employees while protecting company assets. The security recommendations that I provided are all critical components of a comprehensive security strategy for ensuring the confidentiality, integrity, and availability of an organization's data and resources. Management must prioritize information security and commit adequate resources to successfully install and maintain security measures.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help