Description
Security Policy
Security Policy
As part of your course project, you are to develop, and design your overall security policy strategy.
Instructions
- Identify a complete list of security standards that must be addressed in a comprehensive solution for the organization.
- Discuss legal and regulatory issues that must be considered in relation to the management of information assets.
- Identify the steps that you took throughout the quarter to ensure that your security solution will succeed internationally and describe how you addressed globalization in your security design.
- For your final submission, include all your previous work for weeks 1–4 as part of this submission. Review the feedback that your instructor provided throughout the quarter and use that to finalize the security solution for your organization.
- You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) style and formatting.
Security Policy Scoring Guide
Due Date: End of Unit 5.
Percentage of Course Grade: 20%.
Security Policy Scoring Guide Grading Rubric
Criteria
Describe security vulnerabilities and threats found in an IT
infrastructure and controls to mitigate the risks.
20%
Describe security standards and policies that must be
addressed in a security solution.
20%
Nonperformance
Basic
Proficient
Distinguished
Describes
security
vulnerabilities
and threats
found in an IT
Does not list
Describes
Lists security
infrastructure
security
security
vulnerabilities
and provides
vulnerabilities
vulnerabilities
and threats
supporting
or threats
and threats
found in an IT
rationale or
found in an IT
found in an IT
infrastructure.
examples that
infrastructure.
infrastructure.
display great
insight into
legal IT
infrastructure
threats.
Does not list
security
standards that
must be
addressed in a
security
solution.
Lists the
security
standards that
must be
addressed in a
security
solution.
Describes
security
standards that
must be
addressed in a
security
solution.
Analyzes
security
standards that
must be
addressed in a
security
solution and
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
Basic
Proficient
Distinguished
provides
supporting
examples that
display insight
into standards
and policies
needed in
organizations.
Discuss globalization concerns and legal issues that must be
considered in relation to the management of information
assets.
20%
Describe network and physical security threats and solutions
to protect the infrastructure.
20%
Analyzes legal
issues that
Does not list
Lists legal
Discusses
must be
legal issues
issues that
legal issues
considered in
that must be
must be
that must be
relation to the
considered in considered in considered in management
relation to the relation to the relation to the of information
management
management
management
assets and
of information of information of information provides
assets.
assets.
assets.
supporting
rationale or
examples.
Does not
identify
network and
physical
security
threats and
solutions to
Identifies
network and
physical
security
threats and
solutions to
protect the
infrastructure.
Describes
network and
physical
security
threats and
solutions to
protect the
infrastructure.
Analyzes
network and
physical
security
threats and
solutions to
protect the
infrastructure;
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
protect the
infrastructure.
Basic
Proficient
Distinguished
provides
supporting
rationale or
examples.
Designs a
comprehensive
security
solution that
meets the
Does not
needs of an
Assesses a
Designs a
assess a
organization;
comprehensive comprehensive
comprehensive
includes
Design a comprehensive security solution that meets the needs
security
security
security
solutions that
of an organization.
solution that
solution that
solution that
show insight
20%
meets the
meets the
meets the
into securing
needs of an
needs of an
needs of an
and
organization. organization.
organization.
organization’s
data, physical
environments,
people, and
operating
systems.
•
LEARNING ACTIVITIES
Collapse All
•
Toggle Drawer
Enterprise Security
Throughout this course, you will learn about best network security practices and
strategies for building an effective, efficient Enterprise Security for your organization.
These include methods for analyzing critical components and integrating these
components with one another to ensure that they are interoperable and configured for
optimum security. You will use these strategies to create a plan and strategic decision
supporting documentation for an effective Enterprise Network Security course project.
The project includes the following:
•
•
•
•
•
•
•
•
•
•
•
•
Executive summary and cover sheet.
Scope and requirements rationale.
Role of availability, confidentiality, authentication, and integrity in identifying a security
solution.
Global challenges to security.
Types of cryptography.
Strategies for supporting the AAA framework.
Physical security strategies for protecting the networks and data.
Intrusion detection system strategy.
Basic strategies for hardening an operating system.
Ethical standards and implications of sharing network resources externally.
Screen shots of your diagram supporting the project components.
A list of references.
You are to choose an organization that you have worked in, have interest in or know
someone who works for an organization and is willing to share their thoughts, and then
integrate the project required components. Specific detailed instructions for each project
component are located in the assignment activity in the unit in which the component is
due.
Project Objectives
To successfully complete this project, you will be expected to:
13. Identify security standards that must be addressed in a security solution.
14. Discuss legal issues that must be considered in relation to the management of information
assets.
15. Combine all previous submitted assignments and submit the final project.
16. Follow APA style and formatting guidelines for resources and citations and create a
document that is clearly written and generally free of grammatical errors.
•
Toggle Drawer
Project Requirements
To achieve a successful project experience and outcome, you are expected to meet the
following requirements.
To achieve a successful project experience and outcome, you are expected to meet the
following requirements:
•
•
o
o
o
o
o
•
•
•
•
Written communication: Written communication is free of errors that detract from the
overall message.
Paper components:
Title page or cover sheet.
Executive summary.
Body of paper.
Diagram or diagrams created in a network simulation tool (where applicable).
Reference page.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) Style and Formatting.
Length of paper: There are no page length requirements. The architecture will dictate the
number of pages required to convey your design.
Font and font size: Arial, 10 point.
Toggle Drawer
Project Grading Criteria
Security Policy Scoring Guide Grading Rubric
Criteria
Describe
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
and controls
to mitigate
the risks.
20%
Nonperformance
Does not list
security
vulnerabilitie
s or threats
found in an
IT
infrastructure
.
Basic
Lists security
vulnerabilitie
s and threats
found in an
IT
infrastructure
.
Proficient
Distinguished
Describes
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
.
Describes
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
and provides
supporting
rationale or
examples that
display great
insight into
legal IT
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
Basic
Proficient
Distinguished
infrastructure
threats.
Describe
security
standards and
policies that
must be
addressed in
a security
solution.
20%
Discuss
globalization
concerns and
legal issues
that must be
considered in
relation to the
management
of
information
assets.
20%
Does not list
security
standards that
must be
addressed in
a security
solution.
