Scribd Logo
Upload

Welcome to Scribd!

  • IT FP2250 KellyTravis Assessment6 1

    Uploaded by

    Anas Toufeeq
    14 views6 pages
    1. The document outlines steps to create an enterprise-wide network security plan for a small doctor's office, including establishing an IT security team, managing assets and risks, and implementing security controls. 2. It describes common network vulnerabilities like unknown assets, abuse of user privileges, and unpatched security issues, and solutions like conducting asset inventories and enforcing least privilege access. 3. The plan proposes standards like principle of least privilege to restrict unnecessary access and prevent accidental or intentional harm, as well as physical security policies around hardware, access controls and server room security.

    Original Description:

    Original Title

    IT FP2250 KellyTravis Assessment6 1.Docx

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document outlines steps to create an enterprise-wide network security plan for a small doctor's office, including establishing an IT security team, managing assets and risks, and implementing security controls. 2. It describes common network vulnerabilities like unknown assets, abuse of user privileges, and unpatched security issues, and solutions like conducting asset inventories and enforcing least privilege access. 3. The plan proposes standards like principle of least privilege to restrict unnecessary access and prevent accidental or intentional harm, as well as physical security policies around hardware, access controls and server room security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views6 pages

    IT FP2250 KellyTravis Assessment6 1

    Uploaded by

    Anas Toufeeq
    1. The document outlines steps to create an enterprise-wide network security plan for a small doctor's office, including establishing an IT security team, managing assets and risks, and implementing security controls. 2. It describes common network vulnerabilities like unknown assets, abuse of user privileges, and unpatched security issues, and solutions like conducting asset inventories and enforcing least privilege access. 3. The plan proposes standards like principle of least privilege to restrict unnecessary access and prevent accidental or intentional harm, as well as physical security policies around hardware, access controls and server room security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Network Security

    Travis Kelly
    3/30/2019
    Assignment 6
    Capella University

    1
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    Create an enterprise-wide network security plan for an organization

    To make an enterprise-wide network security plan for a small doctors’ office, the process

    must be broken down into steps. The first step is establishing an information security team. The

    team would be responsible for maintain day-to-day IT security operations—like managing IT

    assets, assessing threats and vulnerabilities, managing risk, ext. The next step would be

    managing information assets—such as conducting inventory of hardware, applications,

    databases, and any other IT assets. The third step would be to decide on a standard—such as

    HIPAA, IEEE, ext. The fourth step would be to assess threats, vulnerabilities and risk. While this

    is part of what the security team does, it is part of making sure that the network is secure. The

    fifth step is managing risks. This step focus around avoiding and mitigate risk factors. The final

    step is to implement security controls. The purpose of this step is to control and safeguard the

    computer hardware, software, and/or firmware.

    Describe the most common vulnerabilities, risks, and issues that your plan will address

    There are several things that can make a network vulnerable and at risk. This section will

    go over three of the most common problems and possible solutions for those problems. The first

    problem is unknown assets on the network. A lot of business does not have a full list of all their

    IT assets that are tied to the network. For obvious reasons this is a huge problem. If the business

    does not know what assets are theirs, then how can they know that their network is secure? The

    simplest fix for this issue is to conduct a review of all the devices on the network and identify all

    of the various platforms they run. This will allow the business to see all of the different access

    points on the network and which ones are in need of a security update.

    2
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    Another common risk to a network is the abuse of the user account privileges. In 2016,

    the “Harvard Business Review” concluded that 60% of all attacks were carries out by insiders.

    These could be honest mistakes—like sending info to the wrong email or losing a work device—

    people inside the business represent of the biggest security problems. Since these types of threats

    come from trusted users and systems, it can be on of the most challenging to identify and stop.

    However, there are ways to help minimize the risk. The use of a POLP (principle of least

    privilege) can limit the damage of a misused user account. In a POLP, every user’s access to

    various systems and databases on the network is restricted. Instead, the user account only has

    access to thigs that the user needs access to in order to perform their job.

    The last common security risk that will be mentioned in this section is unpatched security

    vulnerabilities. The risk comes from unpatched KNOWN vulnerabilities. Exploits used are

    typically found and fixed quickly in most cases. However, the failure of the company to update

    their software puts the network at risk. Most attacks occur through old exploits that have not

    been updated and patched by the business. The simplest fix to this issue is to maintain a strict

    schedule for keeping up with security patches and checking the current versions. Additionally,

    making sure that all the devices on the network are running the same OS can help with

    mitigating these problems as the list of possible exploits lessen, since all devices run on the same

    software.

