Professional Documents
Culture Documents
# Projectsecurity Strategies - Edited
# Projectsecurity Strategies - Edited
At Sifers-Grayson, research reports have been analyzed, thus showing a need for a plan to
improve its security posture. The senior team members have chosen specific defense strategies,
defense-in-depth and layered security, which are based on policies, technologies, and processes
to deal with the situation. A decent layered security strategy protects the resources of information
technology and a defense-in-depths approach widens the room of security's attention. In addition,
defense-in-depth encourages policy flexibility that can respond to new conditions, thus ensuring
unexpected threats do not blindside one (Štitilis, D. e.t al 2017). The security strategies will be
able to protect the enterprise from internal and external attacks and threats if well implemented.
Defense-in-depth and layered security is defense strategies with different concepts but are
somehow similar, and there is a relationship between them. However, despite them being
different, there is no competition between them. The two defense strategies should be in a
position to infirm one's treatment of the other so that it can be possible to get rid of some
circumstances. Those circumstances include threats that might have strayed from their common
targets, unexpected intense attacks, and simultaneous attacks by independent threats. Therefore,
before implementing the two strategies, the managers should have a greater understanding of
how the two are different from each other, how they are similar, and how they are related to each
other.
measures that are redundant in case there is a security control failure or vulnerability
exploitation. The method originates from a military strategy that aims at not defending an attack
but delaying the advance of the attack. With the delay factor, the approach ensures rapid notice
Running head: SECURITY STRATEGIES. 3
and response when disasters and attacks progress and delay their effects. Therefore, damage
mitigation or avoidance that is impossible to manage using decent technological measures can be
endorsed before realizing the complete impacts brought about by a threat. The strategy's use
The strategy assumes that it is impossible to accomplish complete safety against threats
technological components are seen as stumbling barriers that block a threat from progressing
where its progress becomes slow and frustrating until the threat ceases. The strategy also
assumes a wider range of likelihoods that do not have explicit target on the protected systems. A
defense-in-depth strategy also has extra safety measures that address precise concerns. The
concerns include forensic analysis, disaster recovery, criminal activity reporting, accounting on
The layered security approach is a security system that uses a variety of components to
protect operations on multiple layers and can be implemented at any complete security strategy
level. The deployment of the strategy's security tools can improve the security system of Sifers-
Grayson. The tools include intrusion detection systems, firewalls, integrity auditing procedures,
local storage encryption, and malware scanners. The stated tools may be used to protect
information technology sources at Sifers-Grayson in ways that are impossible for others.
Defenses have possibilities of being at fault and the possible ways to identify the defects
is them being conceded through attacks (Horne, C. A.2017). Therefore, a chain of different
defenses should be used by the approach for coverage of the gaps in the other's capability of
them being protective. However, layered security does is not a reference to many publications of
one elementary safety tool. Free ClamWin and AVG fixing on an MS Windows device is not a
Running head: SECURITY STRATEGIES. 4
layered security example despite it achieving some of the similar benefits. Layered security is all
about use of many security procedures where individual measure protects a different path for a
spasm.
The two strategies are similar because they aim to protect the information technology
system from attacks both internally and externally. However, the two approaches differ in that,
layered security arises from the aim of covering for the failings of every component in order to
secure the whole system against threats, whereas defense-in-depth arises from a view that it is
not possible to achieve total security against threats through the implementation of any security
solutions collection. Also, the solution of layered security has an assumption of a singular focus
on where threats originate, within some specific categories of attack. However, for the defense in
viewing the network, device, application, and physical security through a bad actor's eyes. By
implementing the two security strategies in Sifers-Grayson, the enterprise will be able to identify
a hacker's target, how they will attack, and the possible breach's magnitude (Tahoun, E., &
organization for their great ability to protect its security system. With the discussion, it is evident
that the two proposed strategies have the ability to improve the overall defense posture at Sifers-
Grayson. They will ensure that the information technology of the organization will not at risk of
being attacked.
Running head: SECURITY STRATEGIES. 5
the external cyber-attacks. To attain well-strategized security setting for the institution’s
information and equipment, a critical evaluation of the system security requirements must be
conducted. The analysis aims to select the most ideal of the security products and the services in
conjunction with the outlined defense-in-depth and the layered security strategies of the
presented Sifers-Graysons security scenario. Therefore, this section of the essay will show and
discuss the products and the technologies to utilize in implementing the mentioned above
security strategies.
Inline to the Defense Strategy #1, that requires the development of a Demilitarized Zone
(DMZ) for the R and D center, business class firewalls, business class routers, and the business
class intrusion, detection, and prevention systems product is a requirement. On the other hand,
Defense Strategy #2 requires the products that will be essential in implementing enterprise-wide
protection, detection, and prevention abilities. Moreover, the applications and tools will be
installed on the Sifers-Graysons Company’s servers. Both of the two stated measures are
A firewall can refer to the computer security tool positioned in between a business’s in-
house net and the internet. Firewalls function at the hardware and software levels. They prevent
firewall has to have the Stateful Packet Inspection engine (Li, Jiang, Jiang, Wu, Du, 2020,). The
Running head: SECURITY STRATEGIES. 6
SPI engine will examine the packet components and permit access to the network as long as the
traffic is legit.
