- GFI SECURITY RISK ASSESSMENT
- Security Risk Assessment (SRA)
- Impact of the Risk
- Network Office Topology
- Access Points
- Network Security
- Internal Access
- External Access
- Access Controls
- Privileged Access
- Cloud Computing
- Risk Mitigation
- Wi-Fi Access
GFI SECURITY RISK ASSESSMENT
In the past several years, GFI has encountered various cyber-attacks, resulting in revenue loss of over $ 1.700,000 and inevitable client trust. Oracle database server was hacked during 2012, and the database of customers was lost availability for seven days. All the confidential data was hacked by hackers. Although we re-established the Oracle database server on the Web, because of the security lost organization's notoriety was damaged. This is one of the reasons for CEO John Thompson to worry about cyberattack, for which the strategy of success is accessible on the privacy and integrity of the organization.
Due to the increase in the dependency of operation of technology and with the decreasing footprints hired me as manager of computer security. I was reporting directly to Mike Willy who was Chief Office at Operations. However, I and CEO know the value and importance of IT in the business plan, outsourcing IT to third parties and cutting these services can be very harmful to the privacy and security of the company.
The recent mistake of GFI has increased significantly in crossing network traffic in the internal network, the origins of traffic are not identified even by a network engineer. To protect business intelligence, confidential data of company and information of customers properly, an SRA is presented.
Security Risk Assessment (SRA)
Impact of the Risk
Network Office Topology
Every system is configured with the server and applications for that individual user, which allow the right level of classification, based on their access policies. It guarantees that the possibility of ??role-based access control, which is currently working for every employee to isolate the benefits and access level. It assures that the idea of ??role-based access control, which is actively working for each employee to isolate the appropriate access level and privileges. Perhaps there will also be auditing and reporting systems to monitor employee's activities to protect the company from insider hazards. The implementation of many security policies will also help in the protection of property.
ACL which is also known as Access Control List will be the first security policy. And this will manage who will have control of VLANs and classified contents. They will be also acting as separate ways in which you control the networks, such as email, print and application servers. Failure to apply ACL can create a high risk for privacy and integrity.
Within the internal network of GFI, group policy will be used for network security. Group Policy is an infrastructure that permits an admin of a system or network who is responsible for Microsoft's Active Directory to actualize arrangements for clients and PCs. Group Policy can be utilized to characterize client, security and systems administration policies at the level of the machine. (Microsoft, n.d.)
Scalability is another drawback, because the number of people who need to communicate needs similar keys, and keys must be managed, and all keys should be managed.
The third fault is the delivery of Secure key because the destination must be given with a key through a secure courier. The asymmetric system uses another ideal solution, which allows for a key that encodes and which can decode. Public Key is used by these systems that is obtainable by someone and a private key that allows for more variation from the symmetric system.
Both Public and Private keys together make asymmetric keys. Anyone can know about the public key, but only the assigned user should be using the private key. Scheme of trusting is used by PGP where 2 user keys are generated for use, a public key that is stored centrally, which is open to all and the private key which is held in trust by the user. At the point when the message is received, the beneficiary decrypts or decodes the message with his private key and approves its authenticity with the public key of the sender. (Microsoft, 2007)
As indicated by Tech-Republic, organizations have numerous authentication techniques to guarantee the security of their system and topology infrastructures. (Shinder, 2001) The choices accessible for organizations incorporate however are not constrained to the following:
Password Authentication Protocol or PAP
Single Sign-On (SSO)
The Extensible Authentication Protocol (EAP)
Changes in the security label of resource can be only made by admin, not even data owners can make changes.
Security level is assigned to the data which used to reflect its relative sensitivity, privacy and security values.
Apart from the granted classification, the user can read from a lower classification. Unclassified data can be accessed by a "secret" user.
Users are granted to write to higher classification whereas top secret resource can be accessed by “secret” user.
Users are granted permission for reading/write access but only to same classified objects (Only a secret user can read/write secret documents).
Access is restricted or granted based on the time of an access based on labeling and processing of user credentials (based on policy).
Following are the benefits:
1.Ability to scale on demand
6.Big Data insights
7.Keeping your Data Secure
Already implemented with strong security features, we will use McAfee Endpoint Security with Microsoft Azure. MESMA easily integrates with Microsoft Azure using the Azure Power Shell platform and provides advanced security for all its finishing points. (McAfee, 2018)
Hidden SSID or network cloaking in the framework of GFI. In this wireless network name or SSID is hidden or invisible, although it is just a supplementary method and will be applicable only for inexperienced users.
The highest level of WIFI encryption will be used which is WPA2-PSK (AES).
Two separate WIFI will be there one for an employee with SSID name: GFI_Employees and other for guest with SSID name: GFI_Guest.
We will use IPSec for encrypting data transmitted within the GFI network. This technique uses packet filtering and the technique of cryptography. (Dhall, Dhall, Batra, & Rani, 2012)
Mobile Device Management for tracking all the devices in the network.
McAfee End Point protection for preventing the leakage of data.
MAC will be used to separate the resources of GFI from other resources.
Use of PAP and Smart Cards
A security policy will be prepared for the entire company and all employees should sign it and they will not be allowed to share the use of their personal logs.
The immediate effective requirement of quick response to any problems of security by any worker or employee of GFI.
PC security group will manage the security arrangements.
All progressions must be endorsed by the director, approved by CSM, executed by chairman and later verified, tried and maintained and kept up by the CSM.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the studentsPlace Your Order
Basole, R. C. (2008). Enterprise mobility: Researching a new paradigm. Retrieved 2 15, 2018, from https://robertoigarza.files.wordpress.com/2008/11/art-enterprise-mobility-researching-a-new-paradigm-basole-2008.pdf
Dhall, H., Dhall, D., Batra, S., & Rani, P. (2012). Implementation of IPSec Protocol. Retrieved 2 15, 2018, from http://ieeexplore.ieee.org/document/6168355
Image. (n.d.). Retrieved 2 15, 2018, from Wikipedia: The Free Encyclopedia: http://upload.wikimedia.org/wikipedia/commons/thumb/0/01/Internetprotocolsecurity-fr.svg/500px-Internetprotocolsecurity-fr.svg.png
Kratky, R., & Ancincova, B. (2016). Redhat. Retrieved from Red Hat Enterprise Linux 6 Security-Enhanced Linux: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/chap-Security-Enhanced_Linux-Introduction.html
McAfee. (2018). McAfee Endpoint Security for Microsoft Azure Environments. Retrieved from McAfee: https://www.mcafee.com/uk/products/endpoint-protection/endpoint-security-microsoft-azure.aspx
Microsoft. (2007, 10 26). Description of Symmetric and Asymmetric Encryption. Retrieved from Microsoft Support: https://support.microsoft.com/en-us/kb/246071
Microsoft. (2016). IPsec. Retrieved from Microsoft TechNet: https://technet.microsoft.com/en-us/library/bb531150.aspx
Microsoft. (2016). What is VPN? Retrieved from Microsoft TechNet: https://technet.microsoft.com/en-us/library/cc731954(v=ws.10).aspx
Microsoft. (n.d.). How Core Group Policy Works - technet.microsoft.com. Retrieved 2 14, 2018, from Microsoft: https://technet.microsoft.com/en-us/library/cc784268(v=ws.10).aspx
Miller, R. (2016, July 2). How AWS came to be. Retrieved from Tech Crunch: https://techcrunch.com/2016/07/02/andy-jassys-brief-history-of-the-genesis-of-aws/
Misra, S. C., Kumar, V., & Kumar, U. (2007). A strategic modeling technique for information security risk assessment. Information Management & Computer Security, 15(1), 64-77. Retrieved 2 14, 2018, from http://emeraldinsight.com/doi/abs/10.1108/09685220710738787
NIST SP 800-30, Risk Management Guide for ... (n.d.). Retrieved 2 14, 2018, from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Plósz, S., Farshad, A., Tauber, M., Lesjak, C., Ruprechter, T., & Pereira, N. (2014). SECURITY VULNERABILITIES AND RISKS IN INDUSTRIAL USAGE OF WIRELESS COMMUNICATION. Emerging Technology and Factory Automation (ETFA), 1-8. Retrieved 2 15, 2018, from IEEE ETFA 2014 - 19th IEEE International Conference on Emerging Technology and Factory Automation: https://www.researchgate.net/publication/264436422_SECURITY_VULNERABILITIES_AND_RISKS_IN_INDUSTRIAL_USAGE_OF_WIRELESS_COMMUNICATION?ev=prf_pub
Schmittling, R., & Munns, A. (2010). Performing a security risk assessment. ISACA Journal, 18.
Schmittling, R., & Munns, A. (2010). Performing a Security Risk Assessment. Retrieved from ISACA: http://www.isaca.org/journal/archives/2010/volume-1/pages/performing-a-security-risk-assessment1.aspx
Shinder, D. (2001, 08 28). Understanding and selecting authentication methods ... Retrieved 2 15, 2018, from the Tech Republic: http://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/
Stoneburner, G., Goguen, A., & Feringa, A. (2002, July). Risk Management Guide for Information Technology Systems. Retrieved from Department of Health & Human Services: http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Trend Micro. (2015). Deep Security 9.6. Retrieved from Trend Micro: http://www.trendmicro.com/cloud-content/us/pdfs/business/datasheets/ds_deep-security.pdf