Analysis for the New Technology Formwork Establishment for the TRANSCORP Business - Case Study Example

Network Security Name Date Table of Contents Introduction 5 Risk Analysis 6 2a, 2b Internal Threats 6 3b what needs to be protected? 6 3c the project organizations security environment 6 Physical Security 7 Personnel Security 7 Technical Security 7 3d Barriers to security 8 4a Attack tree methodology 8 4b Existing vulnerabilities 11 4c Existing Threats to the project organization. 12 4d Risks Relevant to the project organization 12 4e Identify Risk Management solution 12 6a Number of cost effective measures to prevent threats 13 6c Disaster Recovery Plan 13 Baseline Project Plan 13 7a Relevance of the management continuum 13 7b Security Resource Management Issues 14 7c Security Education and Training Requirements 14 7d relevant security partners 15 8a Relevance of planning theory to security planning 15 8b Develop a Security Standards checklist 15 9a Needs analysis for a new security regime 16 9b Relevant Statutory Requirements 17 9c Baseline Project Plan 18 Security Strategy 18 9d Internal Stakeholders requirements for the security regime 18 9e External Stakeholders requirements for security regime 19 11a Industry standards 20 11b Security Products and Vendors 20 12a Operational security requirements 21 13a Inputs into the security strategy 21 14b Security Strategy 22 Application Requirements for IT Security 22 14d User and Data Security Hierarchies 22 14e Security Data Views and Access Paths 23 Identify and Implement Control Mechanisms 24 16b Control mechanisms 25 17b New Procedures for Controlling Security Provisions 25 17c Existing Monitoring Processes 25 18b Identify and document the implementation strategy 26 Design Audit Mechanisms 27 19a Audit Principles and the relevance to security planning 27 19c Response principles 27 Identify Technology Fixes 28 19d Response mechanisms 28 21a Establish technology needs. 28 22a, 23a, 23b Protection, Detection and Reaction Technologies for Security Strategy 28 24b Technology Fixes 29 Technology Implementation and Conclusion 29 29b Present the outcomes 29 29c Summary 30 Bibliography 30 Introduction In the current age, technology based systems are presenting huge and improved services to all corporate areas and businesses. In this scenario all businesses are trying to have new technology based solutions for the enhanced corporate management. In this scenario we are also having some of main security and privacy issues involved. This research and analysis based report is about the deep and detailed analysis of some of main issues and aspects regarding the new IT and IS based infrastructure establishment at the transport company called TRANSCORP. Here I am working as managing in charge for the enhanced assessment and analysis of some of main security perspective at the business. The business of the TRANSCORP has decided to establish a new technology based structure. In this scenario business desires to establish and upgrade its LAN so its clients as well as staff members are able to have remote access to specific information on the organization’s databases. There is another main intention of this technology arrangement to offer access to the Internet and e-mail on the upgraded LAN. This risk analysis and mitigation based report is about the deep and detailed analysis of some of main security and privacy related aspects at the new technology based structure establishment for the TRANSCORP business. This report is a security analysis for the new technology formwork establishment for the TRANSCORP business. Risk Analysis 2a, 2b Internal Threats In case of new technology based structure establishment we are also having some of main security and privacy aspects to address. In this scenario the main and biggest security threat we are having internally is the Personal Information at the corporate database that need to be protected. Here another security consideration we are having is about the less effective password management. In this scenario we are having existing passwords those have remained unchanged for two years. Besides we are also having lot of issues regarding the corporate operational management and handling. 3b what needs to be protected? In case of present less secure working environment at TRANSCORP business; the main and fundamental aspects that comes into view is the protection of staff personal data and information. In this scenario business require to establish appropriate criteria for the protection of the business as well as staff personal information. 3c the project organizations security environment In case present working and operational arrangement we need to protect the business system against inner and outer security breaches and attacks. In this overall situation the main security aspects those we need to consider in case of the TRANSCORP business are outlined below: Physical Security In case of TRANSCORP business the main and biggest issues we need to resolve is about the establishment of the physical security parameters. In this overall situation we need to make sure that new technology based arrangement that we have established is properly working and operational under tight security framework. Personnel Security TRANSCORP business is having lot of personal data and information that is required to be protected for the corporate enhanced security management. Here we also need to update the staff passwords and login details. Technical Security TRANSCORP business also need enhanced technical security is case of effective protection for the business technology systems and operational frameworks. In this scenario the business needs enhanced security management and handling against the better technical security establishment. In this scenario business needs to encompass effective measures for business system management. 