2173 Salk Avenue, Suite 250 Carlsbad, CA

support@assignmentprep.info

Scenario: You’ve been appointed as a security professional to head a team respon

April 24, 2024

Scenario:
You’ve been appointed as a security professional to head a team responsible for evaluating the current security measures of a chosen company. Your objective is to recommend enhancements and create a thorough information security program in accordance with ISO 27001 standards. Choose one of the five company types provided below and tailor your analysis and improvement proposals to the specific characteristics, business domain, and unique requirements of the selected company.
Company A: Tech Startup Expansion. The company is expanding rapidly, and with more data and users, there are concerns about data breaches and intellectual property theft.
CompanyB: Healthcare Provider with sensitive patient information. The organization needs to comply with strict healthcare data regulations and ensure the security and privacy of patient records.
**Company C: **Financial Institution handling sensitive financial data. The company has faced recent cyber threats, and there’s a need to enhance security measures to protect client financial information.
Company D: A large e-commerce platform with vast customer data. The company faces constant cyber threats, and there’s a need to strengthen security to ensure customer trust and prevent data breaches.
**Company E: **An international consulting firm with confidential client information. The company deals with diverse clients worldwide, and there’s a need to create a robust security program to safeguard client confidentiality.
Assumptions:
You may assume the following about the current security posture of the selected company above:
There is a lack of emphasis on cybersecurity, a lack of a comprehensive security program in the selected company.
For each option, assess the company’s assets and its existing IT infrastructure as outlined below to identify potential vulnerabilities and areas that require immediate attention.
Company assets may include:
a. Intellectual Property (IP): Company has developed several proprietary software products and holds valuable source code, algorithms, and trade secrets, valued at $5 million.
b. Customer Data: The company stores personally identifiable information (PII), purchase histories, and contact details, valued at $2 million.
c. Financial data, and confidential business information of its clients. This data is vital to the company’s operations and requires adequate protection with an estimated value of $1 million.
d. Hardware Assets: Company possesses a range of hardware assets, including desktop computers, laptops, servers, networking devices (routers, switches), and peripherals with a combined value of $10 million.
e. Software Assets: The company uses various licensed software applications, including development tools, project management software, collaboration tools, and productivity suites, valued at $2 million.
f. Raw Materials: The company holds a stock of raw materials, including metals, plastics, and electronic components, valued at $3 million. g. Finished Products: Completed machinery awaiting shipment or installation, with an estimated value of $6 million.
Existing Infrastructure: assume each company invested in technologies and IT infrastructure that serves the company’s operational needs. However, it lacks proper security controls and policies. The IT infrastructure may include:
Network Infrastructure: A wired and wireless network that interconnects all office devices.
a. Internet Connectivity: The company has a high-speed internet connection to facilitate communication and online services.
b. Servers and Storage:
I. Application Servers: Multiple servers running critical software applications, including web servers, database servers, and version control systems.
II. File Servers: Centralized storage for documents, software code, and other important files shared among employees.
End-User Devices: Standard desktop systems running Windows operating system, Laptops for remote work and business travel, A mix of company-issued and personally-owned smartphones and tablets used for business purposes.
Current Security Measures:
a.** Firewall:** A basic firewall is in place to filter incoming and outgoing network traffic.
b. Antivirus Software: Each desktop and laptop have a basic antivirus solution installed.
c. Virtual Private Network (VPN): No company-wide VPN is implemented, leaving remote connections less secure.
d. Authentication: The company uses simple username and password authentication for various systems.
e. Data Backup and Recovery: Data backups are performed irregularly on external hard drives stored on-site. No off-site backup strategy is currently in place.
f. Access Control: The company uses simple username and password authentication for various systems. User accounts are created for each employee, but the password complexity and expiration policies are not enforced. Access rights to various resources are loosely defined and not regularly reviewed.
g. Incident Response and Monitoring: Limited logging and monitoring capabilities exist, with no central system for aggregating and analyzing logs. No formal plan is in place to guide the company’s response to security incidents.
h. Encryption and KPI: There is no system wide use of encryption in company communications or exchange of company emails.
Project Requirements:
You are tasked to build a security program for the selected company that includes the following elements/components. Perform the following tasks with respect to the selected company:
Initial Security Analysis: Perform a thorough analysis of the selected company current security infrastructure, policies, strategies, and procedures. Identify at least three weaknesses, vulnerabilities, and potential risks. Evaluate the existing security controls and their effectiveness. Evaluate the effectiveness of current security controls and strategies (e.g., cryptographic algorithms), if they exist. Make sure to include administrative/physical/logical controls in your analysis.
Risk Assessment: Perform a risk assessment statistical technique to prioritize security threats based on their potential impact and likelihood. Develop a risk management plan that outlines strategies for mitigating identified risks.
Improvement Suggestions: Based on the analysis, propose specific improvements and recommendations for addressing identified vulnerabilities. Prioritize suggested improvements based on risk severity and potential impact. Consider both technical and non-technical aspects of security.
Technology Recommendations: Suggest specific security technologies and tools that can enhance the organization’s defense mechanisms. Justify your recommendations based on the identified threats and vulnerabilities. Investigate 2 new security tools that you recommend the company use to enhance its security posture. You need to demonstrate how to use each tool by providing screenshots explaining how each tool is used.
Information Security Program Development: Develop an Information Security Program tailored to the selected company needs. Include policies, procedures, and guidelines for data protection, access control, incident response, and more. The program shall address the following components:
a. Policy and Procedure Development: Create comprehensive security policies and procedures tailored to the organization’s needs. Minimum requirements is to develop a system-specific p[policy and issue-specific policy that also include guidelines for data protection, access controls, incident response, and employee training.
b. Training and Awareness Program: Develop a training and awareness program for employees to ensure they understand and adhere to the new security measures. Consider the following as components of SETA (Social Engineering attacks, Phishing Attacks, Web Safety).
c. Monitoring and Incident Response Plan: Design a robust monitoring system for detecting and responding to security incidents promptly. Develop an incident response plan outlining the steps to be taken in case of a security breach like (data theft, DDoS attack, and Natural disaster).
d. GRC and Laws/Regulations: Devise how GRC and data protection laws in UAE can be used to support company program compliance with ISO 27001 and data protection laws of UAE.
6. Implementation Plan: Create a phased implementation plan for deploying proposed improvements and the information security program. Include timelines, resource requirements, and responsibilities for each phase.
**7. Continuous Improvement for the program: **Explain how the Plan-DO-Check-Act cycle can be used to continuously improve the security program of the company.
8. Peer feedback and constructive criticism. Highlight the key challenges faced and solutions implemented.

