CYB400_Project_One_Security_Assy_Adrienne_Johnston

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

400

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by johnstondarcy

Report
Project One: Security Assessment Recommendations Cyb 400 Adrienne Johnston SNHU
Introduction Grey Matter has recently been acquired by BrainMeld, and all of its assets. Included in the acquisition would be Grey Matter’s network. Its current state has been found unsatisfactory for BrainMeld’s business goals. The new staff has created several reports that give insight to the safety of the current network configurations, and recommendations for change. Security Recommendations: Scheduled Maintenance One of the least complicated tools to assure a degree of safety is to implement scheduled maintenance of computing assets throughout an organization. This comes in the forms of software updates, computer maintenance, physically cleaning components, and replacing surge protectors at a predetermined interval. The server issues in their current state can allow for remote access by threat actors resulting in costly security issues to the company and its personnel. Issues such as malware, credential theft, keylogging, and many more. Software updates include anti-virus protection to shield from denial of service attacks, malware, botnets, and ransomware to name a few. Many applications that run on the company network will require updates, patches, or hotfixes in order to fix bugs, security holes, and streamline performance. Applications like the operating system, mail servers, networking hardware and software, servers, firewalls, databases, etc. The vulnerabilities discovered during BrainMeld’s initial audit should be sufficiently corrected by utilization of the above corrective, preventative, and risk-based actions. Security Recommendations: Policy Updates The weakest link in a sound security posture is usually the employees. This can result from levels of experience and/or training or even a threat actor within an organization. We can only
address the issues we have in our control, and well-crafted policies are a tool an organization can use to assure a level of compliance, averting security issues before they take hold. BrainMeld’s hygiene around password maintenance lack a degree regular management and the initial requirements do not meet the level of importance Grey Matter implements. An update will include the elevation of password creation guidelines including length,(min of eight, max of sixteen), special characters, (numbers, capitals, ect), and frequency at when passwords are changed, (45 days). Review of social engineering threats and how to be vigilant combating them. Identification of malware and how to address it will also be included as well as identifying key individuals throughout organization that can be used as a security issue resource should questions, comments, and concerns arise. Security Recommendations; Other The initial audit has revealed other security issues that must be addressed in a timely manner. Network ports are currently unmanaged and there are several that are open, allowing for compromise by threat actors. The recommendation is to assure all assigned ports are audited for account for any changes in use and updates. All open that are unassigned to any service also be audited and closed accordingly. One other issue discovered is expiration of several user end agreements connected to critical services are drawing near, resulting in a loss of critical technical support and updates. Vendor contracts need to be renegotiated as well as acquiring new software that is required to remain online and operational. This works in tandem with scheduled updates that need to happen at regular intervals. Implementation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
After the inventory and risks have been assessed, Grey Matter’s IT team will integrate with the remaining BrainMeld’s IT staff and develop a cogent plan of implementation to address all of the risks identified and actions needed to resolve those risks. Discussions with the separate departments to identify optimal times to update hardware and software components as well as discuss any underlying issues that need attention. Having the legal and IT departments initiate contact with our current asset vendors to renegotiate license user agreement contracts for services and acquire new components that fall short of that effort. Company-wide policies will be drafted to reflect modifications and changes to current services and requirements. Lastly, some form of meeting will be created to have with each department to present changes and address any questions employees may have.

Related Documents

Discussion6_1.docx
Practice Exam.docx
CJ 310 Module Four Journal Course Hero Upload.docx
Cancer Awareness Network Survey Results.pdf
Course Project Module 2 PowerPoint Template.pptx
CYB420_Projectonemilestone_SecConImpAss_Adrienne_Johnston.docx
CYB420_ProjectOne_stepstone_Adrienne_JohnstonFFFF.docx
CYB400_Presentation_Preview_Adrienne_Johnston.docx
Cyb400_Project_Two_Talking_Points.docx
CYB420_Project_Management_Adrienne_Johnston_FINAL.docx
Cyb400_Project_Two_Talking_Points_FINAL_Adrienne_Johnston.docx
QSO640_Final_Project_Adrienne_Johnston01.docx