Final paper
Running Head: CYBER SECURITY 0
Improvement Plan Outline
Suresh Sevarthi
Lam Than
Wilmington University
03/19/2017
Improvement Plan Outline
Introduction
Definition of cybersecurity
Objectives of cybersecurity implementation plan
Maintain data integrity
Protect confidentiality
Ensure availability
Current state description
Identifying risks and vulnerabilities
Hardware and software configuration
Unsecured user accounts
Misconfigured internet services
Unsecured setting within the network equipment
Network design
Technological weaknesses
TCP/IP protocol weaknesses
OS weaknesses
Network equipment weaknesses
Internet security policy
Develop a written policy
Application of logical access controls
Software and hardware installation policy
Developing disaster recovery plan
Overview of network weaknesses
Wireless access points
Internal unauthorized access
USB flash drives
Threats and vulnerabilities facing ICS
Unstructured threat from inexperienced employees
Structured threat from experienced hackers
External threat
Understanding of applicable regulations
1. CFATS compliance inspection
Preparation for inspection
Site map and current chemical inventory list
Documents showing changes to the existing security measures
Documents to explain the procedures involved in storage and transportation of chemicals.
Documented progress of planned security measures
The key human resource involved
The inspection process
Observations
Interviews
Review of documents referenced in the security plan
Testing of the systems
F. Desired future state
To have all stakeholders responsible for the ICS security
A divided corporate and control network
Use of the recommended risk analysis and risk reduction methodologies
Safe and secure working internal and external environment
Five areas of cyber-security to improve
Develop a formal plan security
Protect all computer networks and applications
Protect the firm against internal and external threats
Recruiting the required human resource to implement the cybersecurity system
Investing cybersecurity training and education
H. Conclusion
Emerging issues in network security
Challenges facing cybersecurity
Continuous network monitoring and assessment