Moreover, firewalls can block incongruous outgoing and in-coming traffic grounded on
rules and filters. Firewalls function as networking shields, identifying information packets before
they are permitted to pass through. Idyllically, they detect attackers, prevent them from accessing
the business’ computer network, alert the system admin, record material-evidence on the source
of the tried forced entry, and produce bits of intelligence that will help in the tracking down of
the hackers.
The firewall types of protection vary in terms of the hardware security systems,
configurations, and complexity. The less complicated and small businesses can employ routers
that will regulate the sending and receiving of data and information. The routers are fitted out
packet filters for inspecting the conveyed data. Furthermore, the routers are configured in a
manner to allow and block inbound and outbound data. The type of protection is cheap to
implement but has minimal protection against hackers. A proxy server is another type of
protection. It works by stopping the incoming and the outgoing traffic to pass through an
inspection before being forwarded. Proxy servers are not ideal for installation, and they offer
minimal security to the system information. Therefore, basing on the above discussion on
firewalls, they can be classified into packet filtering firewalls, Stateful inspection firewalls, and
Firewall Product.
The primary examples of firewalls products include the CISCO, the FortiGate, the
WatchGuard Network Security, SonicWALL, the Barracuda CloudGen firewall, and the Fortinet.
The cost of the stated firewalls varies from one vendor to the other.
Running head: SECURITY STRATEGIES. 7
For the Sifers-Graysons Company, the Fortinet firewall will the most ideal compared to
the other firewall products. They are network-based, and it is robust. They are designed in a way
to meet the requirements of small and large companies. The firewall is cost-effective since its
price is reasonable in contrast to the other firewalls. It has multiple roles embedded within it.
Thus, handling of the Fortinet Fortigate firewall is straightforward and more uncomplicated.
Routers are devices that convey data and information amongst packet-switched computer
networks. They can be virtual and physical in form. They function by inspecting a particular
information packet’s destination IP address, compute the ideal path for the packet to arrive at its
Routers are essential in business as they link the organization to the external world,
safeguard important business info from attacks, and prioritize the computer systems. The
common router brands include the CISCO routers, the Linksys, and the NetGear.
For the Graysons Company, the CISCO router will be the most appropriate in
implementing the Defense strategy #1. The CISCO RVO42G category is the best of the CISCO
routers distribution since it is a dual Gigabit WAN VPN router. It has high performance and
security. Moreover, it offers internet reliability. It provides support for the Stateful Packet
Inspection engine. Besides, it is intuitive hence the best for Defense Strategy #1.
The IDPS refers to the application and technology that is created to prevent computer
systems from vulnerability exploits by offering a system user with the ability to react to and avert
Running head: SECURITY STRATEGIES. 8
spoofed, unauthorized internet data packets from inserting viruses into computing devices
(Birkinshaw, Rouka, Vassilakis, 2019). Intrusion, detection, and prevention systems monitor the
incoming and outgoing network traffic. Secondly, they work by maintaining a constant analysis
pattern on activities.
The identified IDPS include the CISCO, the Entrust, the Trend Micro, and McAfee. For
the Sifers organization, the McAfee Network Security Platform will be recommended. It is a
network threat and intrusion prevention tool, which safeguards data and computer systems on a
network. It is artificial intelligence-enabled and offers room for almost 33 million connections.
The IAM tool permits authorized personnel to access system information at the required
time and for the right reasons (Abreu, Santin, Viegas, Cogo, 2020). Therefore, the IAM tools
identify system users' identities and allow them access to the system.
The Okta, the OneLogin, the RSA SEcurID, the Centrify, the SailPoint are typical
examples of the Identity and Access Management tools. The most recommended IAM tool for
the Graysons servers is the RSA SEcurID. The device offers solutions to security by accelerating
In conclusion, the Fortinet firewall, the CISCO RVO42G category, the McAfee Network
Security Platform, and the RSA SEcurID IAM tool are the necessary tools and technologies to be
implemented in conjunction with Defense-in-depth strategies. The devices are essential as they
over security to the system components, data, and information by preventing unauthorized
access.
Running head: SECURITY STRATEGIES. 9
References.
https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/types-of-
routers.html#~uses-and-benefits
https://us-cert.cisa.gov/ics/Secure-Architecture-Design#nogo
https://www.comms-express.com/blog/review-top-5-cisco-routers-for-small-large-businesses/
Abreu, V., Santin, A. O., Viegas, E. K., & Cogo, V. V. (2020, April). Identity and Access
Applications.Springer, Cham.
Birkinshaw, C., Rouka, E., & Vassilakis, V. G. (2019). Implementing an intrusion detection and
Li, J., Jiang, H., Jiang, W., Wu, J., & Du, W. (2020, May). SDN-based Stateful Firewall for
Cloud. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud
(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS) IEEE.
References
Running head: SECURITY STRATEGIES. 10
Štitilis, D., Pakutinskas, P., Laurinaitis, M., & de Castel, I. M. V. (2017). A MODEL FOR THE
Horne, C. A., Maynard, S. B., & Ahmad, A. (2017). Organisational information security
Systems, 21.
Tahoun, E., & Khedri, R. (2017). Exploring Strategies for Digital Security.