design and influence a culture of security within an organization

design and influence a culture of security within an organization

You may find yourself in a tech role someday, where you need to design and influence a culture of security within an organization. This project is your opportunity to practice these important skillsets.

Assignment: In this project, you’ll create a security infrastructure design document for a fictional organization. The security services and tools you describe in the document must be able to meet the needs of the organization. Your work will be evaluated according to how well you met the organization’s requirements.

About the organization: This fictional organization has a small, but growing, employee base, with 50 employees in one small office. The company is an online retailer of the world’s finest artisanal, hand-crafted widgets. They’ve hired you on as a security consultant to help bring their operations into better shape.

Organization requirements: As the security consultant, the company needs you to add security measures to the following systems:

· An external website permitting users to browse and purchase widgets

· An internal intranet website for employees to use

· Secure remote access for engineering employees

· Reasonable, basic firewall rules

· Wireless coverage in the office

· Reasonably secure configurations for laptops

Since this is a retail company that will be handling customer payment data, the organization would like to be extra cautious about privacy. They don’t want customer information falling into the hands of an attacker due to malware infections or lost devices.

Engineers will require access to internal websites, along with remote, command line access to their workstations.

Grading: This is a required assignment for the module.

What you’ll do: You’ll create a security infrastructure design document for a fictional organization. Your plan needs to meet the organization’s requirements and the following elements should be incorporated into your plan:

· Authentication system

· External website security

· Internal website security

· Remote access solution

· Firewall and basic rules recommendations

· Wireless security

· VLAN configuration recommendations

· Laptop security configuration

· Application policy recommendations

· Security and privacy policy recommendations

· Intrusion detection or prevention for systems containing customer data

* This is an example I found same assignment on Chegg.com****

Introduction

This document describes how the functional and nonfunctional requirements recorded in the Requirements Document and the preliminary user-oriented functional design based on the design specifications.

Furthermore, it describes the design goals in accordance with the requirements, by providing a high-level overview of the system architecture, and describes the data design associated with the system, as well as the human-machine scenarios in terms of interaction and operation. The high-level system design is further decomposed into low-level detailed design specifications including hardware, software, data storage and retrieval mechanisms and external interfaces.

Purpose of the Security Infrastructure Design Document

The Security Infrastructure Design Document helps to document and track the necessary information required to effectively define architecture and system design in order to give the guidance on the security architecture of the IT environment that is going to be established.

  1. General Overview and Design Approach

2.1 General Overview

The client requires an IT infrastructure to perform their business activities that involve e-commerce applications and internal VPN access for their customers as well as employees with a high priority on the security and privacy of customer information and of the client’s as well

2.2 Assumptions/Constraints/Risks

Assumptions

It has been assumed that the employees are increased by 5% every year thereby reflecting the usage of the network bandwidth and increase of the devices that are connected to the enterprise network infrastructure.

Constraints

The following are the key considerations associated with the security of the infrastructure:

· Authentication system

· External website security

· Internal website security

· Remote access solution

· Firewall and basic rules recommendations

· Wireless security

· VLAN configuration recommendations

· Laptop security configuration

· Application policy recommendations

· Security and privacy policy recommendations

· Intrusion detection or prevention for systems containing customer data

Risks

Since the infrastructure is meant to carry out the e-commerce related transactions that may involve third party merchant authorizations and financial related issues, a strict security mechanism needs to be enforced so as to ensure that there is no such issue related in customers transactions as it may affect the reputation of the organization.

Additionally, there should be a backup mechanism to take the data backups at regular intervals to deal with any unwanted situations like system failures, attacks by intruders etc.,

2.3 Alignment with Federal Enterprise Architecture

The proposed architecture strictly complies with federal Enterprise architecture, All the protocols being used, and the hardware interfaces used compiles with the industry standards as specified so as to ensure compatibility of the networks as well as the security in compliance with CMS Enterprise Architecture (EA)

  1. Design considerations

3.1 Goals:

The following are the desirable outcomes of the security infrastructure proposed to be implemented in the organization:

· An external website permitting users to browse and purchase widgets securely.

· An internal intranet website like that of a VPN for employees to use

· Secure remote access for engineering employees

· Reasonable, basic firewall rules

The post design and influence a culture of security within an organization appeared first on best homeworkhelp.

 
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"