Does not list
legal issues
that must be
considered in
relation to the
management
of
information
assets.
Lists the
security
standards that
must be
addressed in
a security
solution.
Lists legal
issues that
must be
considered in
relation to the
management
of
information
assets.
Describes
security
standards that
must be
addressed in
a security
solution.
Analyzes
security
standards that
must be
addressed in
a security
solution and
provides
supporting
examples that
display
insight into
standards and
policies
needed in
organizations
.
Discusses
legal issues
that must be
considered in
relation to the
management
of
information
assets.
Analyzes
legal issues
that must be
considered in
relation to the
management
of
information
assets and
provides
supporting
rationale or
examples.
Security Policy Scoring Guide Grading Rubric
Criteria
Describe
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
20%
Design a
comprehensi
ve security
solution that
meets the
needs of an
organization.
20%
•
Nonperformance
Does not
identify
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Does not
assess a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Toggle Drawer
Project Components
Basic
Identifies
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Assesses a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Proficient
Distinguished
Describes
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Analyzes
network and
physical
security
threats and
solutions to
protect the
infrastructure
; provides
supporting
rationale or
examples.
Designs a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Designs a
comprehensi
ve security
solution that
meets the
needs of an
organization;
includes
solutions that
show insight
into securing
and
organization’s
data, physical
environments
, people, and
operating
systems.
Project Component
Course Grade
Weight
Unit
Due
Project Scope
10%
1
AAA Framework and Cryptography Strategy
10%
2
Physical Network Security Strategy
10%
3
OS and Application Security Strategy
10%
4
Security Policy
20%
5
Total:
•
60%
Toggle Drawer
[u01a1] Unit 1 Assignment 1
Project Scope
For this assignment, you will develop an initial scope document and proposal for
deploying an Enterprise Security Infrastructure Project. This is done by gathering facts
about the selected organization and identifying project needs.
First, select a global IT organization with which you are currently affiliated, have worked
for in the past, or one you would like to learn more about. This organization should be
relevant to your professional goals and sufficient information about this organization
should be available through experience or research. You will use this same organization
as a foundation for all of your project assignments in this course.
Once you have selected your organization, you will evaluate the existing security
infrastructure and suggest improvements appropriate to improving the cost and efficiency
of managing the security. If assumptions need to be made as part of your project, please
list those assumptions so that your instructor is aware.
For this assignment, use the suggested resources, the Capella library, and the Internet to
research the subject matter.
Instructions
Now that you have an understanding of the project and the company’s needs, include the
following in the initial scope document and proposal:
•
•
•
•
•
•
•
Describe the scope of your project by providing an overview to the selected organization:
the reasons for your choice, its size, and the location of the organization.
Describe the main business problems and goals as they relate to information technology.
Include information relative to organizational user, organizational systems, and the
security requirements.
Describe decision makers and stakeholders on whom you would rely to develop a
requirements analysis and traverse through the information gathering phases of a security
infrastructure deployment project.
Define a project timeline and outline that coincides with the system and/or infrastructure
component life cycle stages. Additionally, identify the security components,
requirements, and concerns that will need to be addressed.
Explain the role of Availability, Confidentiality, Authentication, and Integrity in
identifying the project scope for the organization.
Given the global nature of the organization, identify any unique challenges that you
anticipate facing from a regulatory, human resources, and cultural standpoint.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Refer to the Project Scope Scoring Guide to ensure that you meet the grading criteria for
this assignment. Submit your document in the assignment area.
Resources
•
Project Scope Scoring Guide.
•
APA Style and Formatting.
•
Toggle Drawer
[u02a1] Unit 2 Assignment 1
AAA Framework and Cryptography Strategy
For this assignment, you will complete a data security strategy. This is done by gathering
facts about the selected organization and identifying project needs. For this assignment,
use the suggested resources, the Capella library, and the Internet to research the subject
matter.
Instructions
For this assignment, complete the following components for your Perimeter Security
Strategy:
•
•
•
Describe vulnerabilities and threats associated with data being stored, in transit and in
use.
Compare two cryptography tools and strategies for the project that would be beneficial
for protecting data being stored, in transit and in use.
Describe at least three (3), non-cryptography strategies for protecting stored data, data in
transit and/or data in use for the company.
•
•
•
Describe strategies and identify at least two (2) tools for supporting the AAA framework
in your company’s security solution.
Determine how you would consider applying access control and identify management to
protect stored data, data in transit and/or data in use in the company.
Define at least two (2) policies or guidelines that you would include your organization’s
data security manual. You are encouraged to provide resources and citations. Any
references should be formatted according to APA (6th Edition) Style and Formatting.
Note: Make sure that you follow the scoring guide prior to submitting. Submit your
document to the assignment area once completed.
Resources
•
•
AAA Framework and Cryptography Strategy Scoring Guide.
Toggle Drawer
[u03a1] Unit 3 Assignment 1
Physical Network Security Strategy
For this assignment, you will complete your Physical and Network Security strategy.
Each organization/company would need to show how their data, assets, and networks are
protected. In this assignment, you will outline, address, and discuss your overall physical
and network security strategy where you plan, design, and implement your security
strategy around the organization’s global network infrastructure. For this assignment, use
the suggested resources, the Capella library, and the Internet to research the subject
matter.
Instructions
For this week, you are to complete the following components:
•
•
•
•
•
•
Describe at least three (3) threats and vulnerabilities associated to physical security.
Define at least two (2) physical security strategies for protecting each of the following
categories in the company: (a) data, (b) human resources and (c) hardware.
Describe strategies for protecting the company’s network perimeter from external threats.
Describe strategies for protecting the company’s internal and external network traffic and
identify at least two (2) network security tools you would consider utilizing.
Define at least two (2) policies or guidelines that you would include in the organization’s
physical security manual.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Ensure to follow the scoring guide prior to submitting and submit your document to the
assignment area.
Resources
•
Physical Network Security Strategy Scoring Guide.
•
Toggle Drawer
[u04a1] Unit 4 Assignment 1
OS and Application Security Strategy
For this assignment, you will explain how to secure your applications and operating
systems through the use of various security tools. For this assignment, use the suggested
resources, the Capella library, and the Internet to research the subject matter.
