To practice the formal procedure of system/network security analysis and planning.
To examine the vulnerability and security needs of a private organization.
To devise strategies to overcome potential malicious attacks, threats, and risks.
You have just been hired as an Information Security Officer (ISO) for a mobile app development company. The organization network structure is identified in the below network diagram and some services may inadequate and absent.
The network specifically contains:
1-Web/FTP server with Linux operating system using port 80 and port 21
1-Email Server with Exchange 2010 using port 25
2-Active Directory Domain Controllers (DC) with Windows Server 2016 operating system
2-Domain Name Service (DNS) Servers with Windows Server 2016 operating system
2-Windows file servers using port 21
3-Wireless Access Points (WAP) encrypted with WEP protocol.
100 – Desktop/Laptop computers with Windows 10 operating system
2- Multifunction printers (print, copy, scan, fax)
1- Voice Over IP (VOIP) telephone system with 100 IP phones
The company is in a single, two story building with no fencing. The entire building is accessed using a permanent 4-digit pin. A single security guard is located on the second floor of the building. The security guard works Monday – Friday, 8AM to 5PM. Users are in open area cubicles on the first floor of the building. The employee work area is an open floor with no wall separating areas. The data closet is also located on the first floor of the building near the front entrance and the HVAC system in the middle of the first floor. The data closet is accessible by anyone who knows the 4-digit permanent pin that is distributed to all employees. The facility maintenance generally cleans the building on the weekends when building with no employees or security personnel present.
The Chief Information Officer (CIO) has seen reports of malicious activity increasing and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first work assignments with the company, the CIO requested you identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. In addition, the CIO would like you briefly explain each item and potential impact it could have on the organization.
Write a four to six (4-6) page paper in which you:
Analyze five (5) or more specific potential malicious attacks and/or threats that could be carried out against the network and organization.
Explain in detail the potential impact of the five (5) or more selected malicious attacks.
Propose at least nine (9) – 3 of each type of security controls (administrative, logical/technical, and physical) that you would consider implementing to protect against the selected potential malicious attacks.
Analyze three (3) or more potential risks for data loss and data theft that may exist in the documented network and applications.
Explain in detail the potential impact of the three (3) or more selected risks for data loss and data theft.
Propose at least three (3) – 1 of each type of security controls (administrative, logical/technical, and physical) that you would consider implementing to protect against the selected risks for data loss and data theft.
List and provide a product overview of only two (2) alternatives for each logical/technical security control for both data loss/theft and malicious attacks. Include web links to the products and why those products should be considered.
Use at least five credible and quality resources. Your external resources should not be more than two to three (2-3) years old.
Note: Wikipedia and similar websites do not constitute as credible and quality resources.
Single Word document
Times New Roman, size 12 font
One-inch margin on all sides
Citations and references must follow APA format
Include a cover page containing:
Title of the assignment
Assignment due date
Note: The cover page and reference page are not included in the assignment page length requirement.
network securitycomputer science