User Account

All Pages

What is the name of the security standard

Assignment Help Other Subject
Reference no: EM131186439

Read the scenario below, and complete the tasks at the end of the scenario. You should consult your learning topic Implementing a Network Security Plan and Security Workbook (both in your Learner Resources)

Scenario

You have been asked to design a network security plan for a small e-commerce web site run by the BuyThisShoecompany. The website will be hosted on the company's internal network (as the site needs to access internal databases for prices etc). The company is a bit nervous about hackers, but it also wants a costeffective solution, so you need to come up with a plan that is both effective and economical.

Interviewing the owners of the business, you have uncovered the following facts:

The company will be taking credit card payments, so needs to comply with any relevant legislation

The company is most worried about hackers who may want to gain the credit card details of its customers. They want to ensure that the database server that will be storing the credit card details is on the most secure part of the network.

The company is also worried about ‘for play' hackers who may want to compromise their website for ‘fun', so your network security needs to cater for this.

The company has employed an information auditor as a consultant, who has prepared the following table showing the asset, threat, single loss occurrence, and annual rate of occurrence

Asset

 

Threat

SLO

ARO

1.

Network server

Fun hackers

400

5

2.

Credit card details on database server

For profit hackers

20,000

.5

3.

Router

Fun hackers

1000

.25

4.

Web server

both

2000

3

5.

Malware/trojans

both

1000

15

The company wants to allow web site traffic (HTTP and HTTPS), email traffic (SMTP), remote desktop traffic (RDP), and network support (via SSH) into its network from the internet. The only traffic it wants to allow out of the network is HTTP/HTTPS and SMTP.

The company is also very concerned that, if any security breach does occur, that they are notified immediately. They are suggesting that every Friday the owner of the company meet with the IT manager to review any security breaches that have occurred, and what has been done in response to those breaches.

Answer the following questions.

1. What is the name of the security standard that applies to BuyThisShoe because they want to take credit card payments from customers?

2. The owner of BuyThatShoe is nervous about customers sending their credit card details across the Internet. What is the name of the protocol that can secure these details in transit?

3. Classify the following countermeasures as to whether they represent risk acceptance, risk avoidance, risk mitigation or risk transferrance

a. The company wants to take out insurance against hackers
b. The company wants to deploy a state of the art firewall
c. The company does not want to deploy countermeasures against State-sponsored hackers
d. The company does not plan to store credit card details for returning customers, i.e. customers will need to re-enter their credit card details for every new purchase

4. Use the information provided by the information auditor to calculate the ALE (Annual Loss Expectancy) for each of the five threats. (your answer should list the five threats, and the ALE for each)

5. Based on these ALE figures, which is the bigger threat: for fun hackers, or for profit hackers?

6. Based on these ALE figures, what is the maximum amount of money you would advise BuyThisShoe to spend each year defending their website against ‘for fun' hackers? Give a brief reason for your advice.

7. Use the information about the required incoming/outgoing network traffic to make a table showing all the traffic allowed into/out of the company's network e.g.

Traffic description 

Type 

Port

HTTP

In

80

etc

Note: You should complete this table with all the required details for your answer

8. How could you implement these traffic rules in your network (i.e. what device(s) would you configure)?

9. Draw a network security diagram to show an example network for BuyThisShoe. Make sure your network design has the following features
- Clearly shows network zones (trusted, untrusted, DMZ)
- Has both perimeter firewall and internal firewall
- Only web server is in DMZ
- Application and database server are on trusted network
- One server shown running incident detection/prevention software - Mail server also shown on trusted network

(Note: you need to print out your network security diagram and submit it as part of your assessment)

10.List five pieces of information you should capture in every incident response report for BuyThisShoe

Reference no: EM131186439

Questions Cloud

Calculate the surface area for this 10.0 mg sample : A 10.0 mL sample of contaminated water had 7.748 mg of mercury in it. After treatment with 10.0 mg of the new material, 0.001 mg of mercury remained in the water. What percentage of the mercury was removed from the water?
About the rebalancing strategies : Suppose you initially have $100 in stock and $35 in T-bills creating a portfolio with total assets of $135. Suppose the stock market index initially at time 0 was 124 and at time 1 rose to 135. At time 2, the stock market has fallen back to 130. Assu..
Write an eassy about what is nieo : Write an eassy about What is NIEO? What major demands did the Third World countries put forward? Are these demands reasonable? What major forces have shaped the development process for LDCs? How do these forces create tensions between the South an..
Economics and financial consequences : A. What are the economics and financial consequences of NX
What is the name of the security standard : What is the name of the security standard that applies to BuyThisShoe because they want to take credit card payments from customers?
Financial impact of this situation on the organization : What is the financial impact of this situation on the organization? Develop a short plan for how you would compensate forthis situation.
Mergers and acquisitions for consumers : Question: Have you ever consider how good mergers and acquisitions are for consumers? Do they benefits us or harm us?
Audit program for the bsf ltd : HI6026 AUDIT, ASSURANCE, AND COMPLIANCE GROUP ASSIGNMENT. List and discuss what should be included in an audit program for the BSF Ltd. Your program should include general coverage plus the specific items covered above
What are the epistemological and methodological assumptions : What are the ontological, epistemological, theoretical and methodological assumptions underpinning symbolic-interpretive theories of organisations?

Reviews

Write a Review

Other Subject Questions & Answers

  About thought social sites

Twitter Business Model is to connect people socially and distribute information vocally through the internet. Tweeting is composed of a few lines that explains exactly what the tweeter is thinking.

  Intelligence theory-spearman and gardener

How are the given alike and different: Spearman's Model of Intelligence and Gardner's Multiple Intelligences.

  Childhood in global perspective

Looking at childhood in global perspective, we find that

  Compare and contrast actual authority and apparent authority

Compare and contrast actual authority and apparent authority. Does one carry more weight than the other? Why or why not? Must be 200 words and cited.

  How does this theory address organization change

How does this theory address organization change? What are the leader's behaviors and characteristics? What are the follower's behaviors and characteristics? What situational characteristics does this theory work in?

  How might they be used in bargaining

What are the trade-offs for increased wages for unionized workers related to productivity, profitability, and ability to compete? What characteristics of a unionized environment could contribute to increased retention, and why? How might they be used..

  Own organic material from inorganic materials

Those organisms that produce their own organic material from inorganic materials as an energy source are referred to as:

  Consider deep cultural roots of attitudes about environment

Consider ways people differ on what the land should be used for or whether it should be used at all and how those attitudes affect attitudes about pollution and environmentalism. Consider deep cultural roots of attitudes about the environment.

  Goals of the field of psychoneuroimmunology

What are the goals of the field of psychoneuroimmunology? Evaluate the progress of these goals.

  Dominant group monopolized the culture

ow has the U.S. dominant group monopolized the culture?

  Technology as politics and culture

In "I'd Hammer Out Freedom: Technology as Politics and Culture" (pp. 75- 82), Richard Sclove argues that we should do more to acknowledge technoogy's 'polypotency.' What does this term mean, why does Sclove think that it is important to acknowledg..

  Philosophy topic discuss antigones decision in the light of

topic discuss antigones decision in the light of our exploration of the problematic relationship between ethics and the

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd