As a final deliverable to the management team, create a Power Point presentation (Should 7-8 slides) that summarizes the solutions outlined in the Key Assignment template. In addition, describe why th

26

CS651: Computer System Security Foundation

Security Management

Marcus Harbin

14 July 2024

Week 1: Introduction to Information Security 4

Company Description 4

Need for Information Security 4

Potential Risks and Issues 5

Benefits of the New Project 5

New Challenges with On-Site Consultant Work 6

Challenges with the Recent IPO 6

Week 2: A Description of Typical Assets 7

A Discussion about the Current Risks in the Organization with No Network Segregation 7

A Discussion about Specific Risks that the New Consultant Network Will Create 8

Details on How You Will Test for Risk and Conduct a Security Assessment 9

A Discussion on Risk Mitigation 9

Week 3: Access Controls and Security Mechanisms 10

Access Control Mechanisms for Described Systems 10

Protection of the New Expanded Network through Access Control 11

Single Sign-On (SSO) and Virtual Private Network (VPN) Technology 12

Week 4: Security Policies, Procedures, and Regulatory Compliance 13

Regulatory Requirements Introduced by the IPO 13

Essential Policies for the Company 14

Key Controls to Implement 15

Protection of Data at Rest and Data in Motion 16

Introduction to Network Security 17

Proposed Network Architecture Diagram 18

Access Controls 19

Network Device Protection 21

Intrusion Detection and Prevention Systems 21

Conclusion 23

SecureTech Consultants, Inc. is a rapidly growing IT consulting firm that provides cybersecurity solutions to mid-sized businesses. Having gone for IPO early this year, the company faces very respectable legal standards. The organization offers network vulnerability assessment, penetration testing, and security measures. The company’s development and IPO also require analyzing the existing security measures and applying necessary changes according to new regulations and changes in the scale of activity.

Regulatory compliance and the great news of the IPO implies adopting numerous rules and regulations at the company level. SecureTech also has to follow the SOX and the GDPR. Information security is essential for protecting financial and individual data, which should not be disclosed to avoid penalties. When it comes to the protection of intellectual property, SecureTech is a cybersecurity firm with exclusive methods and tools that form an essential competitive edge. Information security measures are the key to protecting this intellectual property from cyber threats (AlMeraj et al., 2023). Client data security are an essential part of the services provided, since SecureTech deals with the clients' confidential information. Protecting this information is crucial to sustaining the clients' trust and preventing possible judicial consequences due to violation of data privacy.

Cyber threats and security risk is another component of digital exposure because cyber-attacks have become more advanced. They are phishing, malware, ransomware, and advanced persistent threats (APTs). Internal threats can be comprised of any person who has access to the system, intentionally or inadvertently, that can threaten security. Such threats may be from insiders constructing the firm or employees, contractors, or third-party associates with appropriate admittance to the system. Compliance risks can very well be consequences of failure to meet the regulatory conditions and are generally expensive fines as well as the loss of reputation within the society (Aswathy & Tyagi, 2022). A huge task is ensuring continuous compliance, significantly when regulations change.

Enhanced security can be obtained by increasing security measures, and therefore new risks can be minimized, including direct attacks on the assets of SecureTech, data, and even reputation. Regulatory compliance assures better security practices in addition to being in compliance with the regulations; therefore, the company does not encounter the legal complications and fines accompanying non-compliance with the set rules of the law. Operational efficiency will the network's physical structure up to date and will improve working and workshop efficiency, engendering the productivity required from employees and consultants.

Physical security enables consultants to physically access an organization’s workplace which makes new physical security issues possible. Probably, strictly regulating people's access to particular zones is one of the most effective approaches. Network security and the consultants who physically visit the company’s facilities need secure access to the company’s network, for which authentication and authorization controls must be established. Data protection and employees requiring consultant services at their workplace may require some information to be disclosed at their working stations (Atkinson et al., 2022). It will be pertinent to mention that strict DP policies and encryption norms should protect this information.

