Data Security Assignment: Information Security Roadmap for EvolveNet

Question

Task:

Data Security Assignment Task:

Using the Threat and Risk Assessment Report from the previous initiative, devise an Information Security Roadmap that selects and articulates the business benefit for 5 individual information security initiatives for EvolveNet. The Information security initiatives must involve the implementation of controls that provide the most benefit to the organisation. Controls can be in the form of administrative, technical or physical. Technical controls can include off-the-shelf products or bespoke solutions.

The Information Security Roadmap consists of two deliverables:

An Information Security Roadmap Charter Document
An Information Security Roadmap Executive Presentation

Answer

Introduction

EvolveNet, undertaken in this data security assignment, is a Voice over Internet Protocol (VOIP) firm based in Australia. There are numerous security issues and threats that are determined for the organization that needs to be controlled and effectively managed. The information security controls and initiatives will enable the organization to properly deal with the security issues

Information Security Initiatives

Security Initiative 1 – Intrusion Detection Systems (IDS)

Introduction

EvolveNet currently does not include the effective technical controls that may lead to the occurrence of the security threats, such as eavesdropping or flooding attacks. The availability and confidentiality of the information can get negatively impacted as an occurrence (Gordon, 2016).

Scope

The scope of the security initiative will be on the internal networks and systems associated with EvolveNet.

Business benefits

The security initiative will determine the malicious security attempts by the malevolent entities. It will generate alerts that will assist the organization in controlling and putting a check on the security issues. It will lead to the benefits as uninterrupted services to the customers along with the protection of the networks and the data sets.

Functional business requirements

To configure the EvolveNet networks to be synced with the automated IDS
To implement a front-end to monitor the network activities and determine the logs and alerts issued

Key success indicators

Immediate alerts in the case of malicious attempts by the intruders
Zero cases of information security attacks
100% protection of the information sets and assets

Required resources

Network Specialist

Indicative budget

The budget that will be associated with the security initiative will be $15,000 (Leming, 2015).

Two possible products and technical solutions

Cisco Secure IDS ($8000)
Internet Security Systems Inc. ($9000)

Estimated delivery time frame

30 days

Security Initiative 2 – Anti-malware Tools

Introduction

There are malware attacks that may occur on the EvolveNet systems and networks. These could be in the form of viruses, spyware, etc. The lack of antivirus is also a major risk as the malicious entities can easily impact the systems and networks.

Scope

The scope of the security initiative will be on the internal networks and systems associated with EvolveNet.

Business benefits

The malware attacks will be avoided and controlled with the installation of the anti-malware tools and software on all the devices and systems (O’hanley& Tiller, 2015).

This will provide the benefits as enhanced information security and privacy. The customer trust will improve in the organization and the stakeholder satisfaction levels will also improve. This in turn will provide the organization with an edge in the market.

Functional business requirements

To configure the EvolveNet systems to be synced with the automated anti-malware tools
To integrate the anti-malware tool with the other security controls being used

Key success indicators

Immediate alerts in the case of malicious attempts by the intruders
Zero cases of information security attacks
100% protection of the information sets and assets

Required resources

Information Security Analyst

Indicative budget

The budget that will be associated with the security initiative will be $5,000.

Two possible products and technical solutions

Norton 360 Anti-virus protection (USD 44.99 for 3 devices)
McAfee Anti-virus ($14.99 per device)

Estimated delivery time frame

20 days

Security Initiative 3 – Anti-Denial Tools

Introduction

There are network channels that are used by EvolveNet that are exposed to information security risks and attacks. The availability of these network channels and services is crucial so that the services can be continually provided. The disruption in the services can lead to negative implications on the entire organization. The Denial of Service (DoS) and Distributed Denial of Service (DDoS) are the two major flooding attacks that can impact the organization(Shamala et al., 2017).

Scope

The scope of the security initiative will be on the internal networks and systems associated with EvolveNet.

Business benefits

There are specific properties of the information sets that need to be protected. The availability of information is one of the primary aspects that must be protected. Without the access and availability to the networks and services, the organization will not be able to continue with the required set of operations. However, the use of anti-denial tools will make sure that the service continuity is maintained leading to the monetary profits. The satisfaction levels of the employees and the customers will also increase.

Functional business requirements

To configure the EvolveNet networks to be synced with the automated anti-denial systems
To implement a front-end to monitor the network activities and determine the logs and alerts issued

Key success indicators

Violation of denial attempts by the attackers
Zero cases of information security attacks
100% protection of the information sets and assets (Martin, 2020)

Required resources

Network Specialist

Indicative budget

The budget that will be associated with the security initiative will be $15,000.

