Week 8 Case Study

docx

School

American Military University *

*We aren’t endorsed by this school

Course

421

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

8

Uploaded by ocasio703

Report
Miguel Ocasio Case Study American Military University ISSC421 Dr. Shoraka
1.0 Introduction With over a decade of dedicated service in the U.S. Army, including seven years in leadership roles mentoring multiple soldiers, I bring a wealth of experience and expertise to the fields of cybersecurity and information technology. In my last occupation as an Information System Security Officer (ISSO), system administrator, and supervisor, I led a team of five IT technicians, overseeing the seamless provision of services to more than 1600 users across Fort Leavenworth. My background spans customer service, information technology, cybersecurity, and radio operations, reflecting a versatile skill set. I am committed to continuous learning and skill enhancement in the dynamic realm of cybersecurity. Holding an active secret clearance, Security+ certification, and an Associate of Science in Computer Technology. It is my pleasure to present this comprehensive report as a seasoned professional with a background in military network security. I have thoroughly assessed our network security over the past 30 days and made recommendations to strengthen our defenses.
2.0 Overview of Network Security Fundamentals, Security Threats, and Issues 2.1 Importance of Network Security Our organization's sensitive data is protected through network security, especially since credit card transactions are processed daily. In addition to affecting our reputation, a breach could negatively affect our financial stability as well (Barney & Lutkevich, 2022). 2.2 Common Security Threats Our organization faces a variety of security threats, including malware, phishing attacks, and unauthorized access attempts. It is crucial to understand these threats in order to implement effective countermeasures. Malware can exploit vulnerabilities, while phishing attacks are designed to trick our employees into divulging sensitive information. Data breaches can occur as a result of unauthorized access(Barney & Lutkevich, 2022). 2.3 Regulatory Compliance Compliance with regulatory standards is not just a legal requirement, but also an essential part of building customer trust. Standards such as PCI DSS (Payment Card Industry Data Security Standard) must be adhered to. Both our customers and the business are protected by compliance(CIS, 2021). 2.4 Employee Training The key to preventing human-related security risks is to educate our staff. Keeping passwords safe, identifying phishing attempts, and maintaining good security practices can significantly reduce cyberattack success rates. An organization's security culture must be built on staff awareness(CIS, 2021).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3.0 Detailed Network Security Recommendations 3.1 Firewall Solutions 3.1.1 Firewall Types Stateful inspection firewalls and application-layer firewalls are recommended as part of our network security strategy. The stateful inspection firewall monitors and manages active connections, while the application-layer firewall controls specific applications, providing a multi-layered defense against different threats(Lassen, 2021). 3.1.2 Configuration Guidelines Firewalls should be configured with a focus on preventing unauthorized access. Implement access control lists (ACLs), allowing only needed traffic and blocking possible threats. Adapt rule sets regularly to emerging threats and vulnerabilities(Lassen, 2021). 3.1.3 Intrusion Detection/Prevention Systems Enhance real-time monitoring and response capabilities by integrating intrusion detection/prevention systems. In these systems, network and system activities are analyzed, malicious behavior is identified, and potential security incidents are automatically prevented by automatically responding(Lightedge, 2021).
3.2 VPN Solutions 3.2.1 Types of VPNs In order to ensure secure remote access, a robust VPN solution is recommended. We are able to securely connect remote users to our internal network from anywhere, ensuring the integrity and confidentiality of data in transit(Gillis, 2021). 3.2.2 Encryption Protocols Use strong encryption protocols, such as Advanced Encryption Standard (AES), for VPN connections. As a result, sensitive information remains confidential during transmission, preventing unauthorized access and eavesdropping(Gillis, 2021). 3.2.3 User Authentication A strong user authentication mechanism is needed to ensure VPN connections are secure, including multi-factor authentication (MFA). Even if credentials are compromised, MFA requires an additional authentication factor.
4.0 Important Practices As a result, the proposed network security enhancements are not only intended to address immediate needs, but also to build a foundation for long-term security. We will be able to significantly strengthen our defense against cyber threats by combining robust firewall solutions and VPN solutions with continuous monitoring and adaptive security practices. Continuous security audits, employee awareness programs, and integrating emerging technologies are critical to ensuring the sustainability of these security measures. Implementing these recommendations will position our organization as a leader in cybersecurity, ensuring our customers' and stakeholders' security.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References: Barney, N., & Lutkevich, B. (2022, October 5). What is network security? definition, importance and types: TechTarget . Networking. https://www.techtarget.com/searchnetworking/definition/network-security CIS. (2021, December 1). Cybersecurity threats . https://www.cisecurity.org/cybersecurity- threats? sc_camp=E75CA9820487484196ECEA5A7C9379E1&gad_source=1&gclid=Cj0KCQiAh omtBhDgARIsABcaYymqNxsD_kICbRqFKn5rQXtiR8HKoVUqbS3jNc3NlaNOveBJE9i zCXsaAmb5EALw_wcB Duffy, M. (2019, September 10). Importance of Network Security: Safety in the Digital World. https://www.ecpi.edu/blog/importance-of-network-security-safety-in-the-digital-world Gillis, A. S. (2021, September 17). What is a VPN? definition from searchnetworking . Networking. https://www.techtarget.com/searchnetworking/definition/virtual-private- network Lassen, A. (2021, January 19). The 5 different types of firewalls explained . Security. https://www.techtarget.com/searchsecurity/feature/The-five-different-types-of-firewalls Lightedge. (2021, February 1). Network security threats and how to prevent them: LightEdge . LightEdge Solutions. https://www.lightedge.com/blog/top-network-security-threats-and- how-to-prevent-them/? gclid=Cj0KCQiAhomtBhDgARIsABcaYymWqW5rZ1GVqMZUgoj7t9U5xzBJPiUQ6TY fDy0-xxxb_t0_iYjaL20aAuuTEALw_wcB Mass. (n.d.). Know the types of cyber threats . Mass.gov. https://www.mass.gov/info-details/know-the-types-of-cyber-threats NIST. (2018, April 3). Guidelines on firewalls and firewall policy - govinfo . Guidelines on Firewalls and Firewall Policy . https://www.govinfo.gov/content/pkg/GOVPUB-C13- f52fdee3827e2f5d903fa8b4b66d4855/pdf/GOVPUB-C13- f52fdee3827e2f5d903fa8b4b66d4855.pdf

Related Documents

Quiz 12 All Correct.docx
Quiz 6.docx
CS123A_Module_2_Week_4_Weekly_Feedback.docx
Chapter9QuestionsEdu271J.Sharma.docx
Corporate Infrastructure Part 4 IP ADDRESSING.docx
Ocasio_Assignment #2.docx
Ocasio_Assignment #8.docx
ITMG Term Paper.docx
VulnerabilityManagementProcessMemorandumTEMPLATE.docx
M06 quiz.docx
Ricki Gageby-AT&T risk assessment.docx
CYB_300_Milestone_Three_Worksheet_SG.docx