The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?
1. A description of typical assets
2. A discussion about the current risks in the organization with no network segregation to each of the assets
3. A discussion about specific risks that the new consultant network will create
4. Details on how you will test for risk and conduct a security assessment
5. A discussion on risk mitigation