Instructions
For this assignment, complete the following components to secure your applications and
operating systems:
•
•
•
•
•
•
•
Describe threats and vulnerabilities associated with at least two (2) operating systems.
Describe an anti-malware solution for the organization and indicate on which operating
systems it supports.
Select a suitable intrusion detection system (IDS) solution for the organization and
explain the reasoning for your suggestion.
Describe at least two (2) control strategies you would consider implementing for securing
the company’s web-based infrastructure.
Describe at least two (2) control strategies you would consider implementing for securing
the company’s database infrastructure.
Define two (2) items that you would include in the organization’s operating system
security hardening procedures.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) Style and Formatting.
Follow the scoring guide and submit to the assignment section once completed.
Resources
•
•
OS and Application Security Strategy Scoring Guide.
Toggle Drawer
[u05a1] Unit 5 Assignment 1
Security Policy
As part of your course project, you are to develop, and design your overall security policy
strategy.
Instructions
•
•
Identify a complete list of security standards that must be addressed in a comprehensive
solution for the organization.
Discuss legal and regulatory issues that must be considered in relation to the management
of information assets.
•
•
•
Identify the steps that you took throughout the quarter to ensure that your security
solution will succeed internationally and describe how you addressed globalization in
your security design.
For your final submission, include all your previous work for weeks 1–4 as part of this
submission. Review the feedback that your instructor provided throughout the quarter and
use that to finalize the security solution for your organization.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Note: Make sure that your paper is professionally written and free of errors, and that APA
formatting is applied throughout. Once complete, submit your document in the
assignment area.
Resources
•
Security Policy Scoring Guide.
1
Pamela Bennett
Information Security Concepts for the IT Professional
Professor Randy Stauber
Assignment 1
Project Scope
August 19, 2018
2
The Scope
Working as an IT administrator in the NM Bureau of Geology & Minerals Resources
gives one the opportunity to not only understand the basic needs of the company in regards to the
trending information technologies but also implement the right measures critical to the success of
the firm. The company, a branch of the NM Tech offers a variety of products to its esteemed
customers. Primarily, the firm performs research among other services with regards to the needs
of the underlying customers. Therefore, the company serves a spectrum of customers who may
range from the students, State and also the National Scientific agencies among other research
firms within the diverse industries (New Mexico Bureau of Geology & Mineral Resources,
2018). The company serves customers who may need to gain an insight of the geology of the
underlying state. The selection of this company comes from the fact that the firm intends to
establish its own set of technology backbone other than relying on the parent establishment. The
firm for years used the parent`s company technology which did not help it to grow both
internally and also externally.
Business Problems
The Bureau faces multiple business problems which reduce its abilities to achieve the set
goals with regards to offering practical and reliable services to the customers. As mentioned, the
company`s customers may range from the students to the clients in the research industry among
others from the perspective of geology. Therefore, the company needs to operate under a
reliable and efficient enterprise information system that will help it to perform its set tasks
efficiently. Currently, the company operates under an outdated set of information systems which
limit its abilities not only to expand but also to handle the resulting advanced security threats that
may arise. Besides, the company sought funds to improve its operation and started by
3
establishing a new building. The company`s management projects that the new building will
incorporate the latest technologies to boost not only its operations but also the associated abilities
to handle security threats that may arise affecting the enterprise at large.
Additionally, the company currently operates with a system that does not match the
current technologies. The outdated systems present a significant threat to the internal resources
of the company by exposing it to multiple risks to not one but all the internal elements and
resources of the firm. Therefore, in as much as the firm needs to shift to the new building, it may
require to upgrade its currently used information systems. This upgrade will consider the various
areas such as the performance and also the security of the internal corporate resources.
Operating under an old set of information technology solutions places the Bureau at a
disadvantage since it limits its abilities to grow and also create a productive and secure working
environment. The company seeks to achieve a situation where it performs its tasks without any
external interferences from attackers. Therefore, the firm will need to not only educate the
underlying staff but also implement the respective security requirements to help it boost its
service delivery processes. The perceived architecture must consider the efforts and affairs of
the corporate users, the needed security requirements and also the future needs of the company in
regards to expansion.
Stakeholders and Decision Makers
Therefore, based on the given necessary information about the firm, it follows that the
Bureau will need to consult with all the relevant stakeholders and decision makers in the attempt
to plan for the upgrade and shift to the new building. When collecting the required requirements,
the IT administrator will consider consulting numerous parties who interact with the current
systems on the day to day basis. For instance, the requirements gathering and analysis phase will
4
require the efforts of the senior management of the company, the sponsors and also the
underlying workforce. The IT staff members understand the flaws the current system exhibits.
The IT directors will offer critical information with regards to the areas where the current system
presents weaknesses. The senior management and shareholders will provide essential
information with regards to the qualities that the future system should exhibit both from a
performance and security perspective. The interaction among these parties will form the
foundation for the development of high-level requirements that will foster the design of the
desired architecture.
Project Timeline
The implementation of the project will follow a series of steps depending on the
development life cycle of the proposed solution. The new architecture and resulting system will
comprise multiple security components which will help the company to enforce the integrity,
confidentiality and also but not least, authentication. Therefore, the company will need to
consider issues such as using Windows Active Directory which will make it easy to achieve and
enforce authentication. Also, since the new system will comprise of various users, the company
will consider developing custom-made group policies. Besides, the firm will need to install IDS,
IPS and also firewalls appropriately to enforce the security of the corporate traffic.
Further, the firm will need to consider installing access control management controls to
ensure that the underlying workforce does not misuse the internal resources. Adopting and
establishing advanced network security would help the company to keep attackers off the new
system. Applying patches appropriately will help the company to reduce the chances of the
hackers exploiting any obsolete backdoors from the various pieces of software or even hardware.
5
The table below shows the timeline and the associated tasks the selected team will perform in
installing the proposed architecture and system.
Phase
Task
Start date
Requirement gathering Gather information about the current system.
Analyze the As-Is state of the company.
Document the user (corporate) requirements in regards to the project.
Design
September 1, 2018
Analyze the criteria.
Map the requirements of the proposed solution.
Form the foundation or framework for the development phase.
Install and implement
15 October 2018.
Develop the various systems.
