IT Security Implementation
Provide a summary of the actual development of your project.
Because small corporations have to work under conditions of conflicting information technology in many instances, the requirement of maintaining these systems details entails far too many time-consuming processes that have to be carried out. This allows for the business to work in a logical order and promotes a more logical approach to the making of business decisions. The end result is organizational progress and consistent profitability. Thus, the lack of having an IT Security Policy Plan in place may keep the organization from reaching its organizational potential. This project’s main objective and expected outcome entails designing a network security plan for implementation and then detailing the process of implementing the program. The purpose is to address the various aspects of having a written and enforceable technology security policy as well as describing an overview of the necessary components for an effective policy to remain functional. The intention is to provide enough detail for a reader of this policy to gain the necessary understanding of the underlying processes, methodologies, and procedures that would be needed to initiate the development for the small corporation’s system -wide IT Security Policy.
When developing an IT Security Policy Plan, it is important to keep in mind that the ‘defense in-depth’ model which entails the company not being overly reliant on one single principal means for protection (or layer). Instead, this particular design will take into consideration the development of the security program that has the potential capability to provide multiple layers of defense in order to ensure a maximum level of protection for the organization’s data and resources and will minimize the potential for data compromise. As is the expectation of any policy creator, the organization should keep in mind that an IT Security Policy Plan can only protect data from known or existing information compromising processes or other exploits. All organizations’ network data and systems are potential targets for hazardous exploits, however, with an effective Information Technology Security Policy Plan, this implementation plan should enable the network administrator to effectively detect blatant or less obvious anomalies in the current or in future network traffic. Therefore, the organization will have the ability to take proper steps toward mitigation of the potential problem, i.e., implantation of this proactive vs. A reactive system.
This project proposal defines a viable IT Security Policy Plan for any small business network that has thirty computers or less with three or less servers and that has an operating range of services that include traffic from Web-based applications, e-mail, and an application database. The E-mail system for smaller organizations will require continual security upgrades based on risk factors the current lack of e-mail security will affect the overall system performance.
Include a precise description of your project.
This project entails delivering an IT Security Policy Plan that would serve to meet the company’s most critical elemental needs. The policy has the objective of identifying all of the necessary detailed policies and procedures, rules and process methodologies that everyone who uses or accesses the organizational computer resources must adhere to which will ensure more reliable confidentiality, integrity, and availability of the organization’s data and resources. The main advantage of this process will document an organization’s security posture as well as describe and assign functions and responsibilities, grant authority to security professionals, and identify which incident and response processes and procedure needs to be followed.
It must be understood that all security-related decision’s made or fail to be made determine how well and how secure or insecure the organizational network will be. The functionality of the organization’s network will provide insights into how easy or difficult the network will be to use. Part of this implementation process will also take into consideration the organization’s security objectives and goals. This will make effective use of the collection of all security tools so that administrators will check for any new restrictions to impose.
Security and ease of use are supposed to be inversely proportional. There will never be a 100% completely secure system. The underlying objective is to concentrate on reducing as much risk as possible while at the same time not bogging down system resources. Network security has the intimidating task of protecting all members of the organization from all potential threats. Consider the responsibility in organizations such as banks and financial institutions, insurance companies, brokerage houses, consulting and governmental contractors and agencies, hospitals or medical facilities, laboratories, internet and television service providers. Other companies that have to provide security services include utility and chemical companies and universities. Security takes on new meanings in each of these situations because of each industry’s unique requirements.
Include an expanded discussion of your review of other work done in the area.
Network security for either internet or internal networked infrastructures has been required to deliver three main objectives seamlessly. The small business atmosphere requires that these basic security concepts, confidentiality, integrity, and availability all must be met. IT Security Policy Plans have historically allowed organizations to address these needs by clarifying processes of authentication, authorization, and nonrepudiation.” Other networking plans may or may not address these needs because network security means different things to different organizations. For example, one administrator may consider illegal network access to be a stalled computer communication system process similar to those perpetrated on Yahoo a few years ago while another administrator may see the problem to mean the execution of a highly placed spy bot. In each case, the solution to the network security problem would entail a completely different solution based on the administrator’s position.
It is critical to understand the significance of work in the area of network security. There have been instances of children at the high school level that were attaining poor overall grades still having the ability to gain unauthorized access to totally secured network infrastructures at the department of defense, the department of transportation and other highly secured environments. These kids know exactly how and what to do because these adolescents have literally grown up with this new networking technology. Kids today generally understand the underlying concepts of network security very well. Add the threat of more sophisticated network hackers and professional terrorists and the reality of whole foreign nation’s who need some competitive advantage and the concept of computer criminals and network intruders take on new meanings. Administrators have to be aware of the plethora of techniques of breeching network security such as probes, scans, account compromise, root compromise, packet sniffers, denial of service attacks, exploitation of system trust, basic malicious code implementations, and the many other internet infrastructure attacks. Of course, the real threat to network security in the majority of cases is not some world class hacker, it is usually a typical employee that utilizes an unsecured password or forgets to log off in the evening. A viable and effective IT Security Policy Plan provides a network security engineer the proper tools to address all of these concerns and more. AMR Research has in the past relied on expert-level analysts that have the ability to evaluate trends in the market and therefore be able to offer guidance to organizations in need of VPN and SSL connections. Protecting the organizational intellectual property is a key organizational objective in the proper institution of this IT Security Policy Plans will be mission critical.
