Project Task (Week1-10)

.docx

School

Truman State University *

*We aren’t endorsed by this school

Course

367

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by Myhomeworksareuseless

Project Task (Week1) Your instructor is assigning you to a team. Over the term you and your teammates are to develop an information security program for an organization of your choosing. This organization can be real, such as an current organization where one of your team members is currently employed, or it can be a hypothetical organization. The information security program you design should include the security domains we cover in the course. (See the Final Project Template by clicking the link in the left navigation bar.) For example, this week you should begin your project by establishing the framework of information security policy that addresses governance, risk assessment policy and access control policy for the organization. Visit the SANS Institute to see excellent examples of information security policy examples and templates. In subsequent weeks you will add successive modules, such as access controls, telecommunications and network security, cryptography, and so on. In upcoming weeks, there are hands-on exercises that will help you gain a better understanding of passive reconnaissance, network security design, decrypting a hash, and a simulated pen test on your machine. At the end of the course your team will have developed an information security governance architecture to complement and protect your organization’s business architecture. Your team's document will be a minimum of 15 pages not including title and reference page and must also be submitted in proper APA format. Project Task (Week2) Perform a passive reconnaissance on your company using Google, its website, whois, and nslookup to find out the following: 1. Where the company is located Sullivan University Louisville KY 2. Who works there 500 FACULTY 3. What IP addresses comprise its network nslookup sullivan.edu 4. What its mail server IP is (nslookup is a tool you can use to find this information) nslookup mail.sullivan.edu 5. What is its URL and how many other sites link to it link:sullivan.edu You will incorporate your findings into the final project document. See the Final Project Template. Project Task (Week3) This week you and your team should design your information security organization, create an information security organization chart, and describe the roles and responsibilities of

your information security team. information Security Organization Chart: ° Chief Information Security Officer (CISO): ● Responsible for overseeing the entire information security program. ● Defines the information security strategy and ensures alignment with the university's goals. ● Reports directly to senior leadership and the board of directors. ° Information Security Manager: ● Manages the day-to-day operations of the information security team. ● Develops and implements security policies, procedures, and standards. ● Coordinates security awareness training and ensures compliance with regulations. ° Security Analysts (Team Lead and Members): ● Conduct regular security assessments, vulnerability assessments, and risk assessments. ● Monitor security systems and respond to security incidents and breaches. ● Assist in the development of incident response plans and business continuity plans. ° Network Security Engineer: ● Designs, implements, and maintains network security solutions. ● Configures and monitors firewalls, intrusion detection/prevention systems, and VPNs. ● Collaborates with other teams to ensure network security best practices. ° Application Security Engineer: ● Collaborates with software development teams to ensure secure coding practices. ● Conducts code reviews and vulnerability assessments for applications. ● Implements and maintains application security tools and technologies. ° Security Compliance Officer: ● Ensures the university's compliance with relevant regulations and standards. ● Develops and maintains security policies, procedures, and guidelines. ● Performs internal audits and risk assessments to assess compliance levels. ° Security Operations Center (SOC) Analysts:

● Monitor security events and incidents using SIEM tools. ● Respond to and investigate security alerts and incidents. ● Collaborate with other teams to mitigate threats and vulnerabilities. ° Identity and Access Management (IAM) Specialist: ● Manages user identities and access permissions across systems. ● Implements and maintains authentication and authorization solutions. ● Ensures proper access controls are in place and regularly reviewed. Roles and Responsibilities: ● CISO: The CISO is responsible for the overall strategic direction of the university's information security program, ensuring that security initiatives align with business goals and regulatory requirements. ● Information Security Manager: This role oversees the daily operations of the security team, develops security policies, and ensures the university's security posture is maintained. ● Security Analysts: These team members are responsible for assessing and monitoring security risks, identifying vulnerabilities, and responding to incidents to protect the university's data and systems. ● Network Security Engineer: This role focuses on securing the university's network infrastructure, implementing firewalls, and managing intrusion detection and prevention systems. ● Application Security Engineer: The application security engineer ensures that software applications are developed and maintained with strong security practices, minimizing the risk of vulnerabilities. ● Security Compliance Officer: This role ensures that the university adheres to relevant security regulations, standards, and internal policies. Internal audits and risk assessments are also part of their responsibilities. ● SOC Analysts: These analysts monitor and respond to security alerts, collaborating with other teams to investigate incidents and mitigate threats in real time. ● IAM Specialist: This specialist manages user identities and access permissions, maintaining a secure authentication and authorization system.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version