Order Security Case Study

Order Security Case Study
You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit, and provide guidance on how it can provide security for its infrastructure.
The case study shows a company that is growing, and its security posture needs to be updated based on this growth. Based on the recent initial public offering (IPO), the company has new regulatory requirements that it must meet. To meet these requirements, a review of the current security must be conducted. This provides a chance to review the current security mechanisms and analyze the threats that the company could face. In addition, the company needs to expand its current network infrastructure to allow employees to work more efficiently, but in a secure environment. What problems does the company currently face, and how does the expansion pose new threats?
Choose and describe the company that you will use in the scenario. Describe the need for information security, what potential issues and issues risks exist, and what benefits the company can gain from the new project. Describe what new challenges exist with the new project to allow consultants to work on-site. What challenges now apply to the company with respect to the recent IPO?
The template document should follow this format:
Order Security Case Study
Security Management Document shell
Table of Contents (TOC)
Use an autogenerated TOC.
This should be on a separate page.
This should be a maximum of 3 levels deep.
Be sure to update the fields of the TOC so that it is up-to-date before submitting your project.
Section Headings (create each heading on a new page)
Introduction to Information Security – 2–3 pages long.
This section will describe the organization and establish the security model that it will use.
Choose and describe the company that you will use in this scenario.
Describe the need for information security, what potential risks or issues exist, and what benefits the company can gain from the new project.
Describe what new challenges exist with the new project to allow consultants to work on-site.
What challenges now apply to the company with the recent IPO taking place?
Security Assessment- 2–3 pages long.
This section will focus on risks that are faced by organizations and how to deal with or safeguard against them.
A description of typical assets
A discussion about the current risks in the organization with no network segregation to each of the assets
A discussion about specific risks that the new consultant network will create
Details on how you will test for risk and conduct a security assessment
A discussion on risk mitigation
Access Controls and Security Mechanisms – 2–3 pages long.
This section examines how to control access and implement sound security controls to ensure restricted access to data.
For each of the applications and systems that were described in IP 2, describe the access control mechanisms that are needed for each.
Describe how the new expanded network can be protected through access control.
Describe SSO and VPN technology, and discuss whether they can be used in the company
Security Policies, Procedures, and Regulatory Compliance – 2–3 pages long.
Order Security Case Study
This section will focus on the protection of data and regulatory requirements that the company needs to implement.
List and describe the regulatory requirement that was introduced by the IPO.
List and describe at least 5 policies that the company needs.
From the list of policies, list and describe at least 3 controls that the company needs to implement.
Describe the data at rest and data in motion and how they can be protected
Network Security – 4–5 pages long (2–3 pages of network topology, 1–2 pages of IPS and IDS).
This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level.
Propose an appropriate network infrastructure that offers sound security practices for the existing intranet and the new proposed expansion.
Create and describe a diagram of the network architecture, discussing how it can meet the goals of the company.
Describe the access controls and how the company can ensure that devices and topology are effective and working to protect the company infrastructure.
Review and describe the need for intrusion detection systems (IDS) and intrusion prevention systems (IPS).
Discuss how they can effectively be used in a network operation setting.
Ensure that there is an appropriate use of the IDS and IPS in the network diagram.
Power Point Presentation:
As a final deliverable to the management team, create a Power Point presentation that summarizes the solutions outlined in the Key Assignment template. In addition, describe why the proposed solution is the correct method or mechanism to be implemented. Remember that the presentation is for the management team and should contain the appropriate level of detail.