Increased scrutiny impacts SecureTech, as a public company, it is under much pressure from regulators, investors, and public opinion since it is accountable to the public. The main focus remains to be as transparent as possible and compliant with the security standards. Regulatory compliance of the IPO brings more prescriptive rules, such as the improvement of financial reporting and measures for data protection. The issue of compliance in a constantly changing environment can be a huge problem. Reputation management can assist in the prevention of any leakage to an organization’s security and can significantly impact the company’s worth and image. It is crucial to identify and minimize security risks, to ensure the investors continue to have confidence in and maintain the company’s market standing.

SecureTech Consultants, Inc. relies on various information security assets to maintain its operations and protect sensitive information. These assets include servers, which contain information and application programs and control the usage of networks. Workstations: Structurally, the hardware, including the computers owned by the employees for the regular working activities that connect to the network and several other applications. Network Devices: Local and wide area network equipment, including routers, switches, firewalls, etc, that control the data flow between devices (Upadhyay & Sampalli, 2020). Data: Personal information of both the company and others, such as your client list, any information that is proprietary to the business and sensitive to competitors. Applications: Software that is used for business transactions, protection of computers and other technologies from malicious attacks, and management of clients and other assignments.

Without network segregation, all assets within SecureTech's network are interconnected, which presents several significant risks. Unauthorized Access: A hole in one point can give an attacker access to all the systems he or she wants to connect. An attacker, as is known, can navigate through a single workstation or a server in the network when able to infiltrate a single network. Spread of Malware: One or many bugs established in a system can spread throughout the network, compromising several instances. Data Breaches: Depending on the absence of physical segregation, sensitive information of the clients, as well as other valuable assets of the company, becomes easier for a hacker to obtain (Bandari, 2023). Performance Issues: When all devices are in the same network, it hammers the network and makes performance very low.

Introducing a new consultant network introduces additional risks that need to be addressed: Access Control Issues: Another essential tenet is minimizing but managing consultants' network access. Weaknesses in the access control systems result in unauthorized people accessing the individual's confidential data (Landoll, 2021). Data Leakage: Employee consultants might unwillingly or willingly disclose confidential information. This risk is even higher when employing or working remotely on consults’ devices. Increased Attack Surface: The attacks are more frequent with additional devices and users, as the latter enlarges the amount of potential entry points. Every new acquaintance is a new loophole that has to be guarded in the world of social networks. Compliance Risks: Consultants are working with sensitive information, and it becomes hard to observe the legal requirements such as GDPR and SOX.

To effectively test for risks and conduct a comprehensive security assessment, the following steps will be taken. Vulnerability scanning which will include daily checks of the network for security breaches with the help of automated devices. Optimize the servers, workstations, and network devices and fix the loopholes. Penetration testing to know the weaknesses in your system, conduct a simulated cyber-attack. This testing is useful in identifying weaknesses that cannot be identified during scanning by a tool. Access control audits from time to time, is necessary to perform security control assessments and check access control points to recognize who is authorized to gain access to the restricted information. Network segmentation testing is implemented to confirm with the clients that network segmentation is properly set up to minimize the effects of the breaches and the spread of the attacks. Security policy reviews involve a review and updating of the firm’s security policies with a view of aligning itself with the current standards as well as the regulations.

The objective of managing risk mitigation in SecureTech is aimed at ensuring the safety of all assets and the organization’s operations. Key strategies include implementing network segmentation. Which is accomplished by subdividing the network part of the system based on functionality and security level. As a result, it minimizes the outbreak of attacks to a certain extent and reduces access to systems essential to organizations. Strengthening access controls are a recommendation that includes using multi-factor authentication and following the principle of least privilege. It is necessary to periodically redetermine the level of access control to be provided and periodically refresh the level of security provided. Regular security training is integrated to ensure that the employees and consultants are well-trained in security, especially in matters concerning social engineering, such as phishing attacks (McIlwraith, 2021). Data encryption, encrypt’s your databases and other data as you transfer and when stored to ensure only authorized people access the details. Continuous monitoring introduces IDPS to scan and analyze all the incoming and outgoing traffic in the networks for any suspicious activity. Act as soon as it becomes apparent that there is a threat in the environment. Backup and recovery plans are geared towards adopting sound data contingency measures and backup systems so that businesses can run smoothly in the wake of a cyber-attack or another mishap. Resurrect these concepts often to test for their functionality.

