Implementation of an Organization-wide Security Plan Looking at the network diagram provided I determined that the user, workstation, LANA, LANA-to-WAN, and system/application domains involved in the company should be redesigned to implement better access controls to provide multi-layered security. The most important access control implementation would be the user domain where the company should put emphasis on training; how to recognize social engineering attacks, how to create strong passwords, and how often they should be changed.
The workstation domain should focus security via virus and mallard scanning, operating system patching, and other types of application-level firewalls. To achieve a multi-layered security approach in the LANA domain I would recommend using an intrusion detection system (IDS) and an intrusion prevention system (PIPS) to prevent unauthorized access. Security for the LANA-to-WAN domain should be implemented through the use of a firewall or DMZ to also prevent unauthorized access into the company’s network.
Finally, the system/application domain would require virtual testing of everything before NY implementation, hardening of all servers, and keeping up with patches and updates regularly after testing has been completed. Some of the more efficient ways to implement better access controls in a company would start with the proper level of authorization policies including physical controls for facilities.
The authorization policy would appropriate entry system access controls that specify what areas are to be locked at all times and what type of locking mechanism should be implemented. It would also include the implementation of secondary locks on specific equipment and storage cabinets within the facility, ND training goals on the recognition and prevention of social engineering attacks. Authorization policies will also include access controls for data by specifying which data should be encrypted, they would also enforce the principle of least privileged in regards to data.
Conducting risks assessments regularly and keeping implemented policies and procedures up to date makes creating security plans for networks, systems, and other resources easier. It would also be best practice to implement the proper processes for monitoring, detecting, reporting, and responding to security incidents (includes backup and recovery Lana) in a timely manner will help to ensure that critical business operations are still functioning.
All the security implemented will remain in compliance with all the laws and standards that pertain to its operations to ensure integrity and confidentiality. Implementing the proper policies, standards, guidelines, and procedures such as acceptable use policy (AUP), password policies, account management policies, user account standards, and identification standards are critical to securing business functions from errors and mistakes commonly made by users.
