You Are Tasked To Select A Company You Are Familiar With

Posted on December 26, 2025

You Are Tasked To Select A Companythat You Are Familiar With That Is

You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit, and provide guidance on how it can provide security for its infrastructure. The case study shows a company that is growing, and its security posture needs to be updated based on this growth.

Based on the recent initial public offering (IPO), the company has new regulatory requirements that it must meet. To meet these requirements, a review of the current security must be conducted. This provides a chance to review the current security mechanisms and analyze the threats that the company could face. In addition, the company needs to expand its current network infrastructure to allow employees to work more efficiently, but in a secure environment. What problems does the company currently face, and how does the expansion pose new threats?

Choose and describe the company that you will use in the scenario. Describe the need for information security, what potential issues and issues risks exist, and what benefits the company can gain from the new project. Describe what new challenges exist with the new project to allow consultants to work on-site. What challenges now apply to the company with respect to the recent IPO? The template document should follow this format: Security Management Document shell Table of Contents (TOC) Use an autogenerated TOC.

This should be on a separate page. This should be a maximum of 3 levels deep. Be sure to update the fields of the TOC so that it is up-to-date before submitting your project. Section Headings (create each heading on a new page) Introduction to Information Security - 2–3 pages long. This section will describe the organization and establish the security model that it will use.

Choose and describe the company that you will use in this scenario. Describe the need for information security, what potential risks or issues exist, and what benefits the company can gain from the new project. Describe what new challenges exist with the new project to allow consultants to work on-site. What challenges now apply to the company with the recent IPO taking place? Security Assessment- 2–3 pages long.

This section will focus on risks that are faced by organizations and how to deal with or safeguard against them. A description of typical assets A discussion about the current risks in the organization with no network segregation to each of the assets A discussion about specific risks that the new consultant network will create Details on how you will test for risk and conduct a security assessment A discussion on risk mitigation Access Controls and Security Mechanisms - 2–3 pages long. This section examines how to control access and implement sound security controls to ensure restricted access to data. For each of the applications and systems that were described in IP 2, describe the access control mechanisms that are needed for each.

Describe how the new expanded network can be protected through access control. Describe SSO and VPN technology, and discuss whether they can be used in the company Security Policies, Procedures, and Regulatory Compliance - 2–3 pages long. This section will focus on the protection of data and regulatory requirements that the company needs to implement. List and describe the regulatory requirement that was introduced by the IPO. List and describe at least 5 policies that the company needs.

From the list of policies, list and describe at least 3 controls that the company needs to implement. Describe the data at rest and data in motion and how they can be protected Network Security - 4–5 pages long (2–3 pages of network topology, 1–2 pages of IPS and IDS). This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level. Propose an appropriate network infrastructure that offers sound security practices for the existing intranet and the new proposed expansion. Create and describe a diagram of the network architecture, discussing how it can meet the goals of the company.

Describe the access controls and how the company can ensure that devices and topology are effective and working to protect the company infrastructure. Review and describe the need for intrusion detection systems (IDS) and intrusion prevention systems (IPS). Discuss how they can effectively be used in a network operation setting. Ensure that there is an appropriate use of the IDS and IPS in the network diagram. Power Point Presentation: As a final deliverable to the management team, create a Power Point presentation that summarizes the solutions outlined in the Key Assignment template.

In addition, describe why the proposed solution is the correct method or mechanism to be implemented. Remember that the presentation is for the management team and should contain the appropriate level of detail.

Paper For Above instruction

Introduction to Information Security

In today's digital age, organizations face an increasing array of security threats that jeopardize their assets, data integrity, and reputation. This is especially true for rapidly growing companies undergoing significant changes such as an initial public offering (IPO). For this scenario, I have chosen a mid-sized technology firm, TechGenius Inc., which recently completed its IPO and is experiencing accelerated growth. TechGenius specializes in cloud computing services and software development, serving clients globally and fostering innovation through its expanding infrastructure.

The need for robust information security in TechGenius arises from multiple factors. Firstly, regulatory requirements introduced by the IPO compel the organization to demonstrate compliance with standards such as the Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), and industry-specific directives like ISO/IEC 27001. Secondly, the company's expanding network infrastructure increases the attack surface, raising risks of data breaches, insider threats, and unauthorized access. Additionally, the workforce's shift to remote and on-site work due to business demands necessitates secure access controls and authentication mechanisms.

The primary goal of enhancing information security measures is to protect the company's critical assets—including customer data, intellectual property, and financial information—while enabling efficient operations. An effective security model for TechGenius incorporates layered defenses, incorporating physical security, network security, application security, and user awareness programs. This layered approach ensures that even if one mechanism is compromised, others provide continued protection against threats.

In terms of benefits, upgrading security infrastructure will foster client trust, enable compliance with regulatory demands, reduce risk exposure, and support continued innovation and growth. Furthermore, by securing remote work environments and integrating new network expansion plans, TechGenius can maintain seamless operations without compromising security integrity.

