company name is MAD security- DUE IN EXACT 3HOURS

profileEmilytutors

 

To  prepare for this Project, consider that you are the employee of a large,  fictitious organization. Provide a name for the organization. Do not use the  name of a real organization.   Create a  detailed background of the organization, addressing the following items:

  • Country where the headquarters is located
  • Nature of the business
  • General organizational structure (including lines of authority and communications)
  • Country/ies of operation

You  are a member of the information security team at the organization that you have  described, and you will address the responsibilities of your role in future units.

You  will refer to this same fictitious organization that you create for this assignment  in the Projects assigned in the following units. This Project will involve  identifying a gap related to identity and access management, choosing an  identity and access management tool, and presenting your results to your  management. You will also develop security metrics and a high- level security  strategy that shows key goal indicators that are well aligned with business  objectives and present your results to your management and executives. Keep  this in mind as you work through these assignments.

Risk Assessment

Successful  information assurance programs apply industry standards and best practices to  identify security risk and then form dynamic, crossfunctional teams, when  required, to develop a plan to address these gaps in a way that is sensitive to  the needs of key stakeholders. 

To  prepare for the Project in this unit, assume that the fictitious organization  is large and growing rapidly, with both internal and external IT risks  involving employees, customers, business partners, suppliers, and contractors.  Clearly state any other assumptions you make.

You  have been asked to assess risks associated with access and authorization in  your organization. Develop a brief scenario that depicts a threat related to  access and authorization. Below are two example use cases for a single scenario  to guide you. You will need to develop your own scenario as well as your own  use cases.

Use  Case 1: Employee Provisioning—There needs to be an enterprise process for  employee account provisioning. This should include setting up employees with  the correct access rights, based on their role. When employees change roles,  their access should be appropriately changed. Today, employees are given access  to resources using Active Directory groups. When they go to a new job, the old  access rights often are not removed like they should be, and this is a security  concern.

Use  Case 2: Separation of Duties—Administrators need a high level of access for  their jobs. Today, their credentials allow them to administer servers and  create accounts locally on the servers and in Active Directory. They can also  edit log files and delete accounts and groups in Active Directory. This is a  security concern, and roles should be set up so server administrators can do  their job but not the job of an Active Directory administrator. The role that  is allowed to create accounts should not be able to create new roles, and  managers should approve new accounts. Keeping an administrator’s access in line  with his or her role is a best practice, and it may be required by regulations  such as Sarbanes-Oxley.

Please develop at  least two others and explain them. 

Write a 7- to 8-page  paper about the risk assessment process that you plan to perform. Cover the  following points: 

  • Your introduction should include the following background information:
    • The country where the headquarters is located
    • The nature of the organization’s operations
    • The general organizational structure
    • The country/ies in which the organization operates
  • In describing the scenario and the two use cases you created, you should include the following regarding risk assessment planning:
    • How your team plans to perform the risk assessment and identify the gap
    • What other teams would be involved in a successful risk assessment
    • How poor access and authorization management affects security risk and business processes
    • Who the stakeholders are and the most important activities they may perform that involve accessing data and resources
    • 10 months ago
    • 30
    Answer(0)