sbuckle9_cybr7930_SecurityOperationDesign_Final

pdf

School

Kennesaw State University *

*We aren’t endorsed by this school

Course

7930

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

15

Uploaded by BarristerElectron6962

Report
Security Operations Design Shanell Buckley 1 ______________________________________________ Memorandum ______________________________________________ To: Evan Battaglia, CISO; and Executive Security team From: Shanell Buckley, Security Consultant Subject: Security Operations Design Date: December 3, 2023 ---------------------------------------------------------------------------------------------------------- Good evening IT Security team, An outline of the security operations being carried out within DHHI (Diamond Hands Holdings Inc,) now and in the future will be discussed in this memorandum. When we last converse, I provided you with a detailed security service plan which I have now taken and complied into this presentation for you all. The most crucial factor I request is that we all remain open- minded about the ideas presented. I am always open to suggestions and opinions on the presentation. Following the Table of Contents section, I will provide more detailed focus on the Improvement Program, Finances, Master Security Run Book, and the operation's details. Sincerely, Shanell Buckley Security Consultant
Security Operations Design Shanell Buckley 1 A report prepared in partial completion of The CYBR 7930 Capstone course. Security Operations Program Shanell Buckley December 3, 2023
Security Operations Design Shanell Buckley 1 Table of Contents Executive Summary .............................................. .................................................. 4 Problem Statement … .............................................. .................................................. 4 Scope ......................................................................................................................... 4 Current Security Operations ....................................................................................... 5 Physical Security ............................................. ................................................... 5 Identity Access and Prevention Control ................................................................ 5 User Access (Active Directory Services) ............. ................................................. 5 Intrusion Detection and Protection Systems ......................................................... 5 Incident Response (Cyber Defense Splunk SIEM) .................................................. 5 IOT Service Search Engine .................................................................................... 6 Cyber Defense ....................................................................................................... 6 Intended Security Services ...................................... ................................................. 6 Risk Management ........................................................................................................... 6 Vulnerability Mangement .............................................................................................. 7 SIEM Tools ................................ .................................................................................. 8 Disaster Recovery Planning ........................................................ ................................. 8 Remote Monitoring & Management ................ ............................................................ 9 Budget ......................................................................... .......................................... 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations Design Shanell Buckley 1 Improvement Program .............................................................................................. 10 Master Security Run Book .......................................................................................... 11 Risk Management ............................................................................................................. 11 Vulnerability Management ................................. .............................................. 11 SIEM Tools ............................................................................................................. 11 Remote Monitoring & Management .................. ............................................... 11 Conclusion ................................................................................................................ 12 References ................................................................. ............................................. 13 Executive Summary The main objective of Diamond Hands Holding Inc is to provide dependable and secure services to our current and future clients. DHHI intends to assure its customers that all their information will be confidential and remain out of access to those who abuse it, disclosing confidential information to harm victims. Our foundation within the business primary focus is to ensure security and integrity. The main goal of protection is to protect those who are unable to defend themselves. Although DHHI is a smaller business, we provide exceptional service. To carry out our planned intentions as a leading business in the Atlanta region, this document will provide our budget, current security plans, future security plans and a detailed list of measures pertinent to security operations. Problem Statement We here at DHHI do not aspire to be an imperfect business. We foresee both errors and efforts to compromise our security. This is how we execute a plan to become ready, and the initial step is to put in place a security operation and strategy that we can refer to in an emergency. Technology is ever-changing and always evolving quickly, and it is imperative to be up to date on the latest techniques and threats. DHHI will not decide to become a victim within this sector of business. Some business never recovers after dealing with a threat assault, the security procedure outline within this article will ensure that does not occur to you.
