Assume you are part of a corporate-level security team and your organization has just acquired a new company. The new company will have its own information technology team reporting up through the corporate team. The company being acquired is not security-savvy, so a thorough assessment will be required.
The current environment you are asked to assess includes:
• The wireless network running WEP – employees often bring in their own access points because the reception is poor with the company access points.
• No security monitoring or review of security logs
• The data center has about 100 Windows® servers that are patched using Microsoft® Automatic Updates.
• The firewall is a Cisco® PIX®.
• The backup strategy uses Windows® built-in backup application. The backup is then sent to the main server every Friday night.
• The disaster recovery plan is to restore the server from the main backup server.
• There are no security policies or standards.
• Employees often bring in their own laptops to use for work because the company hardware running Windows® 98 is outdated.
Write a 3- to 5-page analysis for the security posture of the newly purchased company, as well as recommendations for upgrading security procedures and measures. Complete the following in your analysis:
• Summarize the risks in the current environment, the framework used, and key risk indicators.
• Evaluate and recommend improvements for the following:
• Wireless environment
• Backup and disaster recovery strategies
• Bringing your own access point and laptop policy
• Vulnerability assessment strategy
• Security and network monitoring
• Recommend hardware and software improvements.
• Recommend security policies and standards that should be written and put into place.
• Recommend an incident response plan that would escalate up through the corporate security team.