Topic: IT
Details: you are a part of the IT team for a medium-sized company (500 to 1,000 employees) in the e-commerce industry, the same company you provided recommendations for in Project One. As described in the last project, a third-party consultant has assessed the information security posture for the company. The consultant identified a need to establish and implement a security plan for a critical system, the company’s online store.
This information security plan will ensure that information system are more secure and are at lower risk of being impacted by cyberattacks and other risks. The consultant has provided you with a template that you and your company will use to generate an information security plan. As the information security manager, you will fill in the template to create the company’s new security plan. The company will have to follow through on the plan within the next year.
Directions
To complete this project, first review the Project Two Overview of Current System document in the Supporting Materials section. You will also want to take a look at the company overview that you reviewed for Project One, also linked in Supporting Materials. Use these documents to inform your decision-making, and to develop a security plan that aligns with the company and its critical system. Then fill in the content for each section of the Project Two Security Plan Template provided in the Supporting Materials section.
Your Security Plan will include:
• Roles and Responsibilities: Identity who will be responsible for ensuring information security within the system and describe the responsibilities of each role.
• User Awareness Training: Explain what kind of additional training employees of the company will need to protect information. This is in addition to the standard training that a new employee receives.
• Access Control: Describe how accounts are generated and reviewed in order to ensure information security.
• Vulnerability Management: Describe how system vulnerabilities will be managed for the company and how they will be addressed.
• Backup and Recovery: Explain how the system’s information will be securely backed up and easily recovered if system information is compromised by a data breach or hack.
• Internet-Facing Security: Describe how the portion of the system that is outside of the company, the internet-facing side, will be protected and secured.
1 IT 253 Project Two Overview of Current System Description The company’s e-commerce system is the most critical element of its business and is comprised of a number of interconnected servers described below. All servers are hosted in the company’s main data center.
● A physical Linux webserver (WEBSERV01) is running Apache Web Server 2.2 and is currently not placed into a demilitarized zone (DMZ), but there is a firewall (FW1) placed in front of the server. The firewall has been set to its default configurations, and the server is exposed to the internet so that customers can access the website to place orders. Administrators use virtual network computing (VNC) to remotely manage the server from anywhere in the world.
● FW1 has its default configuration in place, and all ports are open.
● SW1 is a layer 3 network switch.
● A virtual database server (DBSERV1) that the webserver connects to. DBSERV1 is a virtual server that runs Microsoft Server 2019 and Microsoft SQL 2019. The server is not directly exposed to the internet and is administered by staff with a shared account. The company has decided not to encrypt data.
● A physical enterprise resource planning (ERP1) server is running Microsoft Windows Server 2019. This server processes the orders for the web store and interfaces with other systems in the company’s supply chain. Currently, there is no redundancy configured for all of the servers in the system. Additionally, no server documentation exists other than the network diagram. The servers are not backed up at any regular intervals. You can add equipment as needed as long as you justify the purchases. System Diagram
Image preview for”as described in the last project, a third-party consultant has assessed the information security posture for the company. “
APA
464 words