    Describe a plan for standards to protect the users from harming the network and system,

    both intentionally and accidentally. Discuss how these will be enforced

    This issue was addressed in the above section with the abuse of user accounts. However,

    this section will go into more detail about the solution. A principle of least privilege (POLP) will

    3
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    be implemented to keep the risk to a minimum. The purpose of a POLP is to enforce users to

    only access programs that are directly related to performing their job. Under the PLOP each user

    is granted permissions to read, write or execute only files or resources that are needed to perform

    their job—the least amount of privilege necessary. The POLP helps with restricting access rights

    for application, systems, processes, and devices to only those permissions that are authorized to

    the user account. The network administrator will provide these permissions based on the job of

    each employee. This will help with both intentional and accidental attacks on the network. If a

    device is lost or stolen, that device does not have access to the main server of the network and

    therefore the information is protected. Additionally, a user cannot accidently access something

    they should not be accessing because they will not have access to any of this type of information.

    With less people having access to the main server, the better to help prevent any attacks on the

    network.

    Include policies that protect the hardware and physical aspects of the network

    Data security is one of the most important things to focus on now a day, especially in the

    medical field. There are several things that a company can do to help protect this valuable data.

    First of all, the doctor office should be equipped with CCTV cameras. This is important because

    if anyone accessed data via a computer, the CCTV camera should provide video proof of who it

    was. Additionally, the doctor officer should implement access controls. This will include locks

    that can only be accessed with keycards and or biometrics. Furthermore, the data server should

    keep all the hard drives in a locked server that has a special key to unlock the server to access the

    hard drives. The server should also be in a room where there is only one way in or out, and the

    4
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    door is equipped with a lock that requires either biometrics or access card to gain access to the

    room.

    Identify hardware areas that need to be secured

    Securing hardware—as mentioned above—is one of the most important aspects in a

    doctor’s office. Patient medical files are highly personal and very important to keep secure. In

    order to keep this type of information secure, there needs to certain things secured. As mentioned

    above, the most important device that needs to be protected is the server room. This room should

    have a locked door and additional locks on the server hard drives as well. Additionally, the client

    computers should have a lock on the case to not allow anyone to access the internal components

    of the computer. Furthermore, all the devices—especially those that are wireless—should be

    encrypted with bit locker. This will help prevent unauthorize users to access any data on those

    devices in the event they are lost or misplaced.

    Describe steps that will be taken to ensure the security of the operating systems and

    network files

    Allowing files to be shared over a network makes accessing them by users easy, however,

    it is also creating possible attacks on the network easy as well. To help prevent these attacks and

    to ensure the security of the data and network files is to encrypt the data. Encryption of the data

    will help provide additional security if an unauthorized person is trying to access the data—much

    like bit locker. Additionally, there should be regular backups of all the data to prevent any data

    loss. To help keep the OS secure, the OS should be regularly updated when updates are available.

    As mentioned above, most exploits are performed through areas that are known weak spots and

    5
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    the company failed to install the patch update(s). Furthermore, each of the client computers

    should have an antivirus product on it to help with securing the OS. Lastly, the use of user

    accounts and PLOP will help keep the OS secure by making sure no one can access an area they

    should not be.

    Discuss measures that are necessary to protect the transfer of data to and from the network

    There are several ways a company can send and receive data. To help secure the

    information there are several different things that can be done, depending on the type of

    information being sent. For starters, emails and the accounts will be encrypted. Additionally, the

    email itself will be encrypted when sent, to help secure the data even more. For larger files, the

    doctor officer might use an FTP (file transfer protocol). FTP can easily be intercepted. To help

    prevent this the use of an SSL certificate—also known as FTPS. FTPS creates a secure

    connection from the server to the host to transfer sensitive data.

    Apply the concepts from the assigned practice lab activity

    The lab, understand how software as a service (SaaS) works, was assigned for this

    assignment and it discussed what SaaS was. SaaS is a software distribution model that third-

    party providers host application. The way SaaS can apply to this assignment is by applying a

    SaaS to the doctor’s office. There are SaaS applications for basic business such as email,

    customer relationship management (CRM), financial management and much more. This is

    essential to this assignment because the doctor’s office can essentially use a SaaS system for

    their basic applications for their server.

    6
    This study source was downloaded by 100000853219703 from CourseHero.com on 10-15-2022 11:51:04 GMT -05:00

    https://www.coursehero.com/file/41850168/IT-FP2250-KellyTravis-Assessment6-1docx/
    Powered by TCPDF (www.tcpdf.org)

    You might also like