IT 253 Project Two Security Plan 2021 PDF

Preview

Summary

IT-253 Project Two Security Plan June 2021. This class was very interesting I hope this helps you as much as possible....

Description

IT 253 Project Two Security Plan Joseph Quinn

A good Security Plan is comprised of multiple components including an Acceptable Use Policy, Authorized Access Policy, Configuration Management Policy, Password Policy, Code of Ethics, etc. Below, we will expand on some specific topics. A. Roles and Responsibilities Within the Security Plan, we will identify and define some specific Roles and their respective Responsibilities. Chief Information Officer (CIO) - Allocating resources to protect the systems supporting business functions. - Ensuring systems are protected by approved security plans. - Ensuring an organization-wide IT security program that is implemented effectively. System Owner / Network Administrator - Addressing user access business systems. - Ensuring compliance with IT security requirements. - Developing and maintaining the system security plan. - Ensuring systems are deployed and operated in accordance with security controls. System Security Engineer - Designing and developing systems - Upgrading legacy systems - Coordinate any security-related activities with appropriate personnel. System Administrator - Installing, configuring, and updating hardware and software - Establishing and managing user accounts - Oversee backup and recovery tasks. - Implement technical security controls. B. User Awareness Training Aside from the standard new hire training, additional information security training must be provided to increase and maintain employee awareness of threats and vulnerabilities. We will implement

1

simulated phishing email tests and measure the user awareness and response. Monthly, we will publish a Security Bulletin with the phishing results measured against our KPI’s (Key Performance Indicators). We will also perform yearly refresher training that will be documented for auditing purposes. C. Access Control Access control within the security plan should be broken out into two categories: physical access and systems access. Physical access to building, rooms, etc. will be controlled by employee badges with RFID technology. Badges will be created for each new employee at time of hire. Employees will initially be granted access to their primary work location. If the employee requires badge access to any other controlled location, a Service Desk ticket will be entered. The Service ticket will initiate a workflow to the employee’s Supervisor and the designated location owner for approval. All approvals will be recorded in Service Desk for audit purposes. Each scan of the employee’s badge will be recorded with timestamp and location accessed. Network and system access will be controlled in the same manner as badge access. The employee will be granted an AD account with the least privileges when hired. The employee’s Supervisor will be responsible for requesting needed systems access through a Service Desk ticket. Service Desk will create child tickets for each system’s access request. Each child ticket will initiate a workflow to the ticket user’s Supervisor and the individual system’s owner for approval. All approvals will be recorded in Service Desk for audit purposes. D. Vulnerability Management Our Vulnerability Management Plan will consist of three components. These are described in detail below. 1. Identify – The Identify component will encompass a full asset inventory. We will standardize our baseline standards and configuration for the assets. These configurations will include changes to default configurations for hardware such as default passwords and programs. 2. Evaluate – The Evaluate component will consist of our Patch Management plan. Within this plan, we will review system patches and determine if they are needed. If needed, we will test each patch and devise an implementation plan. In this component, we will also evaluate any threats identified in the first component.

2

3. Treat – In the Treat component, we will implement necessary patches and fixes from component number two. For patches, these will be reviewed during the Change Control Board weekly meeting to determine business impacts and timing for implementation. Each item reviewed at the CCB meeting will have documented testing results as well as impact analysis for future auditing purposes. Remediation and/or mitigation for identified threats will also be reviewed in the CCB meetings with urgency placed on timing. Solution implementation for threats is critical to reduce the window of opportunity for threat actors. E. Backup and Recovery Our Backup and Recovery will be dictated by our Business Continuity Plan (BCP) and Disaster Recovery Plan (DR). These will set a baseline tolerance for acceptable downtime. 1. The BCP defines how we continue to operate during an unplanned service disruption. The BCP will outline data backup plans, backup site locations, equipment needs, and contact information. 2. The DR is a component of the BCP. The DR outlines items such as strategies for handling disruptions to hardware, reestablishing office, and enterprise software to meet key business needs, and manual workarounds for operations to continue until systems can be restored. We will utilize a warm site backup facility based upon the business-critical needs identified in our BCP. A warm site backup is the middle ground for recovery options. As depicted in the graphic below, failover occurs with hours to days with minimal data loss.Our backup strategy will consist of a weekly full backup scheduled during the weekend. During the week, we will run a daily differential backup. This differential backup will only back up the data that has changed since the last full backup.

3. Setup to be less restrictive to prevent blocked access that is needed. Once the user is in the DMZ, they can view and order any product. Once the order is placed and sensitive data such as credit card information is provided, that information is passed through the second, more restrictive firewall into our internal network. The first firewall being less restrictive does open our threat landscape. If attacks occur or threats are identified in the DMZ, that provides more time to identify the threat and stop it before it reaches our internal network.

4.The second security measure could be to implement multi-factor authentication or MFA. MFA is used to ensure that users are who they say they are. This is accomplished by the user providing at least two pieces of evidence to prove their identity. These pieces of evidence could be something they know, something they have, or something they are. An example of MFA would be texting a single-use security code to the user’s cell phone. “A recent Ping Identity survey revealed that IT and security professionals consider multi-factor authentication to be the most effective security control they have in place for protecting both on-premises and public cloud data.”

3

References CSRC. (n.d.). NIST Releases SP 800-12 Rev.1. From https://csrc.nist.gov/News/2017/NISTRelease-SP-800-12-Rev-1 Greycampus. (n.d.). Greycampus.com. From https://www.greycampus.com/blog/informationsecurity/determining-the-duties-and-resposibilities-of-an-it-security-team. Reed, J. (n.d.). Comparison of Disaster Recovery Sites Which one to Choose? From https://www.nakivo.com/blog/overview-disaster-recovery-sites/ Security, S. (n.d.). Roles and Responsibilities Information Security. From https://www.rit.edu/security/content/roles-and-responsibilities. Wold, A. (2021, April). Best Practices How to Secure Your Internet-Facing Infastructure Today . From https://articwolf.com/resources/blog/best-practices-how-to-secure-your-internetfacing-infastructure-today.

4...