Project Task (Week1-10)

docx

School

Truman State University *

*We aren’t endorsed by this school

Course

367

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by Myhomeworksareuseless

Project Task (Week1) Your instructor is assigning you to a team. Over the term you and your teammates are to develop an information security program for an organization of your choosing. This organization can be real, such as an current organization where one of your team members is currently employed, or it can be a hypothetical organization. The information security program you design should include the security domains we cover in the course. (See the Final Project Template by clicking the link in the left navigation bar.) For example, this week you should begin your project by establishing the framework of information security policy that addresses governance, risk assessment policy and access control policy for the organization. Visit the SANS Institute to see excellent examples of information security policy examples and templates. In subsequent weeks you will add successive modules, such as access controls, telecommunications and network security, cryptography, and so on. In upcoming weeks, there are hands-on exercises that will help you gain a better understanding of passive reconnaissance, network security design, decrypting a hash, and a simulated pen test on your machine. At the end of the course your team will have developed an information security governance architecture to complement and protect your organization’s business architecture. Your team's document will be a minimum of 15 pages not including title and reference page and must also be submitted in proper APA format. Project Task (Week2) Perform a passive reconnaissance on your company using Google, its website, whois, and nslookup to find out the following: 1. Where the company is located Sullivan University Louisville KY 2. Who works there 500 FACULTY 3. What IP addresses comprise its network nslookup sullivan.edu 4. What its mail server IP is (nslookup is a tool you can use to find this information) nslookup mail.sullivan.edu 5. What is its URL and how many other sites link to it link:sullivan.edu You will incorporate your findings into the final project document. See the Final Project Template. Project Task (Week3) This week you and your team should design your information security organization, create an information security organization chart, and describe the roles and responsibilities of

your information security team. information Security Organization Chart: ° Chief Information Security Officer (CISO): ● Responsible for overseeing the entire information security program. ● Defines the information security strategy and ensures alignment with the university's goals. ● Reports directly to senior leadership and the board of directors. ° Information Security Manager: ● Manages the day-to-day operations of the information security team. ● Develops and implements security policies, procedures, and standards. ● Coordinates security awareness training and ensures compliance with regulations. ° Security Analysts (Team Lead and Members): ● Conduct regular security assessments, vulnerability assessments, and risk assessments. ● Monitor security systems and respond to security incidents and breaches. ● Assist in the development of incident response plans and business continuity plans. ° Network Security Engineer: ● Designs, implements, and maintains network security solutions. ● Configures and monitors firewalls, intrusion detection/prevention systems, and VPNs. ● Collaborates with other teams to ensure network security best practices. ° Application Security Engineer: ● Collaborates with software development teams to ensure secure coding practices. ● Conducts code reviews and vulnerability assessments for applications. ● Implements and maintains application security tools and technologies. ° Security Compliance Officer: ● Ensures the university's compliance with relevant regulations and standards. ● Develops and maintains security policies, procedures, and guidelines. ● Performs internal audits and risk assessments to assess compliance levels. ° Security Operations Center (SOC) Analysts:

● Monitor security events and incidents using SIEM tools. ● Respond to and investigate security alerts and incidents. ● Collaborate with other teams to mitigate threats and vulnerabilities. ° Identity and Access Management (IAM) Specialist: ● Manages user identities and access permissions across systems. ● Implements and maintains authentication and authorization solutions. ● Ensures proper access controls are in place and regularly reviewed. Roles and Responsibilities: ● CISO: The CISO is responsible for the overall strategic direction of the university's information security program, ensuring that security initiatives align with business goals and regulatory requirements. ● Information Security Manager: This role oversees the daily operations of the security team, develops security policies, and ensures the university's security posture is maintained. ● Security Analysts: These team members are responsible for assessing and monitoring security risks, identifying vulnerabilities, and responding to incidents to protect the university's data and systems. ● Network Security Engineer: This role focuses on securing the university's network infrastructure, implementing firewalls, and managing intrusion detection and prevention systems. ● Application Security Engineer: The application security engineer ensures that software applications are developed and maintained with strong security practices, minimizing the risk of vulnerabilities. ● Security Compliance Officer: This role ensures that the university adheres to relevant security regulations, standards, and internal policies. Internal audits and risk assessments are also part of their responsibilities. ● SOC Analysts: These analysts monitor and respond to security alerts, collaborating with other teams to investigate incidents and mitigate threats in real time. ● IAM Specialist: This specialist manages user identities and access permissions, maintaining a secure authentication and authorization system.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

By outlining these roles and responsibilities, you're setting the foundation for a robust information security team at Sullivan University. Remember to adapt the organization chart and role descriptions to fit the specific context of the university and the project's requirements. Project Task (Week 4) This week you and your team should design a business continuity plan and disaster recovery strategy to address contingency efforts designed to mitigate potential occurrences of minor to major disruptions. For example, your business continuity strategy can include your plans for data retention or your data back up plans. You can address your lines of communications with backup circuits or redundant power systems. You can also address the costs associated with a BCP as the costs are an ongoing operational expense. See the Final Project Template. Business Continuity Plan: Project Task(Week 5) Discuss the OSI model as a team to ensure each team member has a good basic understanding of the OSI model and networked systems, because next week you are to implement a network security policy. Also develop a Visio diagram of your network infrastructure along with your plans for perimeter defense such as firewalls, IDS/IPS, anti-virus servers, etc. You can also design internal defense measures such as virtual local area networks, access control list, and so on. Don’t be alarmed if you are not familiar with some of these terms. Do the best you can. Below is an example of what kind of Visio diagram you should develop.

Project Task (Week 6) This week consult with your team members and begin with your network security design. Discuss the types of devices to use to protect your perimeter, as well as your internal infrastructure. Write up 2 to 3 pages on this section, preferably with a network security image you developed last week, illustrating how you are going to protect your network infrastructure with security technology. Project Task (Week 7) This week begins to design the cryptographic policy for your organization. For example, will your encryption methods be symmetric or asymmetric? Will you design a public key infrastructure for your organization? What is your policy for data at rest and data in motion? Do both instances require encryption? See the Final Project Template. For hands-on practice, go to the website md5decrypter and decrypt the following. Be

sure to follow the instructions or you will not be able to decrypt the hashes: 5f4dcc3b5aa765d61d8327deb882cf99 – MD5 200ceb26807d6bf99fd6f4f0d1ca54d4 – MD5 a2345375a47a92754e2505132aca194b – NTLM ab31fef2cb48c49fb8b94021378dec74 - MDS Then go to the Nmap Online Scanner and generate a report for your PC. Project Task (Week 8) Get together with your teammates and add to your overall information security policy by discussing your physical security procedures, guidelines, and requirements. For example, what is your policy upon entering your data center? Should people have electronic access that requires a special badge, or do you allow free entry? Project Task (Week 9) Get with your team members and discuss your plan and strategy for your security operations. You need to come up with the standards, procedures, and guidelines that your security operations team will implement and practice. Next week, we add the final components to your project, which are legal compliance, assurance, and forensics. Project Task (WEEK 10) This week, add your compliance policy, your incident response procedures and planning, forensics, and your legal policy. You do not have to address your legal policy in depth. You simply need a broad overview. See the Final Project Template.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version