The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?
The tasks for this assignment are to identify the major applications and resources that are used by the company. Then, for each application, review the security threats that the company now faces and could face after the expansion. Describe how you can test for the presence of these (or new) risks? Provide a discussion about an approach that you will take after the risk assessment is complete to address the identified risks.
Create the following section for Week 2:
Week 2: Security Assessment
A description of typical assets
A discussion about the current risks in the organization with no network segregation to each of the assets
A discussion about specific risks that the new consultant network will create
Details on how you will test for risk and conduct a security assessment