Homework: Security
• Objectives
o To practice the formal procedure of system/network security analysis and planning.
o To examine the vulnerability and security needs of a private organization.
o To devise strategies to overcome potential malicious attacks, threats, and risks.
• Target Network
You have just been hired as an Information Security Officer (ISO) for a mobile app development company. The organization network structure is identified in the below network diagram and some services may inadequate and absent.
Network diagram
The network specifically contains:
1) 2-Switches
2) 1-Web/FTP server with Linux operating system using port 80 and port 21
3) 1-Email Server with Exchange 2010 using port 25
4) 2-Active Directory Domain Controllers (DC) with Windows Server 2016 operating system
5) 2-Domain Name Service (DNS) Servers with Windows Server 2016 operating system
6) 2-Windows file servers using port 21
7) 3-Wireless Access Points (WAP) encrypted with WEP protocol.
8) 100 - Desktop/Laptop computers with Windows 10 operating system
9) 2- Multifunction printers (print, copy, scan, fax)
10) 1- Voice Over IP (VOIP) telephone system with 100 IP phones
The company is in a single, two story building with no fencing. The entire building is accessed using a permanent 4-digit pin. A single security guard is located on the second floor of the building. The security guard works Monday - Friday, 8AM to 5PM. Users are in open area cubicles on the first floor of the building. The employee work area is an open floor with no wall separating areas. The data closet is also located on the first floor of the building near the front entrance and the HVAC system in the middle of the first floor. The data closet is accessible by anyone who knows the 4-digit permanent pin that is distributed to all employees. The facility maintenance generally cleans the building on the weekends when building with no employees or security personnel present.
Details
The Chief Information Officer (CIO) has seen reports of malicious activity increasing and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first work homeworks with the company, the CIO requested you identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. In addition, the CIO would like you briefly explain each item and potential impact it could have on the organization.
Write a 4 to 6 pages paper in which you:
A. Analyze five or more specific potential malicious attacks and threats that could be carried out against the network and organization.
B. Explain in detail the potential impact of the five or more selected malicious attacks.
C. Propose at least nine- 3 of each type of security controls (administrative, logical/technical, and physical) that you would consider implementing to protect against the selected potential malicious attacks.
D. Analyze three or more potential risks for data loss and data theft that may exist in the documented network and applications.
E. Explain in detail the potential impact of the three or more selected risks for data loss and data theft.
F. Propose at least three- 1 of each type of security controls (administrative, logical/technical, and physical) that you would consider implementing to protect against the selected risks for data loss and data theft.
G. List and provide a product overview of only two alternatives for each logical/technical security control for both data loss/theft and malicious attacks. Include web links to the products and why those products should be considered.
Format your homework according to the give formatting requirements:
• The answer must be using Times New Roman font (size 12), double spaced, typed, with one-inch margins on all sides.
• The response also includes a cover page containing the student's name, the title of the homework, the course title, and the date. The cover page is not included in the required page length.
• Also include a reference page. The references and Citations should follow APA format. The reference page is not included in the required page length.