Purchase the required assets such as operating systems, IDS and IPS among others.
Install these components in the new building.
Testing
15 December 2018.
Test the various components.
Initiate penetration testing.
Perform vulnerability testing.
31 December 2018.
Monitoring Perform routine checkups on the architecture.
Perform maintenance as needed.
20 January 2019.
Role of Availability, Authentication, Integrity, and Confidentiality
6
Before embarking on the implementation of the proposed system, the development teams
must first define its scope. The scope of the project follows the ultimate corporate goals set by
the company with regards to the adoption of the new system. Therefore, the team must consider
the ultimate goal of the project. In this case, the company intends to implement an enterprise
security architecture that will help it to not only undertake the day to day tasks effectively but
also guarantee the security of the internal resources (Inti Grow, 2018). The project must enforce
and champion for the implementation of solutions that will implement availability and also
accountability among other features of information security. The proposed system must exhibit
the desired elements and attributes of information security (McLaughlin, 2016). These attributes
include the CIA tried and also the concept of availability. These features act as the guiding light
for the development of the final solution. Therefore, the security system will enable the
company to transact safely without any external or even internal interferences to the corporate
resources.
Unique Challenges
However, the implementation of the project may face some problems in numerous areas.
For instance, the state government may set guidelines that the company must observe in regards
to the implementation of the enterprise security architecture. Further, there may exist a limited
number of qualified staff members to work on the project as support and experts in the diverse
areas. Also, the project team may fail to score better in regards to the issue of diversity due to
the location of the company and workplace.
7
References
New Mexico Bureau of Geology & Mineral Resources. (2018). About Us. New Mexico
Tech.Retrieved 14 August 2018. From https://geoinfo.nmt.edu/about/home.html
Inti Grow. (2018). Enterprise Security Architecture Design. Inti Grow. Retrieved 14 August
2018. From http://intigrow.com/enterprise-security-architecture-design.html
McLaughlin, E. (2016). Craft a plan: Enterprise information security architecture. Tech Target.
Retrieved 14 August 2018. From
https://searchcio.techtarget.com/photostory/450294507/Enterprise-security-architectureTechnology-overview/1/Craft-a-plan-Enterprise-information-security-architecture
1
Pamela Bennett
Information Security Concepts for the IT Professional
Professor Randy Stauber
Assignment 2
AAA Framework and Cryptography
August 22 2018
2
Vulnerabilities and Threats
Organizations face numerous challenges when dealing with data either in transit, stored or in
use. During transmission or data in transportation, the company may need to adopt and
implement numerous measures that would help it to keep the information secure. An
organization must, therefore, choose and perform the right actions that would help in protecting
the data at various states which may include in transit, at rest or even at use. Data at rest, in
transit or may face numerous challenges in the form of vulnerabilities and threats which may
include authorized access, naturally occurring incidences, impersonation and also but not limited
to interception. Unauthorized personnel may try to access a given piece of data either at rest, in
transit or even in use. Rogue users in such a case may steal the credentials of the legit personnel
thereby accessing the data illegally. From another perspective, naturally occurring incidents may
happen to threaten the security and integrity of the stored data. A company should always
maintain active backup mechanisms to prevent loss of data. Data in transit may get intercepted
through various means such as eavesdropping by unauthorized users. Encryption may help to
protect the confidentiality and integrity of the data but not availability. Impersonation refers to a
situation where an authorized person masquerades as a legit user to a given system thereby
accessing the internal data illegally.
Cryptographic Tools
Different developers came up with a set of tools that sue cryptographic principles in securing
data regardless of the state. For instance, BitLocker and Veracrypt stand out as some of the tools
that use cryptographic tenets in acquiring data in any country. BitLocker, a product of Microsoft
enables the users to secure a selected set of data within a computer or a system (Yi-ming &
3
Sheng-li, 2010). BitLocker allows a user to encrypt an entire hard drive. Therefore, this tool
does not allow the users to encrypt only a selected group or type of files within a hard drive.
On the other hand, Veracruz operates similarly as BitLocker. Unlike BitLocker, VeraCrypt
allows the users to select a given type of files to encrypt if s/he does not need to protect the entire
hard drive (Kedziora, Chow & Susilo, 2017). This tool offers a flexible set of terms which
makes it easy to secure only a part or the entire hard drive.
Non-Cryptographic Tools
There exist some non-cryptographic tools which a company can implement when securing its
data regardless of the state. These tools represent the various measures and practices that a
company can put in place which would help to guarantee the security of the data in the different
states. Frequent backups would help the company to maintain a reliable link which in the long
run can assure business continuity even if data gets interfered. Reserves play a considerable role
in keeping a secure replica of the corporate data which in the end forms the foundation for
continuity. Implementing password policies within an organization can help to create a better
operating environment that maintains data security. Passwords ensure that the users lock their
data securely preventing any unauthorized personnel from accessing it. Protecting data in transit
reduces the chances of the attackers who may intercept it to make meaning out of it.
Implementing rights and privileges management mechanisms for the various files may help to
reduce the chances of an attacker getting the intrinsic meaning of the underlying data. Therefore,
such management mechanisms may help the company to monitor and control the level of access
that the recipient may exhibit. Limiting the level of access may help to reduce the types of
4
actions that a user can perform on the data. Some companies reserve the write or read access
rights to the administrators or the selected groups of employees. Further, a company can
implement mechanisms that seek to secure the wireless connections used by a company. Using
secured VPNs may help to guarantee the integrity of data transmitted between two or more
points.
The AAA Framework Tools
The primary goal of information security revolves around guaranteeing the authenticity,
accountability and also but not least to authorization of data. From the AAA framework which
includes various features and attributes such as Accountability, Authentication and also
Authorization may use some tools which can help a company to guarantee to information
security. Thousand Eyes, as well as Solar winds, stand out as two of the most common tools that
companies may use when dealing with information-security in regards to the AAA Framework.
Starting off with Thousand Eyes, it stands out as a network monitoring tool which offers
numerous services and features to the affected company. This tool makes it easy for the
underlying management to perceive and monitor the network from various areas of interest.