3d Barriers to security TRANSCORP business new initiative for the better corporate technology involves some of main barriers. In this scenario the main and biggest security barrier we are having is the management support. In case of establishment of new security and privacy system we need to deploy effective security management arrangement. Here we also having some of cost and time related barriers those can engage overall handling and management of the security risks at the business. 4a Attack tree methodology In case of TRANSCORP business I have demonstrated the overall security arrangement of the business through the use of attack trees. These attack trees are able to demonstrate the overall security attacks we can face in future and some of main initiates we need to take for the enhanced protection of business and its operations. Attack Tree 1 Network Access Attack Tree 2 Client Access Attack Tree 3 Virus Attack Attack Tree 4 Illegal Access to Business Database 4b Existing vulnerabilities TRANSCORP present business system is holding the HR personal information that kept at the HR section relating to the company’s employees. This information needed to protect for the enhanced business management. Here we also have existing passwords have remained unchanged for two years. The business systems are also facing a greater danger from a number of viruses have corrupted the email servers. The business employees no longer working for the company continue to have an existing logon and password and theoretically could log on to the system. 4c Existing Threats to the project organization. In case of all above mentioned dangers to business system we can face a great deal of danger regarding the business staff records handling and management. Here biggest issues we can have are about the system information leaks. That can take toward high danger of business information hacking and damage. This can be done by some external entity that is previously having business system’s logins. 4d Risks Relevant to the project organization In case of project organization we are also having some of main risks. These can be about the business system virus attacks and security breaches from inside and outside of business setup. There is also a great deal of danger in case of business password based vulnerability for the business operational areas. 4e Identify Risk Management solution In case of all above mentioned risks regarding the TRANSCORP Business we are having a lot of ways and means for the effective security management and handling. Here we need to establish effective login management mechanism. Here we also need to establish better physical security management aspects for the enhanced business security handling and management. There is also need for deletion for the old staff member logins in case they left the job. 6a Number of cost effective measures to prevent threats In case of establishment of some of main cost effective measures for the TRANSCORP Business we can have a measure that involves the better staff training. This involves the handling and management of staff member’s learning and innovation for the effective management of the security threats and dangers. 6c Disaster Recovery Plan For the sake of management of the disaster recovery at TRANSCORP Business we need to establish a proper framework for the handling and management of the business system security and privacy. Here we need to establish a proper mechanism that takes periodic backups for the business data. In this scenario we able to on time management of the any problem that happens to business and to its data. Baseline Project Plan 7a Relevance of the management continuum In case of TRANSCORP business new technology establishment we need to extend the business technology fruits to the management areas. In this scenario we need to conform that business management is able to have enough advantages and performances for the betterment of the staff and business. For instance the new technology setup will facilitate the management regarding offer online and within time availability of the business information that leads to highly business advantages and benefits. 7b Security Resource Management Issues Here is case of management of the security resource we need to take the management approval that leads to enhanced handling and management of the time and cost aspects of the security management plan. Here we also need to keep informed the management regarding the current developments in the business areas. This can be done through the use of reports and meetings for business management. 7c Security Education and Training Requirements For TRANSCORP business we need to establish enhanced security education and training. The main intention behind such initiates is to offer the staff of business a great deal of experience and support for superior handling of business information management resources. 7d relevant security partners For the new technology setup for the TRANSCORP business we are having main security partners those can business customers. In case of any possible breach to business management and administration system we can also a real and direct influence on the customers. This aspect is bad for our business. In this scenario we need to take care for them and offer them more enhanced security and privacy support. 