Chapters 12-15 covers mainly access management, risk management/mitigation and business resiliency/continuity. For your final research report, you are going to combine these chapters along with all the other information you have learned about security and create a basic security plan.
For this plan you are acting as a security liaison for a company that has plenty of workstations, servers, and employees who use their personal devices to access company resources. This plan should discuss what the business needs to implement to secure their data and network. The following are items this plan should include:
– Best practices for access control, authentication and access management, password policies, identity and access services used/policies enforced.
– Vulnerability Assessments: why they need to be done, how often, tools used, etc.
– Disaster Recovery Plan: be sure to include what needs to be protected and why. Also include information about where data backups will be stored and how they can be retrieved. Does your DRP show that what you are doing to protect your assets is sufficient? Should any changes be made?
– Security Policies that should be enforced for risk mitigation, discuss continuing education with employee training and awareness.
– Technical security policies: discuss what technologies will be used to protect the network, data and clients. What will be used to monitor for compliance and security?
Data breaches happen quite often and most of them are due to compromised credentials or unpatched vulnerabilities. Using this site: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101 you can click on each company breach to be taken to a site that includes further details of what actually happened. (You can use other resources as well.) You should select two breaches and using the knowledge from what happened and how, include in your plan details on these breaches and how this companys security plan will prevent breaches such as them.
