Assume you are a security engineer for a corporation This co

Assume you are a security engineer for a corporation. This corporation has developed a classification scheme as follows:

Classification

Risk Level

Types of Data

Public

Low

Stock Reports, News Releases

Internal Use

Low

Network Diagrams, Security Policy

Confidential

Medium

System Configuration Procedures, Vulnerability Testing Results

Restricted

High

Payroll Data, HR Benefits Claims

For this assignment, put together some guidelines for the engineering teams in protecting the data types above. For each classification, what components would you require (for example, firewalls, IDS, 2 factor authentication, AV, etc..)

Reflection

What are your thoughts about your results? What are you feelings towards this assignment? How would you improve it? Submit this with your assignment

Solution

Components:

Confidential: CD, Jump drive

Internal use: Malware

Public: Digital certificate, certificate revocation list, certification authority

Guidelines for types of data:

Stock report:

Back up the stock report datas in more than one device.

News releases protect security to support signature content. It updates all maintenance releases for both major and minor.

Payroll data, HR benefit claims:

Controlling access within the network

Encrypting data for network transmission

Secure socket layer (SSL)

Firewall

Network diagram:

To protect your networks against internal and external attack and manage the network perimeter:

Security policy:

To maintain the higher security Data Encryption Key should be used thereby datas would be accessed through authorized person. It would help to reduce the probability of exploitation.

System configuration procedure:

Back up all datas using CLI Commond. Example: SVC Config back up

Vulnerability

Use intrusion detection system

This assignment would be helpful to know how to secure the datas in a corporation.