8a Relevance of planning theory to security planning TRANSCORP business is also need to manage the new technology project is a much better way. Its enhanced establishment and working will offer business a great deal of support and performance for the system. In this scenario we need to take care of all technology and operational aspects for the better business system establishment. 8b Develop a Security Standards checklist Here in case of TRANSCORP business we will establish the ISO 17799 standard’s checklist. Through this standards checklist we will be able to have more enhanced management and handling of business security and privacy aspects1. 7799 checklist shall be used to audit Organization’s Information Technology Security standard Passwords Protection Access Control Management Network Access Management Physical Access Management Acceptable Use of business resource and areas Wireless Networking Security Administration Security Software installation 9a Needs analysis for a new security regime In case of TRANSCORP business new technology establishment we need to take care for enhanced security management regimes. The main intention behind these aspects is to effectively handle and control some of main aspects of the business security and privacy. Here are some of main aspects of the TRANSCORP business new security management regime: Business network management Login Protection Online operational security Business working standards management Business data handling Online services availability 9b Relevant Statutory Requirements For the TRANSCORP business Statutory Requirements we have outlined the main below given aspects: Information has to be managed in accordance by external statutory as well as regulatory needs. Information has to be stored in such means as to permit an appropriate response to sovereignty of information as well as local requests, in addition to legally-mandated controlled innovation. Information management needs to be fulfilled through the appropriate standards of the Human Ethics requirements. 9c Baseline Project Plan For the TRANSCORP business new LAN network and business IS setup establishment we need to pay more attention in case of the business technology handling and operational support. Here is the main project plan for the business outlined below: Requirements Analysis New technology Design System Establishment Testing and Quality Assurance User feedback Security Strategy 9d Internal Stakeholders requirements for the security regime Here are some of main internal stockholders requirements for the TRANSCORP business new LAN network and business IS setup establishment: New better Online support Effective information management Fast delivery of information Online handling of business tasks Better security for the business data Quick response to business demands Enhanced handling and management of the customer needs and requirements 9e External Stakeholders requirements for security regime For the TRANSCORP business there are some of main external stockholder requirement. These requirements are about the effective support for the business areas and aspects. Here below I have outlined some of main requirements: Better information handling Online platform availability Fast response to main demands Fats and on time delivery of business support Quick handling of business areas Personal information safety 11a Industry standards In case of new network technology establishment at the TRANSCORP business we will follow the IEEE supported Local Area Networks (LAN) standards. These standards are also known as the IEEE 802 standards. These standards are involving some of main standards regarding in-demand draft standards beneath archived and development standards.2. 11b Security Products and Vendors For the enhanced business and operational management we will use the McAfee SaaS Endpoint Security Suites3. This system protection software will protect business network against the external security attacks and hijacks. This McAfee SaaS Endpoint Security Suites system protection software will safeguard our business file servers, desktops as well as email servers by means of the convenience as well as simplicity of protection of a single, incorporated Security-as-a-Service (SaaS) solution4. 12a Operational security requirements In case of operational security requirements we are having following main points: Protection of user accounts Safety of business data User protection of accounts Smooth working Less breaches for of data hacking No Virus and data corruption 13a Inputs into the security strategy For the TRANSCORP business security strategy we need to establish an effective fretwork for the enhanced management of the business data and information. In this scenario the biggest and main imitative we have taken is about the establishment of Virtual private network that will offer the enhanced internal and external security for the business and customer data. 14b Security Strategy For the effective management of the TRANSCORP business security we will establish a more effective security handling and management fretwork that will offer effective handling and management of the some of main aspects and areas of the business. Here are some of main aspects and areas of the TRANSCORP business: User Security Management Staff Security Management Physical Security management Operational Security Management Application Requirements for IT Security 14d User and Data Security Hierarchies In case of the TRANSCORP business we are having different levels of the user and data security. Here I have outlined some of main aspects and areas regarding