Executive Summary
This document defines the general plan used to respond to the information security incident at Secamp University. It will establish incident characterization, relationships of procedures, and other policies as well as reporting requirements. The purpose of the paper is to provide a security incident that operates consistently and effectively. The system will be such that it supports clear communication, containment, service restoration, appropriate response, remediation of services.
Data Security Plan
Identify and describe University Data Types
The university uses different types of data whereby the one with the same risky sensitivity level are classified together into data classifications. The university uses four data classifications name restricted, public, export-controlled, and controlled. It is the responsibility of the data trustee to decide how their data should be classified. Export controlled is labeled as a type of data that the government trustee to manage the export of sensitive technology, software, data, and equipment. Data is categorized as restricted when destruction, alteration, or disclosure of the data could result in significant risk at the university. Moreover, it is classified as controlled when unauthorized alteration, disclosure, or destruction of data result in a moderate level of threats to its affiliates. The data not explicitly classified as restricted, export-controlled, or public data can be perceived as controlled data.
Identify Records Management Requirements
The ERM requirements recognized the high-level business requirement for managing electronic records. ERM requirement is derived from existing standards, statutes, policy, NARA regulations, and guidance. They perceived as the starting point for the university to create system requirements. It is critical for the record management staff to function with IT personnel and acquisition to tailor the needs of the final system. The document has a format requirement and lifecycle requirements lists, glossary, and changelog. The provision of such a system has six sections, namely, capture, metadata, Disposal, reporting, maintenance, and use. Such requirements address digital electronic records.
Identify relevant statutory and regulatory privacy requirements.
These are the requirement stated by law; they are non-negotiable, and the university has to comply with them. The ISO/FDIS 9001; 2015 is a standard, and it requires the university to control and determine the regulatory and statutory requirements according to the products and services being offered. It’s the responsibility of the university to show compliance with the management system.
Security Risk Assessment
Some of the risks the organization may experience include physical vulnerability. The physical weakness would be a result of natural disasters, accidents, criminal and terrorist causes. Another threat consists of the vulnerability of information systems. The purpose of this threat may be as a result of online hacking. Communication failure is another risk, and it has resulted in power and hardware failures. Another one involves the vendors, partners, and suppliers can result in weak links in the supply chain. Another risk includes new legislation compliance, malware, cyber-attacks, Ransomware, which are resulted from a lack of conformity to cyber laws. Other risks involve untrained employees, insufficient security finances, and vulnerable security systems.
One control undertaken includes contingency training. The involved control includes providing contingency training on how to use systems. The provided contingency training would be linked to the allotted roles and tasks of organizational workers to ensure a proper context in training. The other control family is plan testing, where it would be used to review the result of the contingency plan. The control would also recruit corrective actions through testing as well as determining the effects of organizational operations. Another control family involved in the security assessment includes an alternate processing site. The involved control includes establishing a substitute processing site, which provides for necessary agreement to permit resumption and transfer. Alternative processing sites are the ones that are geographically distinct from prime processing sites, and they provide processing capacity. Another involved control family is telecommunications services. It dictates the establishment of telecommunication services, including essential agreements that permit resumption for businesses functions.
Revised Network Design
Identify LAN design for wired and wireless infrastructure.
LAN is the network that supports devices used by people within a location to connect to information. The LAN is a single switch in a building in covering offices, classrooms. The LAN will be connected such that it provides network access for communication resources and services the network will be created by interconnecting a group of LANs spreading over a campus building. The LAN allows communication between structure and devices. The WLAN, on the other hand, will involve wireless controller design to centralize the control and configuration of wireless APS. The procedure will allow WLAN to function as an intelligence information network supporting advanced services. The WLAN controllers are responsible for functions such as intrusion prevention, security policies, and RF management.
Identify the IP naming convention for LAN and element subnetworks.
A standard naming system would be used in the network, such as IP networks and DNS. In that way, the location of WINS and DNS servers were relevant configuration information. Various components would be used in the naming, including the location where the building is, usage type, which includes office to allow computers to function. Some of the technical considerations include hostnames, including DNS, which would be limited to 14 values. The type of naming to be used is the Division (D) – Country (C) – Site (S) – Usage Type (U) – Portability (P) – Operating Environment (O) – Numbering Scheme (XXXX). It will provide a lot of information about the computer.
Identify security control points across multiple subnetworks.
The control points help in making impacts of attacks at minimal. To identify the control points, we will separate it into various smaller networks whereby each works individually on the subnet. In the way, traffic flow between subnets will be controlled, permitting traffic passing based on multiple factors. The control points will boost the performance of the network by putting particular traffic to the portions network requiring seeing to help localize technical issues.
Identify integration of onsite IT assets with public cloud infrastructure
Integrating IT assets and cloud infrastructure, achieve flexibility, agility, and transformation. Clouds would be used to provide services as well as managing processes that cannot be achieved by traditional approaches. The organization would accept clouds and control processes to transform the organizational processes. After the adoption of the cloud, they will be integrated into the business fabric. Adopting cloud services into the IT platform would critical considering that the organization would rely on the web when serving its customers. In that way, software development tools will be placed in the cloud
Incident Detection Concept of Operations (CONOPS)
Define roles and responsibilities for security monitoring.
Security monitoring is responsible for making sure the organization’s digital assets are secure from unauthorized access. It includes securing on-premise and online infrastructure. Security monitoring also generates reports for business managers and IT administrators to analyses the operation of security policies in operation. They make necessary changes for a secure network.
Identify tools to be used in incident monitoring
The tools will be more comprehensive as compared to the tracking system. The required tools would support the IT evolution system to minimize unexpected hazards. The tools to be used include the pager Duty, which automates the process of incident-handing. In that way, effort and time in production maintenance are reduced. It lowers the noise resulted in many alerts to help focus on the actual incident. OpsGenie is another tool that puts communicating and alerts at the heart of incident management
Automated and manual processes for incident monitoring
Incident management is very critical; it covers all aspects of the incident. It speeds the resolution process. The organization will not utilize the manual process for incident monitoring to avoid a series of manual processes, tasks, and workflows when breaches occur. Automation will be involved in the incident monitoring to improve the IT team’s acts on the obtained information in case of any infringement. In escalation, process automation will play a critical role in getting notification faster rather than sending alerts to one location when time is to spend rerouting alerts. In alerting and monitoring, automation will provide appropriate instructions and context to make fire extinguishing more easily. A centralized data control and access will be put in place to allow secure remote access to information. The automation will make it easy and practical to connect and be informed across the whole process.
Define a process for reporting incidents including timeliness and prioritization
After an incident has been identified, the response follows whereby all injuries accessed and secured. Support is provided, and relevant stakeholders are notified. Relevant information is gathered on the incident, and an incident report is completed in 24 hours. The IRF is provided to the line manager where the incident is reviewed, issues identified, and relevant action is undertaken.
Governance Recommendations
Define an appropriate Information Security Governance Structure for the chosen organization
The system will help control and direct IT security. IT security governance will help make the decision that mitigates risks. The system will determine people authorized to make a decision where the management commends security strategies. The following shows the security governance structure implemented by the organization.
Identify recommended policy changes to protect your chosen organization data assets
Access control policy has been suggested to protect the organization’s data assets.
The policy outlines the system of access to employees. The policy involves NIST’s implementation and control guides. Other covered items include network controls and complex corporate passwords. As a result, there will be a high-level security requirement to be granted access to information.
The information security policy will also be implemented to protect the company’s data assets. The policies will cover many security controls to ensure workers use IT assets to comply with stated guidelines and rules. The policy is meant for employees to understand there are rules, and they will be accountable for them.