References in APA style

Deliverables:
Students will deliver the following:
Primary resource: A full PDF report that addresses the above requirements (use this template: https://docs.google.com/document/d/1NLQJ1VJC-sRB9l91L14L4d24-pxf-Wne/edit).
Secondary Resource: Additional Appendices as needed (source code, excel sheets, description of any security tools you have used, what is it used for, and how to use it along with screenshots from each tool to demonstrate it).
Academic Integrity /disclaimer:
Group must confirm that the work submitted for the assignment is entirely their own and no use for artificial intelligence (AI) tools or any other unauthorized means to generate answers or complete any part of this assignment. Any violation of academic honesty policies may result in disciplinary action, including but not limited to, a failing grade for the assignment or the entire course.
Project Key Assessment Criteria:
The project will mainly be assessed along the below elements:
Thoroughness of the initial security analysis.
Effectiveness and feasibility of improvement suggestions.
Completeness and relevance of the information security program.
Clarity and practicality of the implementation plan.
Creativity and engagement in the training and awareness program.
Thoughtfulness in the monitoring and incident response plan.
Compliance with ISO 27001 standard
Compliance with laws and regulations as mandated by UAE official bodies for data protection
Policy and Procedure Development.

Struggling With a Similar Paper? Get Reliable Help Now.

Delivered on time. Plagiarism-free. Good Grades.

What is this?

It’s a homework service designed by a team of 23 writers based in Carlsbad, CA with one specific goal – to help students just like you complete their assignments on time and get good grades!

Why do you do it?

Because getting a degree is hard these days! With many students being forced to juggle between demanding careers, family life and a rigorous academic schedule. Having a helping hand from time to time goes a long way in making sure you get to the finish line with your sanity intact!

How does it work?

You have an assignment you need help with. Instead of struggling on this alone, you give us your assignment instructions, we select a team of 2 writers to work on your paper, after it’s done we send it to you via email.

What kind of writer will work on my paper?

Our support team will assign your paper to a team of 2 writers with a background in your degree – For example, if you have a nursing paper we will select a team with a nursing background. The main writer will handle the research and writing part while the second writer will proof the paper for grammar, formatting & referencing mistakes if any.

Our team is comprised of native English speakers working exclusively from the United States. 

Will the paper be original?

Yes! It will be just as if you wrote the paper yourself! Completely original, written from your scratch following your specific instructions.

Is it free?

No, it’s a paid service. You pay for someone to work on your assignment for you.

Is it legit? Can I trust you?

Completely legit, backed by an iron-clad money back guarantee. We’ve been doing this since 2007 – helping students like you get through college.

Will you deliver it on time?

Absolutely! We understand you have a really tight deadline and you need this delivered a few hours before your deadline so you can look at it before turning it in.

Can you get me a good grade? It’s my final project and I need a good grade.

Yes! We only pick projects where we are sure we’ll deliver good grades.

What do you need to get started on my paper?

* The full assignment instructions as they appear on your school account.

* If a Grading Rubric is present, make sure to attach it.

* Include any special announcements or emails you might have gotten from your Professor pertaining to this assignment.

* Any templates or additional files required to complete the assignment.

How do I place an order?

You can do so through our custom order page here or you can talk to our live chat team and they’ll guide you on how to do this.

How will I receive my paper?

We will send it to your email. Please make sure to provide us with your best email – we’ll be using this to communicate to you throughout the whole process.

Getting Your Paper Today is as Simple as ABC

No more missed deadlines! No more late points deductions!

}

You give us your assignments instructions via email or through our order page.

Our support team selects a qualified writing team of 2 writers for you.

l

In under 5 minutes after you place your order, research & writing begins.

Complete paper is delivered to your email before your deadline is up.

Want A Good Grade?

Get a professional writer who has worked on a similar assignment to do this paper for you