this point of view: Customer Personal information Demands Orders Staff Personal Details Financial Details Working details Management Working order Policies Business facts Business Financial data Business data Corporate working data 14e Security Data Views and Access Paths In case of the TRANSCORP business we are having some of main areas of the security data and views and access paths. In this scenario we are having below given flow paths of security of TRANSCORP business. Customer Personal details Order Details Staff Personal details Order Details Business data Working stuff Management Customer data Staff data Business data Financial Details Identify and Implement Control Mechanisms 16b Control mechanisms I n case of project control we will use the proper documentation and event recording system. Here in this scenario we will take proper approval for each working scenario so that management and other areas are not having any conflict in that regard. 17b New Procedures for Controlling Security Provisions In case of the controlling the new security procedures we are having a lot of aspects. In this regarding we are having following main security procedures for handling and managing the security procedures. Installing security software Establishing network and system firewall Establishing password based access control Managing all use security through proper security mechanism 17c Existing Monitoring Processes In case of present business working we are having existing monitoring procedures that are old and out of date. For the staff attendance we use paper based working and handling procedures. For the network management we are having active directory based systems. 18b Identify and document the implementation strategy In case of implementation of the new technology firework we will utilize some of high level project management strategy that will involve the enhanced management and handling of some of main activities of the project. This will also involve the management of project tasks in case establishment of the new technology framework. Design Audit Mechanisms 19a Audit Principles and the relevance to security planning TRANSCORP business is going to establish new technology framework. In this scenario business desires to employ more enhanced technology. Here for the enhanced performance we need high level audit and review mechanism. For this scenario we will establish periodic meeting and review for the assessment of the project quality and performance. 19c Response principles In case of performance assurance we will use the proper documentation those will be evident regarding the enhanced working and operational performance for the business as well as corporate. Identify Technology Fixes 19d Response mechanisms For the sake of the response and delivering main contribution to the new technology implementation we will use the assessment and evaluation reports. These assessments and evolutions will offer us enhanced way and means for the better handling and management of the new technology platforms handling, error reporting and bugs fixes. 21a Establish technology needs. Here for the TRANSCORP business we will establish a new LAN setup. Here we have decided to establish a complete wireless communication network that is able to deliver maximum performance and quality of work. There is also need for the enhanced performance management through the new network security management systems and applications. 22a, 23a, 23b Protection, Detection and Reaction Technologies for Security Strategy For the Protection, Detection and Reaction Technologies for Security Strategy for the TRANSCORP business we will have the enhanced mechanism for the effective handling of the project. In this scenario we will try to use the network directory and active directory based mechanism for the enhanced management and handling of some of main areas and aspects for the protection of the network framework and security. 24b Technology Fixes In case new technology establishment we will use new wireless technology based framework for the enhanced handling of the new network communication among all entities of business and corporate areas. Technology Implementation and Conclusion 29b Present the outcomes In case of TRANSCORP business network technology based framework we will have flowing main outcomes: Better communication Enhanced handling of data Effective management of the operational data Network sharing of files and data Business enhancement Better security HR data protection Business evolution 29c Summary In this research and analysis based report I have presented a deep and detailed analysis of some of main areas and aspects of the TRANSCORP business new network technology framework establishment. In this regard I have outlined some of main security and network technology establishment aspects and areas. This report has highlighted the main aspects for the better handling and management of the network and fundamental considerations regarding new setup. Bibliography Hutchinson, S. E., & Sawyer, S. C. (2000). Computers, Communications, Information A user's introduction, 7th Edition. New York: Irwin/McGraw-Hill. Laudon, K. C., & Laudon, J. P. (1999). Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . Ray, R. (2004). Technology Solutions for Growing Businesses. New York: American Management Association (AMACOM). Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2005). Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley. Turban, E., Rainer, R. K., & Potter, R. E. (2004). Introduction to Information Technology,3rd Edition. New York: Wiley. Read More