Security Assessment

Assessing the current risks faced by TechGenius requires detailed identification of its most valuable assets. These include customer databases, proprietary source code, vendor relationships, employee credentials, and financial data. Presently, the company operates an integrated network without adequate segmentation, interconnected through a centralized infrastructure that exposes multiple assets to potential threats.

The lack of network segmentation means that a successful intrusion into one segment could allow lateral movement across the entire network. For instance, malware infiltrating the HR system could potentially access financial records or source code repositories. The primary risks, therefore, include data breaches, insider threats, malware infections, and denial of service (DoS) attacks.

Concerning the new consultant network—set up to facilitate on-site work—specific risks emerge related to insider threats, insecure device configurations, and insufficient access controls. Consultants accessing sensitive systems from external devices increase the likelihood of compromised credentials or malware introduction. Additionally, external access increases the possibility of espionage or accidental data leakage.

Risk mitigation strategies involve conducting regular vulnerability assessments, penetration testing, and implementing security controls such as firewalls, endpoint protection, and encryption. An ongoing security assessment process should include vulnerability scans, intrusion detection, and continuous monitoring to identify and respond to threats promptly. It is essential also to establish incident response plans and user training to foster a security-aware culture within TechGenius.

Access Controls and Security Mechanisms

Effective access control mechanisms are critical to restrict unauthorized access to sensitive systems and data. For applications such as customer relationship management (CRM), source code repositories, and financial systems, role-based access control (RBAC) should be implemented. RBAC assigns permissions based on job functions, limiting access privileges to the minimum necessary.

The expanded network must be secured through multiple layers of controls. Implementing strong authentication methods like multi-factor authentication (MFA) enhances user verification, especially for remote and on-site consultants. Single Sign-On (SSO) systems can streamline user access while maintaining security, reducing password fatigue and related vulnerabilities. Moreover, Virtual Private Networks (VPNs) can enable secure remote access, encrypting communications between remote users and the organization's core network.

SSO allows users to authenticate once and access multiple systems seamlessly, decreasing login fatigue and reducing password-related vulnerabilities. VPNs provide encrypted tunnels for remote connections, safeguarding data in transit. Both technologies are applicable in TechGenius, but they require careful configuration and management to prevent potential security gaps.

Security Policies, Procedures, and Regulatory Compliance

Following the IPO, TechGenius must comply with growing regulatory requirements. The Sarbanes-Oxley Act mandates stricter financial data controls, while GDPR emphasizes data privacy and breach notifications. Additionally, ISO/IEC 27001 certification demands comprehensive security policies across organizational processes.

The firm must develop and enforce policies such as Data Privacy Policy, Access Control Policy, Incident Response Policy, Password Management Policy, and Data Retention Policy. These policies ensure standardized procedures for handling data security, privacy, and breach responses.

Key controls to support these policies include encryption of data at rest and in transit, regular audits of access logs, and strict password policies incorporating MFA. Protecting data in motion involves secure communication protocols like TLS, while data at rest should be encrypted using AES or similar standards.

Network Security

The backbone of the company's security framework lies in a well-designed network architecture. The existing infrastructure should incorporate segmented network zones—such as a demilitarized zone (DMZ) for public-facing services, internal LAN for employee devices, and a secured datacenter subnet for sensitive data.

A typical architecture diagram would feature perimeter firewalls controlling access between the internet and internal networks, with additional internal firewalls segmenting different departments and functions. Secure switches and routers enforce access policies, while VPN gateways enable remote employees and consultants to connect securely.

Implementing intrusion detection systems (IDS) and intrusion prevention systems (IPS) is critical for real-time threat detection and response. IDS monitors network traffic for suspicious activities, alerting security personnel, whereas IPS can actively block malicious traffic based on predefined signatures or anomaly detection models.

Proper placement of IDS/IPS within the network—such as between the web server and internal network—ensures comprehensive monitoring. Regular updates of signature databases and configuration tuning optimize their effectiveness. Additionally, a security information and event management (SIEM) system can aggregate logs and alerts, providing insights for proactive threat management.

Conclusion

Securing a growing company like TechGenius post-IPO requires a comprehensive approach integrating physical, network, and application security controls. Conducting a thorough risk assessment, implementing layered access controls, ensuring regulatory compliance, and deploying advanced network security measures such as IDS/IPS are essential for robust protection. The proposed architecture and security policies will not only meet current regulatory demands but also provide scalable security as the company continues to expand and innovate.

References

Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements.
Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning.
NIST. (2022). Framework for Improving Critical Infrastructure Cybersecurity. NIST Cybersecurity Framework.
SANS Institute. (2021). Securing Networks and Systems. SANS Whitepapers.
Post, T., & Van Fleet, E. (2021). Corporate Cybersecurity Strategies and Risks. Journal of Cybersecurity, 7(2), 45-59.
Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company.
Stallings, W. (2020). Network Security Essentials: Applications and Standards. Pearson.
Turban, E., Volonino, L., & Wood, G. (2018). Information Technology for Management: Digital Business and Data Analytics. Wiley.
UE United States Department of Homeland Security. (2020). Building a Secure Network Architecture. DHS Publications.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.