Security Operations Design Shanell Buckley 1 Scope This security measure will protect the entire organization. It is strongly advised that all employees are mandated to read this material regardless of title or rank. The primary goal is to achieve the knowledge DHHI is distinguished for. The material will provide us with the information we need, which is beyond the surface and not visible to the unaided eye. We are analyzing closely any security incidents that would otherwise go unnoticed. Also, we are considering our anticipated financial profit to increase within the new five years and plan to have the necessary budget. We strongly encourage to put innovative concepts regarding disaster recovery, incident response and access control into practice with others and make them a better fit for our clients here at DHHI. Currently DHHI is more invested in physical security rather than just sole security systems, hardware, and software. Our profit should not be projected in that manner, we need to add more detailed focus on cybersecurity. I highly encourage that we begin to improve and implement new innovative ideas about incident response, access control and disaster recoveries as well for the better benefits of our employees and clients here at DHHI. Current Security Operations Throughout this part you will locate the current security operations in effect at DHHI. The following is a list of systems that our organizations hold standard to neutralize threats and any malicious intent from external factors. We will provide clear clarification for each operation and its interaction within our services. Physical Security Our physical security server room is guarded around the clock by an armed security officer and is only accessible by badge. The equipment linked to our local fire department operates autonomously to manage an emergency circumstance. Ventilation, climate control, drainage, and a fire resilient system are all included to overcome any emergency. Identity Access and Prevention Control Before accessing DHHI network and confidential data, our users must authenticate themselves in accordance with our organization's security measures. Active directories and control software are included. These operate to grant consumers access to systems based upon their necessity and to establish connections for timing access. Cyber Defense Active Directory was utilized by DHHI for virtual functions. The IAM tool is used for access management to
Security Operations Design Shanell Buckley 1 authenticate user credentials. The system sets up parameters, provision access for servers that are on rack 2. User Access (Active Directory Service) DHHI employs Active Directory Service to manage drives, account privileges, storage, users, authentication, and perform additional network administration duties. Access control and configuring the parameters for servers located in rack 3 are all mandatory tasks. Intrusion Detection and Prevention Systems Intrusion intelligence analyzed evidence past the cybersecurity breaches to avoid attempts to compromise our system similarly. In addition, we employe proprietary antivirus software system to protect against all malicious software, DHHI utilizes the services of Microsoft Cyber Defense Protection Office to investigate and monitor email borne threats to the organization. Incident Response (Cyber Defense Splunk SIEM) Preparations are made to coordinate incident response, triage, and contingency planning if DHHI is the target of a cyber-attack. The process of incident response, triage and contingency planning encompasses DHHI remediation initiatives, response to attacks and how the contingency plans to ensure business continuity is not interrupted in the event of an incident occurring. To protect the organization, we utilize the security operation incident response and occurrences to analyst (Cyber Triage and Forensics). IOT Service Search Engine (Shodan) The search engine utilized by DHHI to locate any internet connected devices. Our IT department can also utilize this valuable vulnerability assessment tool to locate compromised IoT devices by implementing the filters. Cyber Defense DHHI has a respectable array of protocols in place to ensure that the organization adheres to many standards. DHHI employs recruit consultants who abide to California State laws, HIPAA, the US Federal Environment, and general data protection regulations. DHHI also employs supervision to ensure compliance with all legal obligations. Intended Security Operation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations Design Shanell Buckley 1 In this section of the security operations document we will prepare to have a budget proposal shortly after implementing some security infrastructure enhancements. It is quite imperative that we keep in mind that our revenue cannot be considered until it is re-invested in our enhanced security operation system. The novel procedures are amendable to refinement, per the period specified within this document. This will help facilitate the expansion of DHHI’s scope. Several of the proposed modifications will be derived from the NIST Special Publications. The modifications to DHHI’s security procedure to improve programming software are outlined in this section. Our goal is to ensure customers' assets are securely protected and allow the business to develop. Risk Management Determining and tracking the amount of risk that DHHI takes on within its technology and human resources is a critical aspect. To ensure that the company's risk appetite is appropriate for DHHI to comprehend we ensure that all threats, vulnerabilities, and potential consequences are compatible with what DHHI can facilitate. Knowing this can also help DHHI compose how to reduce the potential risk and what kind of controls to implement to ensure all risks are assessed continuously. Figure A below shows a representation of how a risk can be assessed and performed so that DHHI can decide on present and future assets with confidence. Figure A
Security Operations Design Shanell Buckley 1 Vulnerability Mangement DHHI could utilize some decent vulnerability management in addition to our other software flaws. This type of risk management involves continuously identifying, prioritizing, and resolving problems pertaining to security vulnerabilities in organizations like DHHI. Vulnerability assessments should be used by DHHI to evaluate the degree of security or lack thereof in our operating systems. These range in a conspicuous number of tests that must be performed routinely weekly or annual. While we will conduct smaller scans that can present the status of our system, we will conduct our larger scans at a less frequent rate. Below in Figure B you will locate the lifecycle for testing DHHI vulnerabilities and how the process is if infiltrated. The results will be ranked in order of importance so that the organization has knowledge of which ones should be addressed initially and in order of potential consequence if not secured.
