Enterprise Security Plan: MEMATECH Solutions Limited - Research Paper Example

Enterprise Security Plan al Affiliation) The paper is a preparation of MEMATECH Solutions Limited security plan proposal. The proposal covers and discusses the ten areas of ISCBK (Information Security Common Body of Knowledge) that incorporates the various groups of information security. It also touches on the success principles and the information security. In addition, the proposal outlines the planning guidelines towards the aims, security policies, and standard taxonomy. The set policies and guidelines comply with rules and standards of HIPAA security. Consequently, the policies and guidelines of the proposal are pertinent to information security and privacy that are currently put forward by bodies of the state, federal regulators, and the state. Introduction New technologies are coming up in the market daily. Therefore, there is need to safeguard the evolving technologies. In the case where MEMATECH Solutions limited has this need, I have proposed to develop and install a new security plan for the company. The idea behind the plan is to come up with a network that connects all the machines in the organization in protecting the plan from being publicized during the stage of development and research. The paper therefore, discusses the proposal of MEMATECH Solutions limited security plan proposal for the connections that dwells on the authentication mechanisms, policies of password, and the plan’s proposed cost (Pipkin, 2000). Discussion I have proposed a security plan for MEMATECH Solutions limited for the connection that will safeguard their new products when researching and developing stages are carried out. The paper proposes a comprehensive plan that deals with password policy, network policy, authentication of data, and the project’s cost. Various Servers and Network To safeguard the project it is imperative that all information and data are kept on different network, and on servers that are not within the success of the general corporate. This can be achieved by developing new networks through the appliances of Cisco Terascale router or Cisco ASA security, VMware, VLANS, and windows 2008 with the help of IPV6 private addressing. Employing the appliances of ASA security and Terascale, I will be able to monitor and control the entire network and access traffic on the corporate network subset through the firewall features. In conjunction with MAC address, I will implement through filtering to offer more security. The IPV6 IP mechanism will be employed to help it from attempts of network intrusion and brute force. I will use private address to ensure that all the IP address are internal free from public access. Windows 2008 will be helpful in creating different domains from the conventional corporate network, where all the information and data can be kept. Employing the group policies, active directories will undergo implementation to monitor the access of data. For private and important information of the company, the encryption of the folders and files will be implemented. Combining all the components together with the test of security intrusion will offer very secure firewall protection, secure Vlans, authentication methods of Windows security through the active directories (Zelkowitz, 2004). Password Policies In combination with the methodologies and hardware present, the network will focus on developing password policies that are very strong. This is because; weak security passwords are easy hack to valuable and networks data. When the previous passwords are used, same opportunities and chances can be presented. Evolving the brute passwords attack appliances together with generators of password have led to security practitioners to encourage the users to come up with hard to hack passwords. Conversely, some of the users have failed to embrace this. This has therefore, led to unnecessary risks of the security. Applications like Rainbow crack or Pyrit can be employed in brute forcing the attack of passwords against the networks, routers, or computers trying over millions that are conventionally used in gaining access. Therefore, having a password that is stronger can prevent the rampant cases of intrusion. This can only be achieved by embracing the system of password policy management in the company. The system should be able to offer enforcement of strong password, offer the dictionary of password exclusion, offer history of password in preventing the re-use of previous password, and enable the users in managing their password including the resets, allowing the user in synchronizing their security passwords through multiple networks, devices, applications, and systems. They should also demand the authorized approvals when the users request for their new accounts, or in accessing the new resources (Zelkowitz, 2004). They should also allow users to keep the personal information up to date. Such information includes the phone number, and also address. And propagate the information automatically to the proper store of data. In addition, they should provide the interface that are well based and response to the interactive voice. Consequently, they should safeguard the stores of password with the encryption of AES (256-bit). To prevent unauthorized access of the system, it should integrate will the mainframe systems, enterprise resource planning, groupware systems, servers, and database systems. The system will be able to support the scheme of triple factor authentication combining everything that the user knows and what she possesses. Authentication Methods In this case, having a strategy of triple factor authentication will be important. This means having in place the authentication methods for the users to access to the resources. The method majorly comprises of the access code and the user password, physical item like a token, and anything that is not common to the user like the retinal scan, voice, biometrics, and fingerprints. After the study, the identity manager will have to help in implementing this. Some features of the manager include the User Self-Service, Auditing and Reporting, Fine Grained Entitlements Management, Scalability and Integration, and Delegation Administration with Centralized Control, and Main Frame and Server Support. The above characteristics together with choices of the hardware and the strategies of the network will of help in keeping the information and data of the project secure (Pipkin, 2000). Estimated Cost of the Plan The estimated cost of the plan for the software and hardware ranges from 36000 to 50000 dollars. Its breakdown can be done as follows: Cisco Terascale Router 22000-27000 dollars Identity Management of CA varies as per the service Dell PowerEdge with the Windows 2008 will be 2500 The security Appliance- ASA5550-BUN-K9-Cisco ASA 5550 will be 11500 dollars. The integrity of the project needs to be safe. Therefore, other factors need to be taken care of together with the implementation of the hardware and the software. For this plan, a Private Policy Management need to be formed in helping to maintain and develop the privacy instruction for the access of the user data and the system, which data to be locally saved, and ways of storing the data. Generally, when the requirements outlined in this document are taken care of, then MEMATECH solutions limited will have higher abilities of staying safe (Coyne, 2007). Reference Coyne, E. J. (2007). Role Engineering for Enterprise Security Management. Norwood: Artech House. Pipkin, D. L. (2000). Information security: protecting the global enterprise. Upper Saddle River, N.J.: Prentice Hall PTR. Zelkowitz, M. V. (2004). Information security. Amsterdam: Elsevier Academic Press. Read More