Include an expanded discussion of your Rationale and Systems Analysis for the project.
To expand on the Rationale and Systems Analysis, the focus will be in network setup. The underlying goal is to address as many system access points with the intent of securing these various points of security breaches. For example, a single node that may not even have any highly secure data on it directly can still be access point for the entire network and allow unauthorized access to the entire organization’s mission critical information. The idea is to create a plan that will keep seemingly innocuous data points from compromising the computer system.
Every single node is an access point that can provide data such as hardware capabilities, software available, operating and network system configuration data, type of network connection and router points, system or individual phone numbers, and most important, access and authentication procedures currently in place. In the hands of a capable individual, this type of information can provide enough data to enable unauthorized individuals to obtain access to the more mission critical data, files and programs needed to secure the system. Even in fun, hackers have established games or contests with the sole intention of gaining system access information with techniques like trashcan diving or social engineering. It is unbelievable how often security information like passwords, access control files and keys, company or personnel data or whole detailed encryption algorithms. The key here is that no organization that utilizes open ended networking infrastructure or who utilizes the internet is immune to these types of networking security breakdowns.
Project Goals and Objectives:
Review the list of the goals and objectives of your project and explain why you did or did not accomplish them.
The project entails relying on the Open Systems Interconnect (OSI) Model defined by the International Organization for Standardization (ISO). The goals and objectives are to first create a Baseline Security Level and also to manage to Real-Time Security Metrics. This goal entails the objectives of defining an executive and corporate wide audit of the existing data security process and evaluating organizational performance for all major components and key security metrics to verify that they do or will meet industry standards. Next come the objectives for systematically developing sourcing and supplier criteria for potential or future purchasing agreements of all new products and services.
The second priority goal would entail defining and executing assessments of application-based security systems and process on a periodic schedule. This is mission critical because of the implications for potential threats from viruses in either files or e-mails. These types of worm, trojan or other viral infection in servers has the potential bring the entire system down. E e-mail security will need consistent and affective scanning to eliminate or reduce the opportunity of unauthorized access to organizational systems that could damage company operations. The main objective would be to create viable e-mail monitoring policies consist with documentation for managing all internal and external e-mail traffic. The next objective for this goal would be to evaluate all hosted or Software-as-a-Service (SaaS) applications such as Google Apps, Google Documents, or any others process application based on cost and convenience and statuary licensing policies.
The third goal would be to create a scenario that is consistent and can maintain necessary security standard compliance needs. The initial objective of this goal is to clearly define the SSL as a company protocol for wireless and the well placed WiFi network transmitters and routers throughout the company to promote optimal communication capabilities with the safest number for security needs. The next goal objective is to take into consideration the potential for growth and defining security standards that will be able to evolve with and for application level and operating system upgrades.
Project Timeline: Explain why you did or did not meet the timeframes set for your project.
Completing the project on time and within budget is always a positive expectation. In this case, the expectation set forth by forecasting and anticipating some expectations and unforeseen delays is a timeline to completion of 90 days. This phase of the process allows for the documentation and testing of the mandatory benchmarking needs of the new IT Security Policy Plan. Documentation as a new system requirement is often overlooked as a necessity because it is time consuming, but the drafting of a verbal blueprint of the existing levels of security across applications, operating systems, servers, and network integration points is critical to the upkeep of the system. So all though the process adds man hours of time, the overall success of the system and the ability of the system to evolve requires the additional step. There will be some additional time in man-hours for internal resources such as cross-functional teams that have the responsibility to assist in measurement of key security metrics and real-time dashboards development.
An additional six months will be required to create and test the application security strategy which will evaluate applications, servers, and e-mail security and then offer viable security updates. Another 3 months will be needed for support for the IT staff and senior management. The finance and functional department leaders will also be updated to ensure that the applications are managed properly. Total time will be one year.
Project Development: Explain what your project actually accomplished. Explain each of the following:
Problems encountered and how they were solved
One of the most blatant problems encountered was that the staff of the company was not as well versed in network protocol as should be expected. Having a staff that is not well versed in the overall system could lead to many security breakdowns from accidentally giving up a password to downloading viruses through the email process. This system was discovered and solved by creating an additional step in the final implementation process. An all employee mandatory awareness training will be added. This process will address the many new and existing security awareness concerns of the organizational staff. The system security team and administrator will conduct this training and that pretty much will help ensure that the program will have a better chance at a successful outcome. This training will be provided at different levels so as not to overburden minor staff and not to underwhelm major staff. For example, executives, high level managers and system administrators, security officers and all of the individuals with access to organizational data of a secure nature will have a very different training than factory level employees. Additionally, staff training should be re-run on a periodic basis such as a bi-annual schedule and all new hires should be given the training. To ensure compliance, staff that has completed training will be required to sign a written certification statement which will help the security officer and team enforce with management the company security policies.
