This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the follows Eng: The ability to discern when a risk assessment should be performed and carrying out the task Understanding user or customer access requirements, whether remote or local Using a layered security approach to establish and maintain access controls Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous units of instruction for this course. Learning Objectives and Outcomes Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following: Relate how an access-control policy framework is used to define authorization ND access to an information technology (IT) infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls. Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation. Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access. Define proper security controls within the user Domain to mitigate risks and threats caused by human nature and behavior. Placement appropriate access controls for information systems within IT infrastructures. Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
O ITT Educational services Page 1 Required Source Information and Tools The following resources are required to complete this project: C Integrated Distributors Incorporated scenario (provided in the Project Details section below) A computer with: Access to the ITT Tech Virtual Library Access to the Internet Microsoft (MS) Office suite-?MS word, MS powering, and MS Vision or any there comparable editing, presentation, and drawing software Note-taking systems, such as pens, paper, and printers Project Logistics The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on all your interim work. In this project, you have two such unguarded checkpoint deliverables, in Weeks 2 and 4, where either you may discuss your queries with the instructor or receive feedback from the instructor.
The checkpoint deliverable ensures refinement of the final deliverables, if incorporated effectively. The final deliverable for this reject IS a professional report that you need to submit in Week 6. Checkpoint Week 1. Week 2 Purpose of the checkpoint Expected deliverables from the student Understanding requirements Prepare an outline of issues Clarification on project deliverables and potential solutions and Discussion on project concerns and discuss with your progress up to this checkpoint instructor/chief information A review of the course projects outline officer (CIO). And schedule for completion 2. Week 4 Draft the report and the Power NT presentation to discuss with your instructor, the CO.
Deliverables Introduction seer identification, authentication, and authorization are essential in developing, implementing, and maintaining a framework for information system security. The basic function of an information system O ITT Educational Services Page 2 security framework is to ensure the confidentiality and the integrity, as well as the availability of systems, applications, and data. Certain information security implementation and management knowledge is required of network administrators, IT service personnel, management, and IT security practitioners, such as information security officers, security analysts, and main administrators.
Scenario You are provided with the Integrated Distributors Incorporated scenario to complete this project. You play the dual role of an IT architect and IT security specialist working for Integrated Distributors Incorporated (DID), a multinational organization with offices in several countries. Your instructor for this course plays the role Of the chief information officer (CIO). Your peers play the role of selected technology staff. Each of the organization’s locations is operating with different information technologies and infrastructure-?IT yester, applications, and databases. Various levels of IT security and access management have been implemented and embedded within their respective locations.
Tasks Your goals as the IT architect and IT security specialist are to: Develop solutions to the issues that the specified location of DID is facing. Develop plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability. Assess risks and vulnerabilities with operating IT facilities in the disparate locations where DID now functions and develop mitigation plans and implementation methods. Analyze the strengths and weaknesses in the current systems of DID. Address remote user and Web site user’s secure access requirements. Develop a proposed budget for the project-?consider hardware, software, upgrades/replacements, and consulting services.
Prepare detailed network and configuration diagrams outlining the proposed change to be able to present it to the management. Develop and submit a comprehensive report addressing the learning objectives and your solutions to the issues within the scenario. Self-Assessment Checklist Use the following checklist to support your work on the course project: C eave considered access control policy framework to define authorization and access to an IT infrastructure for compliance within the course project. Have considered the influence of the data classification standard in IT infrastructure’s access control requirements and implementation. Page 3 have defined proper security controls within the User Domain to mitigate risk and threats caused by human nature and behavior. eave developed and implemented an effective plan to mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls. eave developed an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access. Have implemented appropriate access controls for information systems within IT infrastructures. Have followed the submission requirements and necessary details for writing the vulnerability scan report. @ ITT Educational Services Page 4 Project Details: Integrated Distributors Incorporated (DID), a biblically traded company, has its home office located in Billings, Montana. DID has more than 4000 employees in the following locations: D
Billings, Montana, 600 employees SAA Paulo, Brazil, 580 employees Warsaw, Poland, 975 employees Sydney, Australia, 340 employees Tanzania, Africa, 675 employees Japan, China, and Hong Kong, 700 employees DID has accounts with major market retailers, Federal governments, and large State governments. DID operates a fleet of trucks in each country and has network interface agreements with subcontractors for freight forwarding, storage, and delivery. DID is responsible for the movement of goods, from multiple manufacturers and distributors to its clients, in a timely and efficient manner using cost- effective methods. Alternatively, DID may transfer this responsibility to one Of its Jobs or As, if it is more cost-effective and the income differential is within acceptable limits.
DID is also under pressure for several of its competitors in the logistics industry. The competitive market is driving DID to improve its routes, delivery methods, fleet vehicles, and other facets of its business to increase profits (a strategic goal) and to reduce costs. The company realizes that the information technology infrastructure has been neglected for some time and that many operating locations are running on outdated hardware and software. On several occasions last year, DID suffered no less than four network compromises through one of its JP Internet sites that led to the disclosure of sensitive and strategic information on contracts and mergers.
The chief information officer (CIO) made a strategic presentation to the board of directors and executive management to first assess the aging infrastructure and then, develop a multi-year phased approach to have all sites (except for JP and AS) on the same hardware and software platforms. Now that the funding has been approved for the infrastructure assessment, he CIO has asked you to update your passport, and buy some new luggage. Information about the assessment provided to you indicates that the current state core infrastructure (switches, routers, firewalls, servers, and so on) must be capable of withstanding 10-15% growth every year for the next seven years with a three-to-four-year phased technology refresh cycle. Page 5 There is a hodgepodge of servers, switches, routers, and internal hardware firewalls.