Project description
1.What is the organizations stated mission?
2.Summarize the organizations privacy policies as stated on its website.
3.What was the organizations publicized security breach? Use this as the context for some of the rationale that you use in the next step as well as in papers #2 and #3.
4.Use available information or make reasonable assumptions (including rationale) regarding each of the following:
a.The organizations size.
b.The organizations IT and information security organizational chart. That is, what are the primary roles? Chapter 5
c.The organizations information security infrastructure (see notional diagrams below) including:
i.Internal network (computers, servers, databases, wireless, etc.)
ii.Internet facing network
iii.Firewall types and locations
iv.Demilitarized zone (DMZ)
v.Host and/or network based Intrusion Detection and Prevention (IDPS) systems
vi.Virtual Private Network (VPN)
vii.Note, the key here is not correctness as much of this information will not be available. The important thing is to establish an infrastructure that is unique and that you can use to answer questions about security and policy.
d.Where sensitive data are stored (especially employee, credit card, customer personal identifiable information PII, etc.)
5.What are some of the threat actors that could be interested in this data or interested in harming your company? What might be some of their tactics?
6.Given what makes your organization unique (data, IT and security architectures), how would you plan for security?