Week 3: Access Controls and Security Mechanisms

Access Control Mechanisms for Described Systems

For each application and system described in Individual Project 2, the following access control mechanisms are needed. Servers to prevent the leakage of susceptible information, proper and effective MFA and RBAC will only allow relevant personnel to access the data. Workstations and their software security for endpoints and MFA for defending individual devices should be used. Network devices which implement password protection on the network devices and update regularly with restrictions to the management interfaces through RBAC. Data which will require the storage of data securely throughout every phase of its lifecycle and utilize data protection measures for content behind the scenes and when relocating content (Sultana et al., 2020). Implement data classification tiers for various data forms to control user access to content. Applications will implement integrated sign-on (ISSO) to enable users to sign on quickly while ensuring security and implementing application-specific access control measures based on the logical hierarchy of the organization’s structure.

Protection of the New Expanded Network through Access Control

To guard the fresh enlarged network, apply strict measures on access in the form of MFA and RBAC, which grants specific users essential access to vital networks. Evaluating the area of the network, it is recommended to use network segmentation to cut the blow of the leakage. Use IDPS for intrusion detection to handle any suspicious activity detected in an organization in real time. Organizations should conduct periodic access control audits to ensure compliance with organizational access control policies to ensure there are no weak links in the access control systems (Garbis et al., 2021). Regarding the issue of security, organizations should develop strict password policies and ensure that their employees receive adequate training in IT security measures. Use single sign-on for easy access and authorization and Virtual Private Networks for remote access to secure the network connection. Due to the dynamic nature of computer security threats, access control mechanisms must be checked frequently and updated periodically to close the gaps in network protection.

Single Sign-On (SSO) and Virtual Private Network (VPN) Technology

Single Sign-On (SSO) is a system where a person logs in once and gains access to several applications and systems. Access to all the applications that have been authorized will be granted without clients needing to type their passwords repeatedly. SSO improves user experience, saves on the number of passwords users must remember, and decreases the probability of password reuse or poor ones (Rao, 2023). It becomes beneficial in authenticating, as it combines login management to increase security and reduce the complexities of controlling user access to various apps. It is essential in the enterprise environment because SSO does not cause user concerns.

A Virtual Private Network (VPN) is a set of technologies that enables a user’s computer to communicate with a remote network through the Internet securely. VPNs enhance the security of transmitted data by creating a secure channel through which data has to pass before a third party can intercept it. VPNs are crucial for remote access because they grant a company employee access to the company’s networks regardless of their location. This helps guarantee that confidential information is not exposed, mainly when working on networks that are not secure. VPNs are useful in remote working situations since they help ensure privacy and security.

Week 4: Security Policies, Procedures, and Regulatory Compliance

Regulatory Requirements Introduced by the IPO

With SecureTech's recent IPO, the following regulatory requirements must be adhered to. Sarbanes-Oxley Act (SOX), IPO, SecureTech Consultants, Inc. becomes a company that has to be regulated by the Sarbanes Oxley Act, which is legislation that is much more rigorous and was passed to increase the strict standards of reporting for corporations which offers information that is significant to shareholders. SOX requires companies to implement internal controls for financial reporting to help detect and prevent fraud and improve the quality of the reports that companies disclose. Any publicly held company such as SecureTech must take adequate measures to deal with the following. The company’s financial statements should be audited independently, and the internal controls must be looked at critically, besides the material changes the company may be experiencing. Adherence to SOX is a significant aspect of the company since investor confidence, legal liability, and ethical practices in operations in the cybersecurity industry are essential.

General Data Protection Regulation (GDPR) is vital after going public and SecureTech Consultants, Inc. has to abide by the GDPR, which lays out rules for the management of the personal information of EU individuals. GDPR requires organizations to apply strict measures to protect the data, receive the individual’s consent for processing the data, and come up with notification within 72 hours in case of a breach. The data subjects’ rights, like the right to access and the right to erasure, must be protected by SecureTech (Lee & Geidel, 2021). For compliance with GDPR, organizations need to have a Data protection officer, make risk assessments for high-risk data processing operations, and follow specific general requirements for international data transfer.

