Project Introduction

Project Introduction:

You are hired as an IT security professional for a mid-size company. On your first day at
work, you arrive to find the following memo on your desk:

To: Joe Student
IT Security Professional
From: Michael Smith, CEO
Re: Network security issues:

Joe: Welcome aboard! We are glad to have attracted someone of your skill level to help fill this
challenging position. I am sure you will be a great addition to the team. First I wanted to
briefly, let you something about the company. It is a global organization with around 1000
employees. It consists of the following department situated at various locations across the
globe:
1. Operations
2. Research and Development
3. Sales and Marketing
4. Human Resources
5. Finance

Now that you are here, I have an issue I need addressed ASAP.
Due to growth and modification of the organization, we are in the process of evaluating our
network to determine what the best fit for our company would be and how to provide the best
protection. Currently, we have several servers and workstation operating systems; however,
these have been selected without any managerial oversight. The employees working on a
project installed what they wanted to use. We also provided Internet connection. In addition,
we may need to protect the network from intrusion attacks and malicious code.
In future, there will be personnel operating from home and we will also connect with other
locations. It was suggested that virtual private networks would be advisable.

We need to examine the following issues:
• What are the security risks involved in the following areas and how can we mitigate
these risks:
•Data security
• Privacy
• Authentication
Basically, is a security policy required and who and what should be involved?
• How would a firewall, proxy server, packet filtering, encryption or VPN be used for the
following?
• What can be done to prevent the spread of malicious code?
• What can be done to prevent intrusion attacks?
• What can be done to ensure the security of our network including servers?
• What can be done to provide security regarding the personnel who operate remotely?
In addition, it has been proposed in the past that we create a security policy for the company.
How should this policy be created? How and when should it be implemented? When and
why should it be updated? What should this policy include?
Thanks!
Mike Smith, CEO
You will need to prepare a written paper as well as a presentation in response to the above
memo. Page length is not an issue. What are needed are thorough and concise answers that
make good business sense. Please include implementing, managing, and monitoring of the
network.
Course Objectives tested: All