Now that the After Action Reports have been analyzed, the consultants must develop a plan for improving the security posture at Sifers-Grayson. This will be documented in a Security Strategy Recommendations document. The security strategy will be based upon multiple layers of policies, processes, and technologies that, when implemented, will be used to defend the Information Technology enterprise from both internal and external threats and attacks.
Note: see
https://www.techrepublic.com/blog/it-security/understanding-layered-security-and-defense-in-depth/
for a discussion of the differences between these two security strategies: layered security and defense-in-depth. You will need this information for the
Security Strategies
section of your paper.
Two defensive security strategies have been chosen by the senior members of the team.
1. Defense Strategy #1:
Build a DMZ for the R&D Center. The DMZ will host servers accessed by the engineers while teleworking and while reaching back to the R&D center from the test range. The DMZ will require the following: (a) business class routers, (b) business class firewalls, and (c) intrusion detection and prevention system.
Demilitarized Zone (DMZ).
For definitions and diagrams see
https://www.us-cert.gov/ics/Control_System_Security_DMZ-Definition.html
and
https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/principles-of-computer/ XXXXXXXXXX/ch9.xhtml#lev74
(Scroll down to sub-section on DMZ’s)
2. Defense Strategy #2:
Implement Enterprise-wide Protective and Detective Measures to defend against both internal and external attackers. These measures will include (a) controlling access to software documentation and source code, (b) implementing enterprise-wide identity management, and (c) implementing either a Security Information and Event Management (SIEM) tool or a Unified Threat Management (UTM) tool.
Your Task:
You have been assigned to research products which will be used to implement the two Defense Strategies. You will need to research suitable products and then write a report recommending a set of products and services which can be used to implement the selected strategies. Your report will include summary information and explanations about defense in depth and the two selected strategies.
Note: You may need to do additional reading and research to find the information required to support your explanations of defense in depth and the selected defense strategies. Make sure that you cite authoritative sources for this information.