Thousand Eyes allows an administrator to control the multiple threats that the system may face
such as breaches and also real-time threat visualization among other features. The available
tools help Thousand Eyes to offer a better platform for addressing the issues that can threaten the
accounta
Due Date: End of Unit 5.
Percentage of Course Grade: 20%.
Security Policy Scoring Guide Grading Rubric
Criteria
Describe security vulnerabilities and threats found in an IT
infrastructure and controls to mitigate the risks.
20%
Describe security standards and policies that must be
addressed in a security solution.
20%
Nonperformance
Basic
Proficient
Distinguished
Describes
security
vulnerabilities
and threats
found in an IT
Does not list
Describes
Lists security
infrastructure
security
security
vulnerabilities
and provides
vulnerabilities
vulnerabilities
and threats
supporting
or threats
and threats
found in an IT
rationale or
found in an IT
found in an IT
infrastructure.
examples that
infrastructure.
infrastructure.
display great
insight into
legal IT
infrastructure
threats.
Does not list
security
standards that
must be
addressed in a
security
solution.
Lists the
security
standards that
must be
addressed in a
security
solution.
Describes
security
standards that
must be
addressed in a
security
solution.
Analyzes
security
standards that
must be
addressed in a
security
solution and
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
Basic
Proficient
Distinguished
provides
supporting
examples that
display insight
into standards
and policies
needed in
organizations.
Discuss globalization concerns and legal issues that must be
considered in relation to the management of information
assets.
20%
Describe network and physical security threats and solutions
to protect the infrastructure.
20%
Analyzes legal
issues that
Does not list
Lists legal
Discusses
must be
legal issues
issues that
legal issues
considered in
that must be
must be
that must be
relation to the
considered in considered in considered in management
relation to the relation to the relation to the of information
management
management
management
assets and
of information of information of information provides
assets.
assets.
assets.
supporting
rationale or
examples.
Does not
identify
network and
physical
security
threats and
solutions to
Identifies
network and
physical
security
threats and
solutions to
protect the
infrastructure.
Describes
network and
physical
security
threats and
solutions to
protect the
infrastructure.
Analyzes
network and
physical
security
threats and
solutions to
protect the
infrastructure;
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
protect the
infrastructure.
Basic
Proficient
Distinguished
provides
supporting
rationale or
examples.
Designs a
comprehensive
security
solution that
meets the
Does not
needs of an
Assesses a
Designs a
assess a
organization;
comprehensive comprehensive
comprehensive
includes
Design a comprehensive security solution that meets the needs
security
security
security
solutions that
of an organization.
solution that
solution that
solution that
show insight
20%
meets the
meets the
meets the
into securing
needs of an
needs of an
needs of an
and
organization. organization.
organization.
organization’s
data, physical
environments,
people, and
operating
systems.
•
LEARNING ACTIVITIES
Collapse All
•
Toggle Drawer
Enterprise Security
Throughout this course, you will learn about best network security practices and
strategies for building an effective, efficient Enterprise Security for your organization.
These include methods for analyzing critical components and integrating these
components with one another to ensure that they are interoperable and configured for
optimum security. You will use these strategies to create a plan and strategic decision
supporting documentation for an effective Enterprise Network Security course project.
The project includes the following:
•
•
•
•
•
•
•
•
•
•
•
•
Executive summary and cover sheet.
Scope and requirements rationale.
Role of availability, confidentiality, authentication, and integrity in identifying a security
solution.
Global challenges to security.
Types of cryptography.
Strategies for supporting the AAA framework.
Physical security strategies for protecting the networks and data.
Intrusion detection system strategy.
Basic strategies for hardening an operating system.
Ethical standards and implications of sharing network resources externally.
Screen shots of your diagram supporting the project components.
A list of references.
You are to choose an organization that you have worked in, have interest in or know
someone who works for an organization and is willing to share their thoughts, and then
integrate the project required components. Specific detailed instructions for each project
component are located in the assignment activity in the unit in which the component is
due.
Project Objectives
To successfully complete this project, you will be expected to:
13. Identify security standards that must be addressed in a security solution.
14. Discuss legal issues that must be considered in relation to the management of information
assets.
15. Combine all previous submitted assignments and submit the final project.
16. Follow APA style and formatting guidelines for resources and citations and create a
document that is clearly written and generally free of grammatical errors.
•
Toggle Drawer
Project Requirements
To achieve a successful project experience and outcome, you are expected to meet the
following requirements.
To achieve a successful project experience and outcome, you are expected to meet the
following requirements:
•
•
o
o
o
o
o
•
•
•
•
Written communication: Written communication is free of errors that detract from the
overall message.
Paper components:
Title page or cover sheet.
Executive summary.
Body of paper.
Diagram or diagrams created in a network simulation tool (where applicable).
Reference page.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) Style and Formatting.
Length of paper: There are no page length requirements. The architecture will dictate the
number of pages required to convey your design.
Font and font size: Arial, 10 point.
Toggle Drawer
Project Grading Criteria
Security Policy Scoring Guide Grading Rubric
Criteria
Describe
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
and controls
to mitigate
the risks.
20%
Nonperformance
Does not list
security
vulnerabilitie
s or threats
found in an
IT
infrastructure
.
Basic
Lists security
vulnerabilitie
s and threats
found in an
IT
infrastructure
.
Proficient
Distinguished
Describes
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
.
Describes
security
vulnerabilitie
s and threats
found in an
IT
infrastructure
and provides
supporting
rationale or
examples that
display great
insight into
legal IT
Security Policy Scoring Guide Grading Rubric
Criteria
Nonperformance
Basic
Proficient
Distinguished
infrastructure
threats.
Describe
security
standards and
policies that
must be
addressed in
a security
solution.
20%
Discuss
globalization
concerns and
legal issues
that must be
considered in
relation to the
management
of
information
assets.
20%
Does not list
security
standards that
must be
addressed in
a security
solution.
Does not list
legal issues
that must be
considered in
relation to the
management
of
information
assets.
Lists the
security
standards that
must be
addressed in
a security
solution.
Lists legal
issues that
must be
considered in
relation to the
management
of
information
assets.
Describes
security
standards that
must be
addressed in
a security
solution.
Analyzes
security
standards that
must be
addressed in
a security
solution and
provides
supporting
examples that
display
insight into
standards and
policies
needed in
organizations
.
