Term Paper: Redesigning Security Operations
Due Week 10 and worth 140 points
Imagine you have recently been hired as the Information security director at a start-up health care research firm, where confidential client data is housed in its Data Center. Currently, the company has 100 employees and expects to expand its workforce to 300 in the next three (3) months and the company is moving to a new location in an urban office building across four (4) floors. The security operations and defensive mechanisms have been run in the past by the Networking Department and due to the move, you have a chance to start anew with the company’s security operations to improve its overall security posture.
Write an eight to ten (8-10) page paper in which you:
Identify what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company.
Examine each threat you identified in number 1, in which you:
Explain why this is your perception.
Identify what is at risk from these threats.
Determine how you would design the security controls to mitigate the risks involved.
Determine the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls.
Create an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. Note: The graphically depicted solution is not included in the required page length.
Explain in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis.
Create a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. Note: The graphically depicted solution is not included in the required page length.
Determine whether or not you would utilize encryption technologies on the network and / or computing equipment. Justify your response.
Consider the use of a cloud-based solution for storing the company’s data. Determine the benefits and / or risks that would result using this kind of data storage, and decide whether or not you would utilize this storage option. Justify your decision.
Select a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures.
Analyze each security tool you selected in number 8, and determine why / how you would use them as part of your security operations.
Provide an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption. Explain why each plan is needed based on the benefits it provides to the company.
Use at least five (5) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
Include diagrams created in Visio or one of their equivalents such as Dia. The completed diagrams must be imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this assignment are:
Describe cryptology and impact on cybercrime response.
Identify common information-gathering tools and techniques.
Analyze system vulnerabilities exploited by hackers.
Design plans that remove Trojans, backdoors, and malware from infected systems.
Explain the process of network traffic analysis and sniffing, and their appropriate tools.
Analyze wireless network vulnerabilities exploited by hackers.
Examine the appropriate methods for performing incident handling.
Use technology and information resources to research issues in cybercrime techniques and response.
Write clearly and concisely about topics related to cybercrime techniques and response using proper writing mechanics and technical style conventions.