MEMETECH Technical Infrastructure Security Plan - Case Study Example

MEMATECH Technical Infrastructure Security Plan al Affiliation) MEMETECH Technical Infrastructure Security Plan The following plan describes the technical infrastructure security plan for MEMATECH Solutions Limited. The security issues of a company are always dynamic; therefore, the plan will always be in a flux state. The plan and its supporting parameters address the importance to formalize the security plan and articulate the security standards that will protect the company’s management in making decisions that will support the goals of the company. The security plan is developed to support and safeguard important information on the company as well as services that support the mission of the company. Data Center Physical Infrastructure When MEMATECH commenced its operation, the company outsourced the addresses of its clients. The company will continue evaluating opportunities in other sectors, convenience, balancing cost, and security. MEMATECH will use software services and evaluation of cloud based storage system for departmental shared space and general purpose user. As part of the company’s effort to leverage the storage and compute service virtualization, the company will continue evaluating tools and instruments that manages dynamic resource provision in their data center. Virtualization is the process whereby positive effects on the necessity for space, cooling budgets, and power are available. The company has also prioritized the expansion of its data archive. The archive will have a new data center, which will be the core data center, allowing the replacement of the present one to reduce failover and redundancy of crucial systems. Servers The company will continue its desire to minimize the number of server benchmarks. The long term objective is to continue using Linux for the company’s systems. The strategic platforms will be Microsoft Windows Server and also Linux. The planned implementation will involve adding a virtual server and move the servers of a Solaris database in a virtual environment. Storage The company will continue using departmental storage and locally hosted enterprise for structured data. File systems that are unstructured, the company will continue maintaining special storage sections and enterprise storage for some restricted information, as well as instructional data and certain research data. Providing unstructured user and general user, departmental space will be monitored taking into account the emerging and current use cases. Some of the provisions will be offered through relationships that are structured will providers with cloud services. Locally hosted storage, the company will provide various backup mechanisms that will balance the cost, recovery time objectives and their performance. The crucial systems of the company will receive the highest degree of backup. The company will work with certain storage partners to implement the backup strategies that are available for general use space and departmental space where needed. Primary The company will go for oracle as the strategic database solution for the company. The departmental section of the company will use the Microsoft SQL server services as one of the Application Hosting Services. The planned implementation of the strategy will to offer LAMP services that include MySQL. The service is undergoing some restructuring. Additionally, file systems that are unstructured, the company will give provision for file spaces for the directorate and home sections using the implementation of the Microsoft Active Directory. The company is in the process of evaluating the alternative sources for unrestricted data. The company will also implement the private cloud, enterprise that will converge the architecture of the Storage Area Network and transition to FCoE (Fiber Channel over Ethernet). MEMATECH will also provide backup for the company. The whole enterprise will have daily backup, midlevel will have weekly backup, basic data will have monthly backup, will research data will have less frequent back up. The implementation of the plan will involve launching of the project to evaluate the company’s backup strategies and make sure alignment with the company’s data retention needs. The research and feasibility data will monitor the company’s backup technologies and develop recommendations for the implementation that will meet the objective that are defined in previous projects. Consequently, the company will deploy the recommended backup solutions. Network Physical The network of the company has a fiber based infrastructure with connections that are redundantly high speed. MEMATECH maintains the closet of access controlled communication across the company to safeguard the active machines that support the company’s building. On the company’s data center, MEMATECH will maintain specialized high network configuration for intra data center and communication between the departments of high services availability. Throughout the year, the company will monitor the sharp rise in the network traffic due to various factors like online business, cloud computing, streaming technologies, security cameras, and software applications. The company will also come up with Network uplifts that will increase the present bandwidth. Logical The company is designed to support various logical network infrastructures using the VLANS. The company’s strategy to provide standard network, a managed network with security controls and private addressing and various specialty networks like those for public safety and access control. The company will, therefore, implement the planned strategies by migrating the General Computing Network and Enhanced Security Environment. Voice Communication The company shifted to VoIP based communication system immediately it commenced. This afforded higher fiscal and technical flexibility when compared to the Centrex based system. The system will refresh based on the Lifecycle of the expected hardware. The planned implementation of the plan will continue to evaluate the upcoming systems together with Internet Higher Ed service provisions that may offer the chance to deliver the services of the voice to the company and employees through a more cost