Discusses
legal issues
that must be
considered in
relation to the
management
of
information
assets.
Analyzes
legal issues
that must be
considered in
relation to the
management
of
information
assets and
provides
supporting
rationale or
examples.
Security Policy Scoring Guide Grading Rubric
Criteria
Describe
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
20%
Design a
comprehensi
ve security
solution that
meets the
needs of an
organization.
20%
•
Nonperformance
Does not
identify
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Does not
assess a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Toggle Drawer
Project Components
Basic
Identifies
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Assesses a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Proficient
Distinguished
Describes
network and
physical
security
threats and
solutions to
protect the
infrastructure
.
Analyzes
network and
physical
security
threats and
solutions to
protect the
infrastructure
; provides
supporting
rationale or
examples.
Designs a
comprehensi
ve security
solution that
meets the
needs of an
organization.
Designs a
comprehensi
ve security
solution that
meets the
needs of an
organization;
includes
solutions that
show insight
into securing
and
organization’s
data, physical
environments
, people, and
operating
systems.
Project Component
Course Grade
Weight
Unit
Due
Project Scope
10%
1
AAA Framework and Cryptography Strategy
10%
2
Physical Network Security Strategy
10%
3
OS and Application Security Strategy
10%
4
Security Policy
20%
5
Total:
•
60%
Toggle Drawer
[u01a1] Unit 1 Assignment 1
Project Scope
For this assignment, you will develop an initial scope document and proposal for
deploying an Enterprise Security Infrastructure Project. This is done by gathering facts
about the selected organization and identifying project needs.
First, select a global IT organization with which you are currently affiliated, have worked
for in the past, or one you would like to learn more about. This organization should be
relevant to your professional goals and sufficient information about this organization
should be available through experience or research. You will use this same organization
as a foundation for all of your project assignments in this course.
Once you have selected your organization, you will evaluate the existing security
infrastructure and suggest improvements appropriate to improving the cost and efficiency
of managing the security. If assumptions need to be made as part of your project, please
list those assumptions so that your instructor is aware.
For this assignment, use the suggested resources, the Capella library, and the Internet to
research the subject matter.
Instructions
Now that you have an understanding of the project and the company’s needs, include the
following in the initial scope document and proposal:
•
•
•
•
•
•
•
Describe the scope of your project by providing an overview to the selected organization:
the reasons for your choice, its size, and the location of the organization.
Describe the main business problems and goals as they relate to information technology.
Include information relative to organizational user, organizational systems, and the
security requirements.
Describe decision makers and stakeholders on whom you would rely to develop a
requirements analysis and traverse through the information gathering phases of a security
infrastructure deployment project.
Define a project timeline and outline that coincides with the system and/or infrastructure
component life cycle stages. Additionally, identify the security components,
requirements, and concerns that will need to be addressed.
Explain the role of Availability, Confidentiality, Authentication, and Integrity in
identifying the project scope for the organization.
Given the global nature of the organization, identify any unique challenges that you
anticipate facing from a regulatory, human resources, and cultural standpoint.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Refer to the Project Scope Scoring Guide to ensure that you meet the grading criteria for
this assignment. Submit your document in the assignment area.
Resources
•
Project Scope Scoring Guide.
•
APA Style and Formatting.
•
Toggle Drawer
[u02a1] Unit 2 Assignment 1
AAA Framework and Cryptography Strategy
For this assignment, you will complete a data security strategy. This is done by gathering
facts about the selected organization and identifying project needs. For this assignment,
use the suggested resources, the Capella library, and the Internet to research the subject
matter.
Instructions
For this assignment, complete the following components for your Perimeter Security
Strategy:
•
•
•
Describe vulnerabilities and threats associated with data being stored, in transit and in
use.
Compare two cryptography tools and strategies for the project that would be beneficial
for protecting data being stored, in transit and in use.
Describe at least three (3), non-cryptography strategies for protecting stored data, data in
transit and/or data in use for the company.
•
•
•
Describe strategies and identify at least two (2) tools for supporting the AAA framework
in your company’s security solution.
Determine how you would consider applying access control and identify management to
protect stored data, data in transit and/or data in use in the company.
Define at least two (2) policies or guidelines that you would include your organization’s
data security manual. You are encouraged to provide resources and citations. Any
references should be formatted according to APA (6th Edition) Style and Formatting.
Note: Make sure that you follow the scoring guide prior to submitting. Submit your
document to the assignment area once completed.
Resources
•
•
AAA Framework and Cryptography Strategy Scoring Guide.
Toggle Drawer
[u03a1] Unit 3 Assignment 1
Physical Network Security Strategy
For this assignment, you will complete your Physical and Network Security strategy.
Each organization/company would need to show how their data, assets, and networks are
protected. In this assignment, you will outline, address, and discuss your overall physical
and network security strategy where you plan, design, and implement your security
strategy around the organization’s global network infrastructure. For this assignment, use
the suggested resources, the Capella library, and the Internet to research the subject
matter.
Instructions
For this week, you are to complete the following components:
•
•
•
•
•
•
Describe at least three (3) threats and vulnerabilities associated to physical security.
Define at least two (2) physical security strategies for protecting each of the following
categories in the company: (a) data, (b) human resources and (c) hardware.
Describe strategies for protecting the company’s network perimeter from external threats.
Describe strategies for protecting the company’s internal and external network traffic and
identify at least two (2) network security tools you would consider utilizing.
Define at least two (2) policies or guidelines that you would include in the organization’s
physical security manual.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Ensure to follow the scoring guide prior to submitting and submit your document to the
assignment area.
Resources
•
Physical Network Security Strategy Scoring Guide.
•
Toggle Drawer
[u04a1] Unit 4 Assignment 1
OS and Application Security Strategy
For this assignment, you will explain how to secure your applications and operating
systems through the use of various security tools. For this assignment, use the suggested
resources, the Capella library, and the Internet to research the subject matter.
Instructions
For this assignment, complete the following components to secure your applications and
operating systems:
•
•
•
•
•
•
•
Describe threats and vulnerabilities associated with at least two (2) operating systems.
Describe an anti-malware solution for the organization and indicate on which operating
systems it supports.