Two possible products and technical solutions

Akamai DDoS Mitigation
Radware DDoS Protection

Estimated delivery time frame

30 days

Security Initiative 4 – Employee Trainings

Introduction

There are security issues and attacks that may occur due to the lack of understanding and knowledge among the employees. The employees may not be aware of the best security practices to be followed. The issues due to employee negligence can cause violation of information security and privacy. There are insider threats that may also occur on the EvolveNet systems that can cause significant damage to the overall security.

Scope

The employee trainings will be organized for the internal employees of EvolveNet. These trainings will cover the three aspects as Information Security, Organization Ethics, and Legal Compliance (Marquardt, 2016).

Business benefits

The employees will perform in accordance with the organization requirements and expectations once they will be aware of the security practices, ethics & code of conduct, legal policies, and likewise. The employee performance will directly influence the productivity levels of the employees which in turn will make sure that the overall organization performance is enhanced. The stakeholders and the customers will be satisfied and the overall organization profits will also increase.

Functional business requirements

To develop the training plan and schedule for the employees as per the requirements and availability
To conduct the training sessions as per the plan
To gather and analyse the feedback
To record the performance before and after the training

Key success indicators

Training hours of the employees – Mandatory 30 hours of training in 6 months
Training assessments – Pass percentage as 9 or above on a scale of 10
Ethical compliance rate of the employees
Legal compliance rate of the employees
Security compliance rate of the employees

Required resources

Project Manager
Trainer (Internal or External)

Indicative budget

The budget that will be associated with the security initiative will be $7,000. It will include the cost of the tools and the trainer.

Two possible products and technical solutions

Web conferencing tools
Data analytics tools

Estimated delivery time frame

45 days

Security Initiative 5 – Information Security Plan

Introduction

There are different security issues and threats that are determined for EvolveNet. The resolution of these issues will be possible when there will be a detailed set of guidelines available. The inadequate information security plan will result in the significant security risks, such as insider threats, malware attacks, denial of service attacks, and others.

Scope

The scope of the security initiative will be restricted to the internal departments of EvolveNet. It will comprise of the internal systems and data sets along with the network channels.

Business benefits

The information security plan will list out the detailed set of controls that shall be implemented in EvolveNet. One of these is the conduction of review and audits. The security gaps will be identified in these audits which will present the organization with the benefit of improving the overall security. It will provide the mechanism to streamline the organization assets and conduct the operations in a secure manner (Miltgen& Smith, 2015).

Functional business requirements

To develop the information security plan as per the requirements and specifications
To list the administrative, technical, and physical security controls
To map the resources with the responsibilities to be carried out

Key success indicators

Zero instances of information security attacks
Training hours of the employees – Mandatory 30 hours of training in 6 months
Ethical compliance rate of the employees
Legal compliance rate of the employees
Security compliance rate of the employees

Required resources

Chief Information Security Officer (CISO)
Security Advisor
Security Analyst

Indicative budget

The budget that will be associated with the security initiative will be $10,000.

Two possible products and technical solutions

Documentation tools and platforms
Web conferencing tools, such as Microsoft Skype

Estimated delivery time frame

60 days

Conclusion

There are several security issues and attacks that are determined for EvolveNet. The resolution of these issues can be done with the information security initiatives that are listed and described. The implementation of the security controls will enable the organization to remain protected from all forms of information security attacks. The detection, prevention, and control of the information security issues will become possible with the aid of the information security initiatives. It is also necessary that the regular updates are installed on these controls and mechanisms so that the overall security goals can be attained.

References

Gordon, A. (2016). The Hybrid Cloud Security Professional. IEEE Cloud Computing, 3(1), 82–86. https://doi.org/10.1109/mcc.2016.21

Leming, R. (2015). Why is information the elephant asset? An answer to this question and a strategy for information asset management. Business Information Review, 32(4), 212–219. https://doi.org/10.1177/0266382115616301

Marquardt, N. (2016). An Experimental Approach to the Evaluation of Business Ethics Training. Data security assignment Journal of Business Ethics Education, 13, 41–66. https://doi.org/10.5840/jbee2016134

Martin, K. (2020). Cryptography?: the key to digital security, how it works, and why it matters. W. W. Norton & Company, Inc.

Miltgen, C. L., & Smith, H. J. (2015). Exploring information privacy regulation, risks, trust, and behavior. Information & Management, 52(6), 741–759. https://doi.org/10.1016/j.im.2015.06.006

O’hanley, R., & Tiller, J. S. (2015). Information security management handbook. Crc Press.

Shamala, P., Ahmad, R., Zolait, A., &Sedek, M. (2017). Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications, 36, 1–10. https://doi.org/10.1016/j.jisa.2017.07.004

Tags: australia critical analysis information technology

NEXT SAMPLE