Essential Policies for the Company

To address the regulatory requirements and enhance security, SecureTech should implement the following policies. The information security policy of SecureTech documents measures the protection of information in the organization against access, disclosure, modification, or removal by those to which it was not intended. It provides requirements to apply technical and organizational measures for compliance with data confidentiality, integrity, and availability principles. It entails updated risk analysis, security orientation among workers, and often the use of encryption and access control measures to the data assets. Specific guidelines on reporting security incidents and coping measures are established to respond to such events and their consequences timely and with the least harm to business processes and customers’ trust.

Data protection policies will be integrated with the implementation of secure procedures for handling and protecting processed personal data, DP policy guarantees SecureTech’s conformance with the existing regulation, in particular, GPDR. It requires strictly acquiring and utilizing the data for stated legal objectives when authorizing the data subjects. Measures such as accuracy, minimization, and limitation of data are provided to ensure that the data collected will be safe and privately held (Zaeem & Barber, 2020). The method for acquiring, sharing, and deleting data is created to manage a data breach and ensure individuals’ privacy rights while being compliant with the laws.

SecureTech Company has a set Acceptable Use Policy or AUP, which outlines how to secure company assets, name networks systems, equipment, and how devices are to be utilized to avoid misuse and practice of securities. It lays down the code of conduct and banned practices to prevent intrusion, virus attacks, and data losses. The AUP provides guidelines for the personnel on the acceptable use of company facilities in computing the internet, email, and software installments. It focuses on compliance with the law and professional ethics, enhances performance, and prevents the mishandling or embezzlement of company resources to protect the company’s good name and interests.

Key Controls to Implement

To enhance security and compliance, SecureTech should implement the following critical controls. Access controls in the area of security controls, access to essential systems and data through RBAC, MFA, and ACLs should be reduced. Periodically consider and adjust the types of access permissions granted to match the employees’ positions. Encryption is required to be implemented when data is stored and the company will make sure it is encrypted using keys that only authorized users can unlock. While the data is in transit, it should also be encrypted using the most robust encryption protocols. This makes it unreadable even if the data is intercepted or accessed by unauthorized persons. Monitoring and logging is a strong implementation of the logging process of observing and recording the succession of activities and events regarding the network, systems, and users. This assists in the efficient monitoring of security breaches and their solutions. Patch management is another measure to constantly apply patches to the installed programs, operating systems, and network devices to eliminate known risks that can be exploited.

Protection of Data at Rest and Data in Motion

Data at rest describes information in databases, file systems, or any other storage media in SecureTech’s information technology infrastructure. This information is protected, whereas at SecureTech, the firm applies encryption methods like AES (Advanced Encryption Standard) to safeguard files and databases. That is why RBAC and other genuinely adequate access controls do not limit data accessibility and employ employee authentication techniques (Dixit & Ravindranath, 2022). Schedules for making copies of data and procedures for eradicating data also protect data from unauthorized access and acknowledge data retention laws. Such access logs’ monitoring and auditing procedures can produce a clear and timely indication of unauthorized access attempts or an abnormality while providing assurance that data at rest cannot be breached or disclosed to unauthorized personnel.

Data in motion is information exchanged between devices or networks in SecureTech’s environment. SecureTech will protect the information presented in this view using secure data transfer protocols like TLS, which encodes data in transit. Such protocols ensure that data is protected and complete while in transit and cannot be intercepted or altered by others. Remote access and secure communication are some of the ways to implement virtual private networks VPNs at SecureTech. Monitoring and logging of the traffic are critical in identifying events that are out of the ordinary or even a sign of a budding security threat, primarily to check the integrity and safe passage of information in motion coupled with the considerations of regulations that may apply to some firms, such as GDPR and SOX.

Introduction to Network Security

Network security is crucial for any organization as threats evolve rapidly online. As SecureTech Consultants, Inc. expands its network infrastructure, a robust design employing sound security practices becomes imperative. SecureTech's growth presents an opportunity to enhance security as newer technologies allow more robust protection than older solutions. Change also increases risk if not implemented carefully. This proposal aims to balance connectivity needs with layered defenses. The designed topology compartmentalizes zones by traffic regulation and closely positioned security devices. Access is restricted through multi-factor authentication and activity monitoring to establish visibility and accountability. Network devices and endpoints receive hardened configurations along with regular patching to close vulnerabilities. Intrusion detection and prevention systems utilizing both network and host sensors further strengthen defenses against known and unknown threats.

