User Account

All Pages

Information security operations-medium-sized organization

Assignment Help Other Subject
Reference no: EM13182969

Scenario Summary
You are the Manager of Information Security Operations for a medium-sized organization and report directly to the Chief Information Security Officer (CISO) in the Information Security department. The organization consists of a headquarters and six geographically dispersed offices. You work at the headquarters location and manage a team of five security engineers.\

The role of the Information Security department is to ensure the confidentiality, integrity, and availability of the organization's data and systems. One of your key responsibilities is understanding, analyzing, and designing the security architecture for the enterprise network. This network not only supports the internal employees of the organization but also leverages the Internet for communication with vendors, customers, and remote employees. 

Your team of five security engineers is responsible for the following areas of network security: 
• Network security policy planning and implementation 
• Attack prevention and mitigation 
• Secure authentication techniques 
• Wireless LAN (WLAN) security and authentication 
• Hardware firewalls and DMZs 
• WAN security 
• Virtual Private Networks (VPNs) 
• Remote user security and authentication 
Your Role/Assignment
Following a recent increase in cyber attacks in the industry, the CISO has directed you to develop network security strategies that will ensure that the organization's network is protected from both internal and external security risks. 
He will be providing three briefings to the CIO (Chief Information Officer) on specific topics (to be determined) regarding the overall security posture of the organization. The CISO requests that you provide him with a one-page summary on a specific network security-related topic prior to each meeting. 
With the recent increase in cyber attacks on organizations in our industry, I want to ensure that we are taking proactive measures to stay ahead of the bad guys. I want you to look at our current network security controls and risk management plans to identify where additional network security risk mitigation efforts can be implemented. I will be briefing the CIO on the overall information security posture of the organization and will be asking you to provide me with specific input on your area of responsibility. I don't want too many details, but a one-page summary of your plan to address the topic at hand. Please have your team work closely with Allison Tanney's IT Network department.

We have seen an increase in external scanning attempts against our network. In response, I am running a network security penetration test to see if we have any vulnerabilities or unknown exposures. I am coordinating this test with the IT Network department. Additionally, I have contacted our Firewall and Intrusion Detection System (IDS) vendors to verify that we are up to date on our software. I am still concerned that we only have a network-based IDS installed and have not implemented a host-based system. As you may know, we have a project kicking off in two months that will address our data leakage and end-point security issues. We have seen an increase in employees sending sensitive information out of the network to external systems (primarily their home systems). While we are doing a good job of keeping the external threats out, we are not doing well at mitigating the internal risks.

I am a little concerned with the increase in zero-day malware being detected in the industry. While our critical systems are being protected with a solid antivirus program, I am worried about other threat vectors, including both internal and external entry points. We are in need of a security event log management tool that can help us consolidate and correlate event logs across the network, along with providing 24/7 security event monitoring and escalation services. It is overwhelming to track down every potential incident. I have also identified several rogue wireless LAN (WLAN) access points being established inside the organization. Once detected, we shut them down immediately. Unfortunately, we don't have the tools to identify all of them in a timely manner. In addition to an increase in workload (our team is becoming overwhelmed), the organization has approved a liberal work-from-home program, which will significantly increase our VPN management efforts. While this is only a pilot program now, it could be rolled out to a larger audience within the next 90 days. If this program expands beyond the pilot group, we will need to rethink our security policies, processes, and procedures for these remote employees since the organization will be exposed to new risks.

I am aware of the increased focus on security and have asked my team to provide your team with the support needed to help identify and mitigate network-based risks. Please keep in mind that I am responsible for the day-to-day network operations for the organization and do not want any changes to impact our employees, customers, or vendors. Any and all changes to the network must be fully tested and approved by my team prior to being moved to the production environment. If changes will impact the productivity of our employees, the service to our customers, or the service level agreements (SLAs) with our vendors, we will need to brief the CIO on the impacts and provide him with a detailed risk-benefit assessment.

Per the scenario, each assignment deliverable will reflect your response to the CISO's request for information on a specific topic. It must provide enough detail for the CISO to use during his meetings with the CIO, but it must be a summary in APA style format with no fewer than 500 words and no more than 600 words of analytical content. Include a cover sheet and a reference page with a minimum of three references. Remember APA style format uses double-spacing, Times New Roman font, 12-point font size, and one-inch margins. 
Please use the information provided in the scenario to help you understand the current environment. If additional information is needed for your summary, please feel free to make assumptions based on what you have learned in the course. You may conduct research on the Internet to help support your answers (be sure to properly cite your references) 

Discussion Question:

The CISO has a meeting with the CIO at the end of this week. He wants to discuss the organization's largest information security threat (external cyber attacks) and the steps we have taken to mitigate the risks associated with these threats. 


