Now that the After Action Reports have been analyzed, the consultants must develop a plan for improving the security posture at Sifers-Grayson. This will be documented in a Security Strategy...

1 answer below »



Now that the After Action Reports have been analyzed, the consultants must develop a plan for improving the security posture at Sifers-Grayson. This will be documented in a Security Strategy Recommendations document. The security strategy will be based upon multiple layers of policies, processes, and technologies that, when implemented, will be used to defend the Information Technology enterprise from both internal and external threats and attacks.




Note: see

https://www.techrepublic.com/blog/it-security/understanding-layered-security-and-defense-in-depth/


for a discussion of the differences between these two security strategies: layered security and defense-in-depth. You will need this information for the

Security Strategies

section of your paper.




Two defensive security strategies have been chosen by the senior members of the team.







1. Defense Strategy #1:

Build a DMZ for the R&D Center. The DMZ will host servers accessed by the engineers while teleworking and while reaching back to the R&D center from the test range. The DMZ will require the following: (a) business class routers, (b) business class firewalls, and (c) intrusion detection and prevention system.




Demilitarized Zone (DMZ).


For definitions and diagrams see

https://www.us-cert.gov/ics/Control_System_Security_DMZ-Definition.html


and

https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/principles-of-computer/9781260474329/ch9.xhtml#lev74


(Scroll down to sub-section on DMZ’s)










2. Defense Strategy #2:


Implement Enterprise-wide Protective and Detective Measures to defend against both internal and external attackers. These measures will include (a) controlling access to software documentation and source code, (b) implementing enterprise-wide identity management, and (c) implementing either a Security Information and Event Management (SIEM) tool or a Unified Threat Management (UTM) tool.







Your Task:





You have been assigned to research products which will be used to implement the two Defense Strategies. You will need to research suitable products and then write a report recommending a set of products and services which can be used to implement the selected strategies. Your report will include summary information and explanations about defense in depth and the two selected strategies.




Note: You may need to do additional reading and research to find the information required to support your explanations of defense in depth and the selected defense strategies. Make sure that you cite authoritative sources for this information.

Answered Same DayDec 14, 2022

Answer To: Now that the After Action Reports have been analyzed, the consultants must develop a plan for...

Aditi answered on Dec 14 2022
30 Votes
SOLUTION
1. Establishing a "demilitarized zone" surrounding the R&D Center is the first step in a long-term de
fensive plan. Whether working remotely or phoning in from the test range, engineers at the R&D center could access the DMZ servers while connected to the internet. The following things are necessary for the DMZ: Business-class routers, intrusion prevention and detection systems, and firewalls.
The private network as well as the open Internet will be separated by the demilitarized zone (DMZ). The routers, which serve as a gateway, will connect the DMZ as well as the internal network. Any attackers won't be able to get past the firewalls and reach the DMZ.
Putting protective and investigative measures in place throughout the entire business is the second defense - in - depth strategy. These protocols are in place for risks that are both internal and external. These steps will aid in limiting access to sensitive information and in identifying and locating those responsible for assaults. The corporation will be better protected against threats from both internally and without by putting...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here