The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?
The tasks for this assignment are to identify the major applications and resources that are used by the company. Then, for each application, review the security threats that the company now faces and could face after the expansion. Describe how you can test for the presence of these (or new) risks? Provide a discussion about an approach that you will take after the risk assessment is complete to address the identified risks.
Create the following section for Week 2:
Week 2: Security Assessment
- A description of typical assets
- A discussion about the current risks in the organization with no network segregation to each of the assets
- A discussion about specific risks that the new consultant network will create
- Details on how you will test for risk and conduct a security assessment
- A discussion on risk mitigation
- Name the document “IP2.doc.”
Please refer to the following worked example of this assignment based on the problem-based learning (PBL) scenario. The worked example is not intended to be a complete example of the assignment, but it will illustrate the basic concepts that are required for completion of the assignment, and it can be used as a general guideline for your own project. Your assignment submission should be more detailed and specific, and it should reflect your own approach to the assignment rather than just following the same outline.