efficient model. End User Devices MEMATECH Company uses the conventional workstations in accessing computing resources. However, a research is looking at using client technologies and using mobile machines in accessing the resources of the company. The company will offer full support for the workstations that run Microsoft Windows. The implementation of the plan will materialize through activation of current generation Citrix based administrative. In addition, full deployment production if Citrix based Administrative environment for accessing restricted data. The company will maintain the present workstation environment for the use cases where the devices will be networked privately in order to provide secure solutions. Concurrently, workstations will be set up and migrate to ISP networks unless the special needs dictate otherwise. Since network support cannot be sustainable for a longer period, the company will have to change the mobile communication. The company will offer support for certain mobile application. The support will comprise of the conventional form factors like the tables. MEMATECH will implement the allowance of Mobile Communication Device and accessing data from the devices will be via the Citrix receivers or other managed applications. Enterprise Software The company will need to have a custom developed system called the Computer Systems Account Management. The system will be maintained and developed as the central Identity Management application for the company. The company will need to come up with a mature implementation that will contain all the modules installed. This will be hosted locally with replication of data for higher availability. Some of the complementary system like the e-marketplace are hosted and integrated with banners while others like the Transaction system have hosted components. The planned implementation of the plan will include a semi-annual updating schedule with updates and maintains windows. Other systems will be maintained as per the updated schedule. For collaboration and communication the company will use Google Applications for networking, collaboration, and communication surrounding for stakeholders, clients, and employees. This will provide an integrated platform for instant messaging, collaborative editing and online communication. The message archives for yahoo retention will be managed through Google products. The company will need to come up with enterprise licenses that will facilitate the conferring of the real-time web. The company will, therefore, continue evolving and utilizing the Google application for business environment in a fashion that is continuous. This will ensure that the code management philosophy is managed and released from Google. In terms of transaction management system, the company will be required to evaluate the open source options to the Management System. The company has a smaller number of directorates that is planning to support and use the module. The management system will continue using the system until a new financial year. The planned implementation will involve studying the management system. The team under the initiative will provide a recommendation to make an orderly shift if the system is deprecated. Auxiliary Systems Most affairs in IT industry have opted for transaction systems at the company’s enterprise. MEMATECH will offer an integration service that will allow the system to interface with the company locally portal. The access control of the company has been proven as the company’s access management system. The system will be deployed incrementally with new renovations and constructions. Security Research The company offers support for various software services and packages that researchers used and uses massive purchasing power to maintain a low cost. The software packages are found over the network of the company, while other services are hosted with partner support for account integration and user training. For services that the company has no sufficient demand, the company has liaised with other companies to offer the service. Therefore, the company will need to come up with a memorandum of understanding for security support services. The company will launch a security project across the companies to develop specifications for new storage of data service. When the specifications are underway, the project implementation will follow thereafter. Departmental Computing The company offers machine rooms for its employees that afford higher reliability and affordability to directorate server resources together with the network security for the resources. The facilities are easily available in the departmental used. The company will make sure the applications will fit the criteria for the enterprise system and needs housing in the facilities of the company. To implement the plan, the company needs to work with departments that host their independent servers in supporting and encouraging movement of the servers on the company’s data center. To accommodate the application hosting, the company needs to develop a stack of open source application sets that will enable departmental support of application without installing the logical server, associated complexity and the separate physical complexity. The plan can well be implemented by developing application hosting services that uses Linux, Apache, PHP, and MySQL, and configured via the cPanel. Risk Management Approach The infrastructure security plan established the approach for setting plans, identify the infrastructure and combine threat information, vulnerability, and consequence to produce a rational assessment, systematic, or company risk and develop security mechanisms and resilience strategies, and measure their effectiveness. The plan will be designed to respond to a dynamic environment, as well as providing the adaptable framework in addressing the emerging and evolving risk to crucial infrastructure. The company is not looking to make changes to the fundamental structure and risk management concepts, but rather plan and review the recent directives and events that will influence the application and context of risk management framework. Reference Vacca, J. R. (2009). Computer and information security handbook. Amsterdam: Elsevier; Read More