Reasons for changes made to your original plan
The first phase of the project was focused on enabling measurement of the level of security present. The audit specs needed to be altered to include cost factors for first security audit. One of the least considered concerns other than obvious infrastructure gaps is the affordability justification. Fundamental principle yield is different based on class of service and can be defined at the high-priority classes during peak periods of demand. But this audit did not take into consideration the low periods of demand when discount classes attract higher levels of demand. System capacity and cost have historically stopped certain testing obligations because of infrastructure investment. It is difficult to test for things that may or may not happen, but it is also difficult to justify stopping a company from expecting return on their investment. The IT Security Policy Plan will be reevaluated for this phase to gather associated costs of new software, server, workstation, and network hardware compared to utilizing existing hardware and infrastructure with only software migration as a second option as well as justifying keeping system administration in-house or outsourcing.
Unanticipated requirements or components that needed to be resolved
One of the most important but unanticipated requirements of a new system is the simple process of auditing all existing security programs. These programs should be audited regularly and randomly in order to maintain their new effectiveness. The new security officer or system administrator will be given the authority, in writing, by the head of the company in order to conduct these audits of the programs based on the IT Security Policy Plan. This is a critical need because of the inherent legal ramifications. If this authorization is not granted in writing, he or she could literally be held accountable and subject to legal action for malicious conduct. To minimize unanticipated requirements, random and scheduled audits should be conducted and may include:
â€¢ Password auditing using password cracking utilities such as LC3 (Windows) and PWDump (Unix and Windows)
â€¢ Auditing user accounts database for active old accounts (people no longer employed)
â€¢ Penetration testing for vulnerabilities using technical assessment tools such as ISS
â€¢ Social Engineering to determine if username or password offered by staff
â€¢ Simulate (off hours) network failure with response team’s performance
â€¢ Test back-up recovery procedures
â€¢ Monitor critical binary files
â€¢ Configure Server audit of all events and monitor several times
â€¢ Use a port scanner within network to catch traffic action
Actual and potential effects of your project
Meeting the organizational need for higher levels of security across the entire network system will be the biggest benefit of implementing the IT Security Policy Plan and process. No longer will the network administrator have to fret over the majority of PC’s and laptops communicating via WiFi throughout the company. In addition, the three servers that maintain the organizational website, e-mail systems and database application servers will also be more secure and easier for the network administrator to maintain. One hidden benefit is the overall process of IT Security Policy Plan documentation. The entire new IT Security Policy Plan system will be fully documented and a complete network blue print will always be available for existing administrators as well as future technicians working on the future evolutions of the system. This benefit is over looked but indispensible in times of networking issues that may arise at some future time. Operating systems will also have new levels of security to help create an atmosphere of renewed system confidence in all aspects of packet communication.
Your conclusions about the success and effectiveness of your project
In conclusion, all small corporations are forced to toil in conditions of conflicting information technology. In this case, the proposed IT Security Policy Plan will eliminate most instances of network bottle necking and will provide a safe and secure infrastructure that will have years of smooth operational success. This system will permit the company to work in a logical order and promote a more logical approach in the business decision process. The end results will more than likely be related as organizational progress and profitability. Having this IT Security Policy Plan in place will allow the organization to reach its organizational potential. The purpose was to address the critical aspects of having a well written and enforceable technology security policy that describes the necessary components of the policy and remains functional as the company grows and prospers. The IT Security Policy Plan will provide enough detail to give the necessary understanding of the organizational network processes, methodologies, and procedures needed to initiate a system -wide multiple layers of defense in that ensures a maximum level of protection for the organization’s data and resources. This project proposal defines the most effective possible IT Security Policy Plan for an organization with thirty computers or less, three or less servers and that has an operating range of services that include traffic from Web-based applications, e-mail, and an application database.
Get Professional Assignment Help Cheaply
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Why Choose Our Academic Writing Service?
- Plagiarism free papers
- Timely delivery
- Any deadline
- Skilled, Experienced Native English Writers
- Subject-relevant academic writer
- Adherence to paper instructions
- Ability to tackle bulk assignments
- Reasonable prices
- 24/7 Customer Support
- Get superb grades consistently
Online Academic Help With Different Subjects
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
What discipline/subjects do you deal in?
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Are your writers competent enough to handle my paper?
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
What if I don’t like the paper?
There is a very low likelihood that you won’t like the paper.
- When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
- We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.
In the event that you don’t like your paper:
- The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
- We will have a different writer write the paper from scratch.
- Last resort, if the above does not work, we will refund your money.
Will the professor find out I didn’t write the paper myself?
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
What if the paper is plagiarized?
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
When will I get my paper?
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
Will anyone find out that I used your services?
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
How our Assignment Help Service Works
1. Place an order
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
2. Pay for the order
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
3. Track the progress
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
4. Download the paper
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!