CYB 420 4-2 Project 1 Anthony Velotti (1)

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

420

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by avelotti1592

Report
Project One CYB 420 ANTHONY VELOTTI
The ACME company is in the process of transitioning into a new market. This evolution will allow for ACME to pick up contracts with the federal government over the next seven years. A change of infrastructure is needed to grow external confidence in the organization’s security posture. Performing these assessments will allow for company leadership to plan for how they will meet future compliance and create a budget for the expense of new technology or processes that may need to be introduced. Looking to implement a multi-layer approach to security, I have been tasked as a security analyst to perform an assessment by referencing the inventory of organization hardware and the current organization infrastructure diagram which have been provided. Threat Assessment The assessment will focus on the threats of people, process, and technology. Within the risk domain of people, vulnerabilities that need to be addressed are access controls. Every employee needs access to the network with the mindset that the network remains secured from outside threats. Creating a unique username for all employees followed by a complex password for each employee will keep threat actors from easily accessing the network. In addition to usernames and passwords, following the principle of least privileged will keep employees from accessing data within the network that does not focus on their job duties. Least privilege access is used when configuring roles and permissions by restricting access rights to the minimum required for each user to perform their job (What is Least Privilege Access?, n.d.) The next vulnerability within the risk domain of people is the remote employees. Laptops can connect to public wi-fi which leaves the network open for an attack. Remote employees will need VPN on the laptops to connect to the internal server. The employees will have credentials with a complex password to access the network. This will prevent threat actors from accessing
the network through public wi-fi, adding the protection the network needs, and allowing for employees to remain remote. The process risk domain has vulnerabilities that need addressing. When entering the office, we can see the public record server is out in the open and easily accessible. There are two main concerns that can occur with the public record server out in the open. The data can be easily accessed, and the data can become corrupt. To solve this problem the public record server can be placed in the closet door locked. A secondary biometric screening can be performed to gain access to the server. This will secure all the data on the server preventing threat actors from accessing the data. The next risk domain in the process is how the network is designed. If a breach occurs within the network the threat actor can access any part of the network. It is important to segment the network. This aligns with the principle of least privileged, as the network will only allow access to the areas in which one needs to complete their job duties. If a password were to be stolen the threat actor can only access the information to which that individual employee had access to. Within the risk domain of technology, the vulnerabilities that need to be addressed are how the technology is connected and the lack of locked doors within the organization. Currently the first floor has three separate departments, each connected to a switch which is connected to the next switch until it reaches the main switch. This allows for each switch to communicate with each other allowing for complete access to the network. This leaves the door open on the network for risks for threats to occur. By segmenting each switch and having it connect directly to the main switch you are limiting the access if the network were to be accessed by a threat actor.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help