Proposed Network Architecture Diagram

As shown in the attached diagram, the proposed network architecture includes segmentation into logical areas to increase security. The intranet is divided into three subnets which consists of a server subnet containing critical business systems and databases, an employee subnet for general use, and a guest subnet for temporary visitor access. These subnets are separated by firewalls to restrict traffic and contain any threats. The external perimeter network similarly uses firewalls to isolate the demilitarized zone (DMZ) from the internet. The DMZ hosts external-facing services such as the company website and email server. This separation prevents direct access to internal resources from untrusted external sources while still enabling necessary services. A virtual private network (VPN) provides secure remote access for teleworkers to access the intranet as if they were on-site.

Routers and layer 3 switches manage traffic flows between subnets, employing ACLs to allow only specified permitted communications. Wireless access points are placed in each area and segmented further by SSID and encryption to avoid undesired inter-subnet roaming. Switches within each subnet use VLANs with assigned ports to enforce these internal segmentation rules. Network devices such as routers, switches, and firewalls are placed strategically at interconnection points, such as the border between the public internet and DMZ, or between internal and external networks (Sengupta et al., 2020). This forms logical boundaries that compartmentalize each section of the physical infrastructure. It enables network activity to be carefully inspected and regulated as it crosses from less trusted to more trusted zones.

Access Controls

Strong authentication controls are vital for restricting access to only authorized personnel. The network utilizes multi-factor authentication requiring both a username and password as well as a physical token for administrative accounts and remote access. Complex, continually changed, passwords are enforced via group policy for all employee logins. User sessions are limited to a maximum time of 15 minutes requiring re-authentication for inactivity.

Authorization controls are based on least privilege by default. User accounts are assigned to specific Active Directory security groups that delineate access permissions. Network devices, servers, and services each have restricted access control lists tailored to group functions for read, write, and configuration controls. Administrative access to critical systems is further separated with dedicated privileged access workstations that do not store user files or browse the internet. Detailed auditing records all access events on these systems for oversight.

System monitoring tools help manage and protect the network. The security information and event management platform centralized logs from all network devices to correlate events and detect anomalies. 24/7 network monitoring analyzes traffic, firewalls, and routers to identify deviations from the baseline. Endpoint detection and response software on workstations monitors processes, registry keys, and files for signs of malware execution or unusual behavior (Arogundade, 2023). In combination, these controls establish visibility, accountability, and active protection of core network assets. Regular reviews of access and system logs ensure ongoing effectiveness of controls to maintain security.

Network Device Protection

Strong configurations are critical to protect network devices such as switches, routers, and firewalls from threats and errors. Default passwords have been changed on all devices and new complex passwords are enforced through centralized management. Access to device shells is restricted to a small set of approved administrative accounts. Outbound telnet and secure shell access is disabled to avoid compromise. System banners warn that unauthorized access is monitored and prohibited. Regular software updates are applied to ensure all operating systems and applications have the latest security patches (Tang & Elhoseny, 2019). Configuration backups are made routinely, with automated checks to detect tampering or deviations from baseline configurations. Traffic throughput is monitored continuously, with abnormal activity generating alerts. Together, these measures help harden devices against intrusion or exploitation, while also maintaining oversight of changes and operations.

Intrusion Detection and Prevention Systems

The latest intrusion detection and prevention systems provide robust monitoring abilities through advanced network-based and host-based techniques. Network IDS sensors inspect all traffic crossing key points and analyze protocol behavior and payload signatures to identify malicious or abnormal patterns indicative of hacking attempts, malware, and data exfiltration. They rely on continually updated databases of thousands of signatures characterizing known threats (Arogundade, 2023). Host-based IDS counterparts watch activity on individual endpoints, examining file modifications, registry entries, and processes for the telltale signs of active security compromises like key logging and password dumping software.