Please provide a summary of the steps you can take to mitigate the risks associated with:
• Denial-of-Service attacks (DoS) 
• Distributed Denial-of-Service attacks (DDoS) 
• Masquerading and IP Spoofing 
• Smurf attacks 
• Land.c attacks 
• Man-in-the-Middle attacks

Reference no: EM13182969

Questions Cloud

Gender-race-ethnicity-technology and politics : Japan launched a surprise attack on the United States at Pearl Harbor in Hawaii which thrust American into World War 11 and for the next four year it dominated nearly every aspect of American life.  (gender, race, ethnicity, technology. Politics)
Determine the amount of her expenses : Wenwoods will also determine the amount of her expenses for travel, food, housing, and a caddy. Is Wenwoods selling a security when she asks for contributions from her friends?
Nonprofit organization versus a for-profit business : What are some differences one might expect among stakeholder expectations for a nonprofit organization versus a for-profit business? Do you think nonprofit managers have to pay more attention to stakeholders than do business managers?
Marxist legal-critical race theory-legal feminism claim : Marxist legal theory, critical race theory, and legal feminism claim that legislators are incapable of genuinely considering the common good.
Information security operations-medium-sized organization : You are the Manager of Information Security Operations for a medium-sized organization and report directly to the Chief Information Security Officer (CISO) in the Information Security department.
Using current star as case study-american culture : Using a current star as a case study, identify and describe in detail the three levels of identity that comprise his or her stardom. Use outside source material such as magazines, entertainment news channels and websites, and newspapers for informati..
Functional areas of marketing-management and accounting : In detail, explain how and why the functional areas of Marketing, Management, and Accounting are important to the four phases of strategic management
Which an issue related to speech ethics was involved : Identify a situation in your life in which an issue related to speech ethics was involved. The issue could have affected you as a speaker or a listener.
Work team concepts-discussion experience with classmates : Because a work group can accomplish more than an individual, many organizations create formal teams to complete designated work assignments.

Reviews

Write a Review

Other Subject Questions & Answers

  Motivational factors involved in your behavior

Please help me to understand a description of a scenario that illustrates two levels of Maslow's Hierarchy of Needs and explain how it does so. Then, explain how Maslow's theory may not capture all of the motivational factors involved in your beha..

  Deontologica-teleological ethics regarding abortion

In 250 words, briefly describe the basis, considerations, and steps of deontological ethics. Make connections to Plato and Aristotle, as applicable. Refer to the specific moral philosophers involved in deontological theory.

  Memory distortions fundamentals

Can you please help to summarize the article and include a brief description of research study and design.

  Problem was inability to monitor dual projects effective

Bryan's major problem was his inability to monitor and record the dual projects effectively. Questions: What would you recommend to Bryan?

  Illustrate what about illness

If a woman's pregnancy is voluntary, is her responsibility to fetus absolute. NO changed circumstance can change this responsibility. Illustrate what about illness. Responsibility starts to get fuzzy contraception.

  Localization of mental functions

In now famous case of "Phineas Gage", the damage in his prefrontal cortex (in the orbital and medial regions) resulted in loss of reasoning abilities and an alteration of personality.

  Steps in the contingency planning process

Identify the 7 steps in the contingency planning process, and explain how each step will be addressed for the surgical center.

  Market logistics planning

What are some of the steps necessary for market logistics planning? Please provide an example.

  Art is exalted above religion and race

Artist Emil Nolde said "Art is exalted above religion and race. Not a single solitary soul these days believes in the religion of the Assyrians, the Egyptians, or the Greeks...Only their art, whenever is was beautiful, stands proud and exalted, risin..

  Trip reports may make recommendations

. In a news release, information should be ordered from most important to least important.  Personal bias is not appropriate in science lab reports or forensic reports.  Trip reports may make recommendations

  Psychological anthropologists

Psychological anthropologists take it for granted that.

  Briefly explain how increasing sample size influences

Briefly explain how increasing sample size influences each of the following. Assume that all other factor held constant. a. The size of the z score in ah hypothesis test. b. The size of Cohen's d. c. The power of a =.05.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd