In This Course, You Will Be Creating An Enterprise Security ✓ Solved

In this course, you will be creating an Enterprise Secu

In this course, you will be creating an Enterprise Security Strategy Plan that will consist of 5 sections. The report can be based upon a real company that you know of or work with. If that is not possible, you can create a fictional company. You may use a pseudonym for the company if you wish.

Section 1: Company Overview

Business Goals:

a. Description of the subject company

b. 4 to 5 business goals as they relate to doing secure business.

Overall Security Strategy:

a. Description of current approach to security

i. What key methods are used?

ii. How does this company align the methods to their business goals?

Hardware Strategy:

a. A high-level description of the hardware footprint.

b. Executive brief on how the hardware will be secured (use a diagram if necessary).

Software Strategy:

a. A high-level description of the key software and operations.

b. Executive brief on how the software will be secured (use a diagram if necessary).

Section 2: Risks, Standards and Procedures

Section 2 of the Enterprise Security Strategy Plan: Risks, Standards, and Procedures.

· Risk Assessment Plan: Provide a plan on how you would undergo a risk assessment of your company. You are not executing the risk assessment. This is a review of how the risk assessment will be done.

· Standards: Indicate at least 2 standards that will be enforced within your company. These can be either external or internal standards (HIPAA, DES, other encryption standards, etc.). Include a paragraph for each explaining what they are and why they will be necessary to be part of the security implementation.

Section 3: Security Policy

For this section of the plan, create 4 security policies (you may include the policy you created in the previous unit) using the template you created in the Unit 3 Discussion Board. Use one of the following areas to monitor, or you may come up with your own:

· E-mail

· Acceptable use

· Applications

· Internet use

· Mobile devices

· Access control

Section 4: Implementation, Operations and Monitoring

Implementation: Describe your plan for implementing the program. You have identified 3 distinct activities. For each section of the plan, discuss what should happen to roll that area out, what the subtasks are, what deliverables should be created, and what success will look like.

Operations and Monitoring: Select 10 possible areas to monitor. You may select from the following suggestions, or use your own:

· Security incidents (per week/month/year)

· Viruses detected

· Administrator violations

· Spam not detected

· Intrusion attempts

· Intrusion successes

· Invalid log-in attempts

· Number of projects that have information technology (IT) security involvement

· Policy exceptions granted and rejected

· Current deployment of antivirus software

· Alarms and network intrusion attempts

· Number and impact of security incidents

· Volumes of IDs created, deleted, or modified

· Any access keys created or deleted

Explain why you would want to monitor the areas you have chosen. Indicate both the values you would hope to see and the actions you would take if what you saw was not in alignment with that optimal range. Create a table with the following columns:

· Monitoring item

· Why it must be monitored

· Optimal range

· Actions to take if it is not in range

Section 5: Audits and Compliance

Audit Checklist: Based on what is in your risk assessment, policies, and monitoring plans, create your audit checklist. An audit tells you if you did what you said you were going to do. This checklist should include at least 20 items that will be checked during a standard audit.

Create a table with four columns. The title for each column should be as follows:

· Audit Item (under this header, list the 20 items that will be checked)

· Item Described

· Source

· Audit Criteria For the Item Described column, include a sentence or two about the item being audited. The Source should describe where this control came from (such as a policy, monitored control). For the Audit Criteria, include what the auditor should look for, including acceptable ranges.

Assessment Plan: Determine if there is any improvement possible on the existing controls and processes. As you create the assessment plan, keep in mind that an assessment looks for ways to continuously improve. Provide a 10-step high-level assessment approach. An assessment looks for ways to continuously improve. Provide 10 bullet points describing the approach the company would go through to conduct a self-assessment.

Submit all sections of your Enterprise Security Strategy Plan.

Paper For Above Instructions

Creating an Enterprise Security Strategy Plan

The success of an organization in today’s digital age is heavily dependent on having a coherent security strategy. This paper outlines the sections of an Enterprise Security Strategy Plan that aims to protect the information, assets, and individuals of the organization, ensuring sustainable operations and compliance with regulations.

Section 1: Company Overview

Business Goals

Company Name: Tech Solutions Inc.

Tech Solutions Inc. is a mid-sized technology firm specializing in software development and IT consulting services. Their mission focuses on providing innovative solutions to enhance operational efficiency for their clients while maintaining the highest standards of security and integrity in their operations.

The business goals related to secure operations include:

  • Ensure customer data privacy and compliance with GDPR and CCPA regulations.
  • Minimize operational downtime by implementing robust cybersecurity measures.
  • Enhance cybersecurity awareness and training for all employees.
  • Achieve ISO 27001 certification within two years.
  • Implement incident response protocols to reduce the impact of security breaches.

Overall Security Strategy

Tech Solutions Inc. employs a multi-layered security approach that includes perimeter defenses such as firewalls, intrusion detection systems (IDS), and advanced threat protection. The alignment of security methods with business goals is ensured by adopting the latest security technologies and conducting regular security assessments.

Hardware Strategy

The hardware landscape consists of servers, workstations, and mobile devices. All endpoints are monitored for threats, utilizing antivirus programs and device management solutions. A security architecture diagram will detail the various components and their interconnections, highlighting the secure zones.

Software Strategy

Key software includes customer relationship management (CRM) platforms, financial systems, and cloud applications. Security measures such as encryption, access controls, and regular updates are critical. A high-level diagram will illustrate the software environment and the security measures in place.

Section 2: Risks, Standards and Procedures

The risk assessment plan involves identifying assets, evaluating vulnerabilities, and analyzing potential threats. This structured approach will aid in effectively scheduling assessments without disruption to operations.

Standards to enforce include:

  • ISO/IEC 27001: A framework for managing information security that provides guidelines for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS).
  • NIST Cybersecurity Framework: A policy framework designed to protect critical infrastructure that provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Section 3: Security Policy

The following security policies will be developed:

  • Acceptable Use Policy: Guidelines defining acceptable behavior when using company resources.
  • Email Security Policy: Protocols for secure emailing practices to protect sensitive information.
  • Access Control Policy: Rules governing authorization to information systems.
  • Incident Response Policy: Steps to follow in the event of a cybersecurity incident.

Section 4: Implementation, Operations and Monitoring

The implementation plan includes training sessions on cybersecurity, integrating security measures into daily operations, and creating a monitoring system. Monitoring critical areas is essential for capturing relevant data and reacting promptly:

  • Security incidents
  • Viruses detected
  • Intrusion attempts
  • Invalid log-in attempts
  • Policy exceptions

A monitoring table will summarize these items, expressing the importance of each and defining what optimal performance looks like.

Section 5: Audits and Compliance

The audit checklist will ensure the security policies and procedures are followed. Items will include:

  • Review access logs for unauthorized access attempts.
  • Check for completion of required employee security training.
  • Verify compliance with data encryption standards.

The assessment plan will initiate continual improvement of security processes, ensuring they evolve with emerging threats.

References

  • ISO/IEC 27001 Information Security Management.
  • NIST Cybersecurity Framework Overview.
  • GDPR Compliance Guidelines.
  • CCPA Compliance Checklist.
  • Implementing an Incident Response Plan.
  • Understanding Perimeter Security for Small Businesses.
  • Best Practices in Hardware Security.
  • Guide to Software Security and Development.
  • Creating Effective Security Policies for Organizations.
  • Yearly Risk Assessment Planning Guide.

Related Assignments