Within the proposed network architecture, network IDS sensors would be deployed at the border between the perimeter network and the internet, and between each internal subnet. This placement allows inspection of all inbound and outbound traffic crossing security zones for known malicious traffic (Tang & Elhoseny, 2019). Host-based IDS agents would monitor each server and workstation for signs of internal infection. The IDS management console would be located within the server farm, providing a centralized monitoring point. Network IPS capabilities would supplement inspection at key network borders, with the ability to actively drop or block detected hostile traffic in real-time, preventing intrusions rather than just detecting attempted attacks.

Rather than just generating alerts, modern IDS and IPS technologies take proactive measures. Network devices can automatically blacklist source IP addresses or web domains deemed dangerous. Endpoint solutions may isolate or clean up detected malware. Machine learning analysis correlates dispersed abnormal events into comprehensive timelines of sophisticated hacking campaigns or infections spreading internally. Behavioral heuristics acknowledge when traffic or files deviate significantly from normal patterns, allowing some zero-day threats to be stopped based on anomalies rather than exact signatures alone (Sengupta et al., 2020). Given the continuously evolving nature of security risks, around-the-clock monitoring and quick response capabilities are important. IDS and IPS collaboration via sharing observed threat intelligence also multiplies protections across many protected networks or customer environments.

By implementing IDS and IPS as described, the company gains robust detection and prevention for both external hacks and internal issues. The technologies chosen provide network and endpoint activity visibility to analyze for security issues or policy violations (Tang & Elhoseny, 2019). Early warning of attacks and automatic blocking assistance greatly boost the security posture relative to relying on isolation and firewalls alone. Regular reviews of logs and alerts ensure prompt response and continuing relevance of deployed detection methods.

Conclusion

The network architecture and controls proposed to provide a balanced, active approach to securing SecureTech's expanding infrastructure. Logical segmentation establishes internal security boundaries that compartmentalize risk. Access governance restricts activity oversight. Intrusion monitoring systems augment traditional firewalls with proactive threat identification and response. Together, these technical and policy-based security measures implement best practices appropriate for SecureTech's environment. When configured and reviewed as suggested, they will protect network users and assets to support the company's continued secure operations and growth.

References

AlMeraj, Z., Alenezi, A. K., & Manuel, P. D. (2023). RETRACTED ARTICLE An empirical investigation into organisation cyber security readiness from the IT employee and manager perspectives. Electronic Government, an International Journal, 19(5), 539-559.

Arogundade, O. R. (2023). Network security concepts, dangers, and defense best practical. Computer Engineering and Intelligent Systems, 14(2).

Aswathy, S. U., & Tyagi, A. K. (2022). Privacy Breaches through Cyber Vulnerabilities: Critical Issues, Open Challenges, and Possible Countermeasures for the Future. In Security and Privacy-Preserving Techniques in Wireless Robotics (pp. 163-210). CRC Press.

Atkinson, E., Spillane, J., Bradley, J., & Brooks, T. (2022). Challenges in the adoption of mobile information communication technology (M-ICT) in the construction phase of infrastructure projects in the UK. International Journal of Building Pathology and Adaptation, 40(3), 327-344.

Bandari, V. (2023). Enterprise data security measures: a comparative review of effectiveness and risks across different industries and organization types. International Journal of Business Intelligence and Big Data Analytics, 6(1), 1-11.

Garbis, J., Chapman, J. W., Garbis, J., & Chapman, J. W. (2021). Intrusion Detection and Prevention Systems. Zero Trust Security: An Enterprise Guide, 117-126.

Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC press.

McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.

Rao, M. (2023). Enabling OpenAthens-Single Sign-On (SSO) Remote Access Authentication to e-Resources: A Case Study. DESIDOC Journal of Library & Information Technology, 43(5).

Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., & Kambhampati, S. (2020). A survey of moving target defenses for network security. IEEE Communications Surveys & Tutorials, 22(3), 1909-1941.

Sultana, T., Almogren, A., Akbar, M., Zuair, M., Ullah, I., & Javaid, N. (2020). Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Applied Sciences, 10(2), 488.

Tang, Y., & Elhoseny, M. (2019). Computer network security evaluation simulation model based on neural network. Journal of Intelligent & Fuzzy Systems, 37(3), 3197-3204.

Upadhyay, D., & Sampalli, S. (2020). SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Computers & Security, 89, 101666.