Description Key Assignment Draft This week, you will submit a draft of your Key Assignment template. Be sure to add the new material to this document in Section 4. Remember to incorporate any previous

Week 2: Security Assessment

Student name

Institution

Date

A Description of Typical Assets 3

A Discussion about the Current Risks in the Organization with No Network Segregation to Each of the 3

A Discussion about Specific Risks that the New Consultant Network Will Create 4

Details on How You Will Test for Risk and Conduct a Security Assessment 4

A Discussion on Risk Mitigation 5

References 6

A Description of Typical Assets 3

A Discussion about the Current Risks in the Organization with No Network Segregation to Each of the 3

A Discussion about Specific Risks that the New Consultant Network Will Create 4

Details on How You Will Test for Risk and Conduct a Security Assessment 4

A Discussion on Risk Mitigation 5

References 6

SecureTech Consultants, Inc. relies on various information security assets to maintain its operations and protect sensitive information. These assets include servers, which contain information and application programs and control the usage of networks. Workstations: Structurally, the hardware, including the computers owned by the employees for the regular working activities that connect to the network and several other applications. Network Devices: Local and wide area network equipment, including routers, switches, firewalls, etc, that control the data flow between devices (Upadhyay & Sampalli, 2020). Data: Personal information of both the company and others, such as your client list, any information that is proprietary to the business and sensitive to competitors. Applications: Software that is used for business transactions, protection of computers and other technologies from malicious attacks, and management of clients and other assignments.

Without network segregation, all assets within SecureTech's network are interconnected, which presents several significant risks. Unauthorized Access: A hole in one point can give an attacker access to all the systems he or she wants to connect. An attacker, as is known, can navigate through a single workstation or a server in the network when able to infiltrate a single network. Spread of Malware: One or many bugs established in a system can spread throughout the network, compromising several instances. Data Breaches: Depending on the absence of physical segregation, sensitive information of the clients, as well as other valuable assets of the company, becomes easier for a hacker to obtain (Bandari, 2023). Performance Issues: When all devices are in the same network, it hammers the network and makes performance very low.

Introducing a new consultant network introduces additional risks that need to be addressed: Access Control Issues: Another essential tenet is minimizing but managing consultants' network access. Weaknesses in the access control systems result in unauthorized people accessing the individual's confidential data (Landoll, 2021). Data Leakage: Employee consultants might unwillingly or willingly disclose confidential information. This risk is even higher when employing or working remotely on consults’ devices. Increased Attack Surface: The attacks are more frequent with additional devices and users, as the latter enlarges the amount of potential entry points. Every new acquaintance is a new loophole that has to be guarded in the world of social networks. Compliance Risks: Consultants are working with sensitive information, and it becomes hard to observe the legal requirements such as GDPR and SOX.

To effectively test for risks and conduct a comprehensive security assessment, the following steps will be taken: Vulnerability Scanning: Daily check the network for security breaches with the help of automated devices. Optimize the servers, workstations, and network devices and fix the loopholes. Penetration Testing: To know the weaknesses in your system, conduct a simulated cyber-attack. This testing is useful in identifying weaknesses that cannot be identified during scanning by a tool. Access Control Audits: From time to time, it is necessary to perform security control assessments and check access control points to recognize who is authorized to gain access to the restricted information. Network Segmentation Testing: Confirm with the clients that network segmentation is properly set up to minimize the effects of the breaches and the spread of the attacks. Security Policy Review: This involves a review and updating of the firm’s security policies with a view of aligning itself with the current standards as well as the regulations.

The objective of managing risk mitigation in SecureTech is aimed at ensuring the safety of all assets and the organization’s operations. Key strategies include: Implementing Network Segmentation: Subdividing the network part of the system based on functionality and security level. That is because it minimizes the outbreak of attacks to a certain extent and reduces access to systems essential to organizations. Strengthening Access Controls: Their recommendation includes using multi-factor authentication and following the principle of least privilege. It is necessary to periodically redetermine the level of access control to be provided and periodically refresh the level of security provided. Regular Security Training: Ensure that the employees and consultants are well-trained in security, especially in matters concerning social engineering, such as phishing attacks (McIlwraith, 2021). Data Encryption: Encrypt your databases and other data as you transfer and when stored to ensure only authorized people access the details. Continuous Monitoring: Introduce IDPS to scan and analyze all the incoming and outgoing traffic in the networks for any suspicious activity. Act as soon as it becomes apparent that there is a threat in, the environment. Backup and Recovery Plans: Adopt sound data contingency measures and backup systems so that businesses can run smoothly in the wake of a cyber-attack or another mishap. Resurrect these concepts often to test for their functionality.

Bandari, V. (2023). Enterprise data security measures: a comparative review of effectiveness and risks across different industries and organization types. International Journal of Business Intelligence and Big Data Analytics, 6(1), 1-11.

Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC press.

McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.

Upadhyay, D., & Sampalli, S. (2020). SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Computers & Security, 89, 101666.