Select a suitable intrusion detection system (IDS) solution for the organization and
explain the reasoning for your suggestion.
Describe at least two (2) control strategies you would consider implementing for securing
the company’s web-based infrastructure.
Describe at least two (2) control strategies you would consider implementing for securing
the company’s database infrastructure.
Define two (2) items that you would include in the organization’s operating system
security hardening procedures.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) Style and Formatting.
Follow the scoring guide and submit to the assignment section once completed.
Resources
•
•
OS and Application Security Strategy Scoring Guide.
Toggle Drawer
[u05a1] Unit 5 Assignment 1
Security Policy
As part of your course project, you are to develop, and design your overall security policy
strategy.
Instructions
•
•
Identify a complete list of security standards that must be addressed in a comprehensive
solution for the organization.
Discuss legal and regulatory issues that must be considered in relation to the management
of information assets.
•
•
•
Identify the steps that you took throughout the quarter to ensure that your security
solution will succeed internationally and describe how you addressed globalization in
your security design.
For your final submission, include all your previous work for weeks 1–4 as part of this
submission. Review the feedback that your instructor provided throughout the quarter and
use that to finalize the security solution for your organization.
You are encouraged to provide resources and citations. Any references should be
formatted according to APA (6th Edition) style and formatting.
Note: Make sure that your paper is professionally written and free of errors, and that APA
formatting is applied throughout. Once complete, submit your document in the
assignment area.
Resources
•
Security Policy Scoring Guide.
1
Pamela Bennett
Information Security Concepts for the IT Professional
Professor Randy Stauber
Assignment 1
Project Scope
August 19, 2018
2
The Scope
Working as an IT administrator in the NM Bureau of Geology & Minerals Resources
gives one the opportunity to not only understand the basic needs of the company in regards to the
trending information technologies but also implement the right measures critical to the success of
the firm. The company, a branch of the NM Tech offers a variety of products to its esteemed
customers. Primarily, the firm performs research among other services with regards to the needs
of the underlying customers. Therefore, the company serves a spectrum of customers who may
range from the students, State and also the National Scientific agencies among other research
firms within the diverse industries (New Mexico Bureau of Geology & Mineral Resources,
2018). The company serves customers who may need to gain an insight of the geology of the
underlying state. The selection of this company comes from the fact that the firm intends to
establish its own set of technology backbone other than relying on the parent establishment. The
firm for years used the parent`s company technology which did not help it to grow both
internally and also externally.
Business Problems
The Bureau faces multiple business problems which reduce its abilities to achieve the set
goals with regards to offering practical and reliable services to the customers. As mentioned, the
company`s customers may range from the students to the clients in the research industry among
others from the perspective of geology. Therefore, the company needs to operate under a
reliable and efficient enterprise information system that will help it to perform its set tasks
efficiently. Currently, the company operates under an outdated set of information systems which
limit its abilities not only to expand but also to handle the resulting advanced security threats that
may arise. Besides, the company sought funds to improve its operation and started by
3
establishing a new building. The company`s management projects that the new building will
incorporate the latest technologies to boost not only its operations but also the associated abilities
to handle security threats that may arise affecting the enterprise at large.
Additionally, the company currently operates with a system that does not match the
current technologies. The outdated systems present a significant threat to the internal resources
of the company by exposing it to multiple risks to not one but all the internal elements and
resources of the firm. Therefore, in as much as the firm needs to shift to the new building, it may
require to upgrade its currently used information systems. This upgrade will consider the various
areas such as the performance and also the security of the internal corporate resources.
Operating under an old set of information technology solutions places the Bureau at a
disadvantage since it limits its abilities to grow and also create a productive and secure working
environment. The company seeks to achieve a situation where it performs its tasks without any
external interferences from attackers. Therefore, the firm will need to not only educate the
underlying staff but also implement the respective security requirements to help it boost its
service delivery processes. The perceived architecture must consider the efforts and affairs of
the corporate users, the needed security requirements and also the future needs of the company in
regards to expansion.
Stakeholders and Decision Makers
Therefore, based on the given necessary information about the firm, it follows that the
Bureau will need to consult with all the relevant stakeholders and decision makers in the attempt
to plan for the upgrade and shift to the new building. When collecting the required requirements,
the IT administrator will consider consulting numerous parties who interact with the current
systems on the day to day basis. For instance, the requirements gathering and analysis phase will
4
require the efforts of the senior management of the company, the sponsors and also the
underlying workforce. The IT staff members understand the flaws the current system exhibits.
The IT directors will offer critical information with regards to the areas where the current system
presents weaknesses. The senior management and shareholders will provide essential
information with regards to the qualities that the future system should exhibit both from a
performance and security perspective. The interaction among these parties will form the
foundation for the development of high-level requirements that will foster the design of the
desired architecture.
Project Timeline
The implementation of the project will follow a series of steps depending on the
development life cycle of the proposed solution. The new architecture and resulting system will
comprise multiple security components which will help the company to enforce the integrity,
confidentiality and also but not least, authentication. Therefore, the company will need to
consider issues such as using Windows Active Directory which will make it easy to achieve and
enforce authentication. Also, since the new system will comprise of various users, the company
will consider developing custom-made group policies. Besides, the firm will need to install IDS,
IPS and also firewalls appropriately to enforce the security of the corporate traffic.
Further, the firm will need to consider installing access control management controls to
ensure that the underlying workforce does not misuse the internal resources. Adopting and
establishing advanced network security would help the company to keep attackers off the new
system. Applying patches appropriately will help the company to reduce the chances of the
hackers exploiting any obsolete backdoors from the various pieces of software or even hardware.
5
The table below shows the timeline and the associated tasks the selected team will perform in
installing the proposed architecture and system.
Phase
Task
Start date
Requirement gathering Gather information about the current system.
Analyze the As-Is state of the company.
Document the user (corporate) requirements in regards to the project.
Design
September 1, 2018
Analyze the criteria.
Map the requirements of the proposed solution.
Form the foundation or framework for the development phase.
Install and implement
15 October 2018.
Develop the various systems.
Purchase the required assets such as operating systems, IDS and IPS among others.
Install these components in the new building.
Testing
15 December 2018.
Test the various components.
