Assume you are part of a corporate-level security team and your organization has just acquired a new company. The new company will have its own information technology team reporting up through the corporate team. The company being acquired is not security-savvy, so a thorough assessment will be required.
The current environment you are asked to assess includes:
The wireless network running WEP – employees often bring in their own access points because the reception is poor with the company access points.
No security monitoring or review of security logs
The data center has about 100 Windows® servers that are patched using Microsoft® Automatic Updates.
The firewall is a Cisco® PIX®.
The backup strategy uses Windows® built-in backup application. The backup is then sent to the main server every Friday night.
The disaster recovery plan is to restore the server from the main backup server.
There are no security policies or standards.
Employees often bring in their own laptops to use for work because the company hardware running Windows® 98 is outdated.
Write a 3- to 5-page analysis on the security posture of the newly purchased company. For the following areas, identify the issues and make recommendations to address them within:
· Wireless environment
· Network Traffic Monitoring and Analysis
· System and Infrastructure Vulnerabilities
· Data Backup and Disaster Recovery
· Incident Response
Your analysis should include recommendations on hardware and software improvements, specific security policies and standards that should be written and put into place and an incident response plan that would escalate up through the corporate security team.