Security Operations Design Shanell Buckley 1 SIEM Tools(s) (Witfoo Precinct) Witfoo offers a small business the automation that larger ones do, so DHHI may use it to save time and money. Witfoo offers solutions to save time and money. Witfoo provides solutions and feedback while actively scanning the operation systems for dangers. Additionally, DHHI plans to provide updates for antivirus programs. There is always room for improvement within the identification and removal of vulnerabilities. For network-wide monitoring and alerting DHHI requires large data platform SIEM solution, as mentioned previously in the security service plan. This is a very reasonable price for a tiny company to observe in real time as our data stack is examined and presents the opportunity to respond back to cyber threats. Disaster Recovery Planning Other than the server room, which is fire resistant technology, DHHI does not appear to have any failsafe's that would allow infiltration to quickly recover in the situation of another pandemic occurring. This will provide evidence that in any unforeseen circumstance or natural disaster we are overly prepared to move the company in any direction that best benefits. DHHI will be prepared to promptly resume all business operations in a crisis. The disaster recovery plan will be utilized to assist DHHI in identifying its top priorities and implying a strategy to mitigate the potential risk. An offsite work location will be considered in the disaster recovery strategy as well. If the natural disaster affects the work area.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations Design Shanell Buckley 1 Remote Monitoring and Managing This involved installing an agent on every device used by employees including workstation, servers, laptops, tablets, and mobile devices. By doing this, the personnel are then discouraged from visiting websites that pose a security risk to DHHI and its clients. It is not permitted for the agent footprint to be installed on any personal devices. The monitors will only be located on devices that are company issued and utilized for company business operations.
Security Operations Design Shanell Buckley 1 Budget An extensive list of recently added or planned future DHHI operations will be shown below. The expenses will be divided into the following categories in the security operations column: The platform yearly cost, the cost of round-the-clock customer care support and the cost of in- person instruction. Security Operation Annual Cost Estimate Total Cost per security operation Threat Intelligence $24,000 Training $4,500 Witfoo 18,050 Risk Managment $59,000.00 Risk Assessment Platform $25,000 Training $6,0000 Risk Management Services $28,000 Vulnerability Management $39,0000 Remediation Budget $10,000 Training $4,0000 Vulnerability Management Platform $25,000 Disaster Recovery Offsite work area $40,0000 $111,0000 Alternative equipment $30,0000 training $5,000 Data center $36,000 Total $233,000 Improvement Program The purpose of the improvement plan is to provide directions on how DHHI will enhance its security protocols. This course will provide information on the framework you need to utilize these security operations in a successful manner. It will specify who oversees what responsibilities when the transition is scheduled to begin and what deadlines are mandatory to
Security Operations Design Shanell Buckley 1 be met. It is imperative that operations should be completed first highly ranked on the list, and the lower ranked operations are still crucial but do not require frequent implementation updates. Master Run Book The master security runbook provides an outline of the security operation that should be implemented to and performed within all DHHI employees. Risk Management Identify risk that DHHI faces and assess their potential impact and level of security Compose an action plan to execute risk response Analyze business operations and the financial growth, clients, stokeholds and employees Vulnerability Mangement Train and create vulnerability management team efficiently Determine which tools are best to purchase for DHHI to utilize Run vulnerability test Immediately address any vulnerability concerns SIEMS Tools (Witfoo Precinct) Determine which package benefits DHHI best Implement adequate Witfoo training sessions Implement software to determine where DHHI experience system operation vulnerabilities Disaster Recovery Plan Create and implement a disaster recovery team Orchestrate an effective disaster recovery plan Frequently test the plan to ensure its functionality and visibility Remote Monitoring and Mangement Monitor all employees using any company issued devices Ensure the company provided devises have the most recent software updates and that they are regularly updated Notate all findings in the system logs Conclusion
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Operations Design Shanell Buckley 1 The security operation design plan outlines DHHI operations that will soon occur. The company's security will be improved by the security operations. These exceedingly small infrastructure modifications will increase our financial growth and probability expectations. The estimated cost of $233,000 and over the first couple of years of operation there is room for potential revenue growth of several million dollars. It is obvious that DHHI will continue to be a top business soon, and it has an endless amount of potential.
Security Operations Design Shanell Buckley 1
Security Operations Design Shanell Buckley 1 References Mell, Peter, et al. “The Common Vulnerability Scoring System (CVSS) and Its ... - NIST.” Nvlpubs.nist.gov, Aug. 2007, https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7435.pdf . Kuenzli, S. (2020, February 13). Assessing and Managing Information Security Risks - #NoDrama DevOps. #NoDrama DevOps. https://nodramadevops.com/2020/01/assessing- and-managing-information-security-risks/ What is vulnerability management? rapid7 experts explain the process. Rapid7. (n.d.). Retrieved April 16, 2023, from https://www.rapid7.com/fundamentals/vulnerability- management-and- scanning/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

1-4 Journal Introduction to Power BI and Reporting.docx
Lab 8 Snort_Student22-1 (1).docx
2-2 Journal Extract, Transform and Load Data (ETL).docx
05 Answer Sheet - Analysis Using GBI Pt1Morgan Rios.docx
sbuckle9_cybr7930_homewrk2_siem.pdf
PLC.docx
sbuckle9_cybr7930_serviceplan.pdf
4-1 Entrepreneurial Approaches.docx
CSCI501 Quiz_Security Operations.pdf
Assignment 1.docx
Lab 10 Instructions.docx
Assignment2.docx