Implementation Solution to Cia
Essay by Love Hope • February 27, 2017 • Business Plan • 1,641 Words (7 Pages) • 1,282 Views
Implementation Solution to CIA
CSIA 485 6380 Practical Applications in Cybersecurity Management (2172)
FNU ESELEAM SAMBI AJEALI
UMUC
02/26/2017
Implementation Solution to CIA
The application solution as related to CIA will help with outlining guidelines related to the security of information technology within the company. The triad helps in securing the use, transfer and storage of data within the company’s information technology systems. Confidentiality(C) in the triad refers to guidelines and regulations that restrict access to data only to authorize users. Integrity(I) should do with guidelines and regulations that prevent data from being altered. It relates to the reliability and correctness of data. Availability(A) refers to guidelines and procedures that help authorize users with constant access to data. The plan below; designates activities, resources and responsibilities needed for a successful implementation.
Definition of Terms/Resources
- Authentication: This is validating the exactness of identity.
- Computer Network: A group of information technology systems that can exchange data.
- Confidentiality: Access to information only by authorized user.
- Encryption: Obscuring the original meaning of information from being known.
- Firewall: Security devices or software that help in keeping communications and systems save from external and internal threads.
- Internet: A global computer network used for internal and external purposes by an organization.
- Penetration: Unauthorized access to relevant sections of a network or system.
- Proxy: A server that works between the internet and a workstation.
- Risk Assessment: Understanding of risks and their effects.
- Security Policy: Rules and regulations that protect critical resources of the company.
- Threat: A potential security danger.
- Vulnerability: Exploitable weakness in a system’s design.
Goals and Objectives
Business Goals and Objectives:
- The protection of data from unauthorize disclosure.
- Availability, confidentiality, and integrity of data.
- Regulating access to delicate material.
Project Goals and Objectives
- To explain how CIA can be taken in account when designing a secure system.
- To recommend a substitute models to boost the CIA.
- To create awareness of the appearance of a zero-day attack on information system.
- To state efforts needed to guarantee the maintenance of confidentiality, integrity, and availability of data.
SCOPE OF INFORMATION SECURITY SYSTEM
The system has to do with guidelines and procedures explaining risks faced by the company’s information technology systems. The management of information technology systems should take in account the vulnerability and safety of data. SSL can be used for data encryption. Data theft and loss can be reduced to its minimum by making us of encryption, secure password, and access controls (Association for Computing Machinery, 1998).
Items Beyond Scope
- Computer CPU
- Edifices.
- Environmental control systems (fire alarm and air conditioner).
- Utility services (water and electricity)..
- Terminal.
- Information communication cables.
- Equipment reserved for LAN and WAN.
Access Control
Identification: This help in the determination of users requesting access to relevant areas of a system or the network. One example is the use of usernames to disclose the identities of users within the terminal.
Authentication: This implies the use of passwords to confirm the identity of a user, who wants to gain access into a terminal.
Authorization: this implies the process of making sure that authorize users have access to information technology systems. The permissions configured in the information technology systems allows for controlled access to resources by authorized users.
Accountability: This implies documentation of authorized users’ activities through the use of software (Net Support) to log users’ activities on the network.
The company has the responsibility to make sure that risks faced by the company and those faced by individual users are taking care of. The company should also take steps to configure and facilitate systems access controls. The use of firewall is encouraged in order to stop unauthorize applications from gaining access to the system. Access to clients data should be monitored and only authorize and secure access should be allowed (Chew, Stine, Swanson, & National Institute of Standards and Technology (U.S.), 2007).
PROJECTED EXPENSES
- Firewalls: A firewall (Sonic E- Class) that can prevent unauthorize access and unauthorize activities can cost is 49, 995 US dollars.
[pic 1]
[pic 2][pic 3]
[pic 4]
[pic 5][pic 6]
[pic 7]
- A server: This is an open proxy servers that enables free Internet connections. The server helps in preventing the external world from seeing the company’s network. This is possible with a smoke screen on the network exhibiting a negligible connection to the network.
- Routers: The cost of a router (TP-Link Archer AC3200 Tri-Band Gigabit) is 200 US dollars. A router regulates access to information technology systems by routing IP packets to different networks.
- Network Controls: These are procedures and regulations consisting of authentication mechanism such as passwords. Network controls can be created and implemented at a local level.
- Software Controls: This helps in preventing unauthorize applications to access the computer systems. These controls can be downloaded free of charge from play store.
- Encryption: this helps in making data unreadable to unauthorize users. The software can be downloaded at no cost from the play store.
The total estimated cost for a secured information system in the company is 50195 US dollars which is by far better than cost related to a breach.
Milestones
Milestone | 2016 | 2017 | 2018 | 2019 |
Budget | Plan for projected expenses | Write down Real costs from the first year. | Make an annual budget and actual expenses from 2017 | Record real project expenses from 2018 |
Support from Management | Allocate resources, make policies. | Appoint a chief security officer. | Awareness training to change security culture. | Implement planned solution. |
Access Control and Awareness | Strong passwords policies should be implemented. | Employees awareness training. | Review and implementation of awareness program. | Non-respect of policies should lead to disciplinary action. |
...
...