Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You are the security manager for a mid-sized company (3,000 to 5,000 employees).

ID: 3818286 • Letter: Y

Question

You are the security manager for a mid-sized company (3,000 to 5,000 employees). Your company has determined that confidentiality (or privacy) and data integrity are the security services you must provide to your work force. 10% of the work force handles company sensitive information, which requires additional security protection. The remainder of the work force must also protect their data, but not to the same level of protection or assurance.

Your assignment is to review a software / hardware security solution and recommend the type of certificate(s) needed for your workforce. Provide a rationale with your recommendation. As the security manager, you also need to ensure cost is kept to a minimum. Even though the information you may find does not include cost information, you can find cost data on the Internet or estimate a value. Additionally, you need to identify the security challenges of implementing a solution, as well as the security features provided by this solution.

Do not go completely in depth about the solution I want maybe a few paragraphs about what software and hardware you would use and the benefits of those choices. I would also like to see what skills/certifications you would want for your workforce, and finally the costs and challenges associated with implementing your solution.

Explanation / Answer

Protecting Sensitive Data:

1. Access should be provided on need to know basis only.

2. All the sensitive data should be secured using cryptographic techniques such as encryption and proper key management.

3. If data is been stored on Cloud it should be protected and unreachable for unauthorized users.

Software/Hardware Solution to be implemented:

Implement physical security - restricted access to the sensitive data.

Implement access control on the basis of business need to know.

Firewalls,antivirus,IDS,IPS should be implemented and updated with regular patches.

Align your work with various security standards which would ensure extra security and also proof read as a third party assessment.

Use various pen test techniques and assessments to check for the vulnerabilities in your system and how can they be exploited. You can protect your system based on the findings and accordingly the controls can be implemented.

Regular Audits to be help to assess various risk to your assets and how to control them.

Implement proper Business Continuity plan and Disaster Recovery Plan

Skills Needed for Workforce:

1. Trained on information security and must be aware of CIA principle and its importance.

2. Workforce should comprise of resources with knowledge in various domains of security including few with an expertise in those domains.

3. A group of resources should be trained and skilled in network security, a group to handle security assessments and audits, people should have a in depth knowledge on cloud security as most of the data is being stored on cloud.

4. A group of pen testers to determine the loopholes in various companies’ application and solutions.

Benefits of having above skills:

1. You will be ready for a security event and in case any such event arises, you are ready for the consequences.

2. Security solution will be implementing in such a way to prevent a security breach, if it happens to detect it at the earliest possible.

3. Regular audits and monitoring will overcome the vulnerabilities by implementing the controls on time.

Certificates required will be:

1. Certified Ethical Hacker

2. Certified Information Security Auditor

3. Licensed Penetration tester

4. Certified security Testing Associate

5. Certified in Risk and Information Systems Control

6. System Security Certified Practitioner

Challenges and Cost:

It is said -"If you spend more on coffee than on IT security, you will be hacked"

Internet Data-

66 percent test less than 25 percent of these applications are vulnerable

62 percent cited data protection as impetus for Web app security

51 percent cited compliance as the top reason for securing Web apps

51 percent listing compliance as a key driver for Web application security

41 percent reported having over 100 Web applications or more

A cost of implementing security solution is almost negligible to cost of a security breach.

Related Questions

You are the principal of the marketing firm hired by Amazon.com to create a new
Question #1133534
You are the privacy and security officer for your facility; your background is H
Question #240162
You are the production manager for Porter Cable (a power tool company) based in
Question #1119339
You are the production manager overseeing three plants producing Li-ion batterie
Question #338162
You are the project manager for Changing Tides video games. You have gathered th
Question #3853677
You are the project manager for a company that is building a behavioral health s
Question #3594566
You are the project manager for a construction company. You are currently est es
Question #356293
You are the project manager for a construction project to repave a 3 mile sectio
Question #377068
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You are the security Manager for a medium-sized bank You have been asked to desi
Next
You are the senior Human Resources representative in a large organization with l

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.