Initiate penetration testing.
Perform vulnerability testing.
31 December 2018.
Monitoring Perform routine checkups on the architecture.
Perform maintenance as needed.
20 January 2019.
Role of Availability, Authentication, Integrity, and Confidentiality
6
Before embarking on the implementation of the proposed system, the development teams
must first define its scope. The scope of the project follows the ultimate corporate goals set by
the company with regards to the adoption of the new system. Therefore, the team must consider
the ultimate goal of the project. In this case, the company intends to implement an enterprise
security architecture that will help it to not only undertake the day to day tasks effectively but
also guarantee the security of the internal resources (Inti Grow, 2018). The project must enforce
and champion for the implementation of solutions that will implement availability and also
accountability among other features of information security. The proposed system must exhibit
the desired elements and attributes of information security (McLaughlin, 2016). These attributes
include the CIA tried and also the concept of availability. These features act as the guiding light
for the development of the final solution. Therefore, the security system will enable the
company to transact safely without any external or even internal interferences to the corporate
resources.
Unique Challenges
However, the implementation of the project may face some problems in numerous areas.
For instance, the state government may set guidelines that the company must observe in regards
to the implementation of the enterprise security architecture. Further, there may exist a limited
number of qualified staff members to work on the project as support and experts in the diverse
areas. Also, the project team may fail to score better in regards to the issue of diversity due to
the location of the company and workplace.
7
References
New Mexico Bureau of Geology & Mineral Resources. (2018). About Us. New Mexico
Tech.Retrieved 14 August 2018. From https://geoinfo.nmt.edu/about/home.html
Inti Grow. (2018). Enterprise Security Architecture Design. Inti Grow. Retrieved 14 August
2018. From http://intigrow.com/enterprise-security-architecture-design.html
McLaughlin, E. (2016). Craft a plan: Enterprise information security architecture. Tech Target.
Retrieved 14 August 2018. From
https://searchcio.techtarget.com/photostory/450294507/Enterprise-security-architectureTechnology-overview/1/Craft-a-plan-Enterprise-information-security-architecture
1
Pamela Bennett
Information Security Concepts for the IT Professional
Professor Randy Stauber
Assignment 2
AAA Framework and Cryptography
August 22 2018
2
Vulnerabilities and Threats
Organizations face numerous challenges when dealing with data either in transit, stored or in
use. During transmission or data in transportation, the company may need to adopt and
implement numerous measures that would help it to keep the information secure. An
organization must, therefore, choose and perform the right actions that would help in protecting
the data at various states which may include in transit, at rest or even at use. Data at rest, in
transit or may face numerous challenges in the form of vulnerabilities and threats which may
include authorized access, naturally occurring incidences, impersonation and also but not limited
to interception. Unauthorized personnel may try to access a given piece of data either at rest, in
transit or even in use. Rogue users in such a case may steal the credentials of the legit personnel
thereby accessing the data illegally. From another perspective, naturally occurring incidents may
happen to threaten the security and integrity of the stored data. A company should always
maintain active backup mechanisms to prevent loss of data. Data in transit may get intercepted
through various means such as eavesdropping by unauthorized users. Encryption may help to
protect the confidentiality and integrity of the data but not availability. Impersonation refers to a
situation where an authorized person masquerades as a legit user to a given system thereby
accessing the internal data illegally.
Cryptographic Tools
Different developers came up with a set of tools that sue cryptographic principles in securing
data regardless of the state. For instance, BitLocker and Veracrypt stand out as some of the tools
that use cryptographic tenets in acquiring data in any country. BitLocker, a product of Microsoft
enables the users to secure a selected set of data within a computer or a system (Yi-ming &
3
Sheng-li, 2010). BitLocker allows a user to encrypt an entire hard drive. Therefore, this tool
does not allow the users to encrypt only a selected group or type of files within a hard drive.
On the other hand, Veracruz operates similarly as BitLocker. Unlike BitLocker, VeraCrypt
allows the users to select a given type of files to encrypt if s/he does not need to protect the entire
hard drive (Kedziora, Chow & Susilo, 2017). This tool offers a flexible set of terms which
makes it easy to secure only a part or the entire hard drive.
Non-Cryptographic Tools
There exist some non-cryptographic tools which a company can implement when securing its
data regardless of the state. These tools represent the various measures and practices that a
company can put in place which would help to guarantee the security of the data in the different
states. Frequent backups would help the company to maintain a reliable link which in the long
run can assure business continuity even if data gets interfered. Reserves play a considerable role
in keeping a secure replica of the corporate data which in the end forms the foundation for
continuity. Implementing password policies within an organization can help to create a better
operating environment that maintains data security. Passwords ensure that the users lock their
data securely preventing any unauthorized personnel from accessing it. Protecting data in transit
reduces the chances of the attackers who may intercept it to make meaning out of it.
Implementing rights and privileges management mechanisms for the various files may help to
reduce the chances of an attacker getting the intrinsic meaning of the underlying data. Therefore,
such management mechanisms may help the company to monitor and control the level of access
that the recipient may exhibit. Limiting the level of access may help to reduce the types of
4
actions that a user can perform on the data. Some companies reserve the write or read access
rights to the administrators or the selected groups of employees. Further, a company can
implement mechanisms that seek to secure the wireless connections used by a company. Using
secured VPNs may help to guarantee the integrity of data transmitted between two or more
points.
The AAA Framework Tools
The primary goal of information security revolves around guaranteeing the authenticity,
accountability and also but not least to authorization of data. From the AAA framework which
includes various features and attributes such as Accountability, Authentication and also
Authorization may use some tools which can help a company to guarantee to information
security. Thousand Eyes, as well as Solar winds, stand out as two of the most common tools that
companies may use when dealing with information-security in regards to the AAA Framework.
Starting off with Thousand Eyes, it stands out as a network monitoring tool which offers
numerous services and features to the affected company. This tool makes it easy for the
underlying management to perceive and monitor the network from various areas of interest.
Thousand Eyes allows an administrator to control the multiple threats that the system may face
such as breaches and also real-time threat visualization among other features. The available
tools help Thousand Eyes to offer a better platform for addressing the issues that can threaten the
accounta
Categories: