You are the Manager of Information Security Operations for a medium-sized organization and report directly to the Chief Information Security Officer (CISO) in the Information Security department. The organization consists of a headquarters and six geographically dispersed offices. You work at the headquarters location and manage a team of five security engineers.
The role of the Information Security department is to ensure the confidentiality, integrity, and availability of the organization's data and systems. One of your key responsibilities is understanding, analyzing, and designing the security architecture for the enterprise network. This network not only supports the internal employees of the organization but also leverages the Internet for communication with vendors, customers, and remote employees.
Your team of five security engineers is responsible for the following areas of network security.
Network security policy planning and implementation
Attack prevention and mitigation
Secure authentication techniques
Wireless LAN (WLAN) security and authentication
Hardware firewalls and DMZs
WAN security
Virtual private networks (VPNs)
Remote user security and authentication
Your Assignment
Following a recent increase in cyber-attacks in the industry, the CISO has directed you to develop network security strategies that will ensure that the organization's network is protected from both internal and external security risks.
He will be providing three briefings to the CIO (Chief Information Officer) on specific topics (to be determined) regarding the overall security posture of the organization. The CISO requests that you provide him with a one-page summary on a specific network security-related topic prior to each meeting.
KEY PLAYERS
Back to Top
Raymond Burke, Chief Information Security Officer (CISO)
With the recent increase in cyber-attacks on organizations in our industry, I want to ensure that we are taking proactive measures to stay ahead of the bad guys. I want you to look at our current network security controls and risk management plans to identify where additional network security risk mitigation efforts can be implemented. I will be briefing the CIO on the overall information security posture of the organization and will be asking you to provide me with specific input on your area of responsibility. I don't want too many details, but I do want a one-page summary of your plan to address the topic at hand. Please have your team work closely with Allison Tanney's IT Network department.
Kathy Lee, Security Engineer (IS Department)
We have seen an increase in external scanning attempts against our network. In response, I am running a network security penetration test to see if we have any vulnerabilities or unknown exposures. I am coordinating this test with the IT Network department. Additionally, I have contacted our Firewall and Intrusion Detection System (IDS) vendors to verify that we are up to date on our software. I am still concerned that we only have a network-based IDS installed and have not implemented a host-based system. As you may know, we have a project kicking off in 2 months that will address our data leakage and end-point security issues. We have seen an increase in employees sending sensitive information out of the network to external systems (primarily their home systems). While we are doing a good job of keeping the external threats out, we are not doing well at mitigating the internal risks.
Manuel Lopez, Security Engineer (IS Department)
I am a little concerned with the increase in zero-day malware being detected in the industry. While our critical systems are being protected with a solid antivirus program, I am worried about other threat vectors, including both internal and external entry points. We are in need of a security event log management tool that can help us consolidate and correlate event logs across the network, along with providing 24/7 security event monitoring and escalation services. It is overwhelming to track down every potential incident. I have also identified several rogue wireless LAN (WLAN) access points being established inside the organization. Once detected, we shut them down immediately. Unfortunately, we don't have the tools to identify all of them in a timely manner. In addition to an increase in workload (our team is becoming overwhelmed), the organization has approved a liberal work-from-home program, which will significantly increase our VPN management efforts. While this is only a pilot program now, it could be rolled out to a larger audience within the next 90 days. If this program expands beyond the pilot group, we will need to rethink our security policies, processes, and procedures for these remote employees because the organization will be exposed to new risks.
Allison Tanney, Director of Networks (IT Department)
I am aware of the increased focus on security and have asked my team to provide your team with the support needed to help identify and mitigate network-based risks. Please keep in mind that I am responsible for the day-to-day network operations for the organization and do not want any changes to impact our employees, customers, or vendors. Any and all changes to the network must be fully tested and approved by my team prior to being moved to the production environment. If changes will impact the productivity of our employees, the service to our customers, or the service level agreements (SLAs) with our vendors, we will need to brief the CIO on the impacts and provide him with a detailed risk-benefit assessment.
Worksheet for You Decide-Assignment #1
SEC572-Week 2 (40 points)
Scenario Summary
Please review the You Decide scenario summary again prior to answering the assignment question.
The scenario summary can be found in the You Decide section under Course Home.
Discussion Question: (40 points)
The CISO has a meeting with the CIO at the end of this week. He wants to discuss the organization's largest information security threat (external cyber attacks) and the steps we have taken to mitigate the risks associated with these threats.
Please provide a summary of the steps you can take to mitigate the risks associated with
• denial-of-service attacks (DoS);
• distributed denial-of-service attacks (DDoS);
• masquerading and IP spoofing;
• Smurf attacks;
• land.c attacks; and
• man-in-the-middle attacks.