Answered You can hire a professional tutor to get the answer.

QUESTION

Subject: Defense in depth is a key concept of information security.

I need help finding the best way to go with this I have a subject posted below and the template not sure how to go forward.:

Subject:

Defense in depth is a key concept of information security. By having multiple layers, one can rest assured that even if one layer fails the other layers will take their place. However, what about insider threats? What happens when an attacker bypasses all the layers of defense because they are already inside the network. As has been said by the It Security Central "Almost 58% of organizations that had security incidents over 2017 blamed them on insiders. 45% respondents, whether or not they experienced a security incident, still see their own employees as the biggest threat to security."  ("Insider Threat Statistics: 2018 Research Reports and Surveys" 2018). The biggest issue is insider threats and how best to defeat or mitigate them. There are several different possibilities however the best one would be a SIEM. By using such a software tool, one can monitor the users and if there is unusual activity or traffic can immediately inform the appropriate group such as a security operations center (SOC).

Thus, the implementation of this plan to prevent insider threats and breaches is to install a SIEM and monitor user activity over a period of weeks to get a proper baseline. The research methodology will require various neutral third-party outsiders to conduct a white-box pentest as though they were an employee of this company at various levels. By doing so we can see where the weakness of security is and then if the SIEM is indeed addressing them.

As discussed above implementation of this proposal will be a focus on distinct stages first installing SIEM software than getting various baselines from appropriate users. By doing so this will allow a more accurate picture of an appropriate pattern of behavior from end-users. The most efficient proposed outcomes from this would be in the end a technology infrastructure that is highly resistant to insider threats. This will be verified by various pentests from inside the network. This outcome no way in seeks to diminish the security from outside the organization merely seeks to stress the most likely vector of attack.

questions:

Problem Statement

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question