Security Implementation

Security Implementation

Name:

Institution:

 

Abstract

Fast Pace Insurance Company seeks to install a new enterprise information, a security system that will protect its data and information from both external and internal intruders. The system has to be well planned. In addition to this issue, the new system will be more effective after a proper risk assessment and risk audit has been done. Then it will culminate in the creation of a cyber-law policy that will guide how network operations will be carried out within the organization. The following article contains the structured report and plan of all the security requirements needed to enable the company to achieve integrity with its data and operations.

 

Table of Contents

Introduction                                                                                                                            4

Enterprise Security Plan                                                                                                          4

Security Strategic Planning                                                                                         4

Vulnerability Scanning                                                                                               5

Encryption and Anti-Virus                                                                                         6

Monitoring and Incidence Response Portal                                                                7

Technical Infrastructure Planning                                                                                           8

Security Plan                                                                                                               8

Scanning                                                                                                                     9

Response Portals and Monitoring                                                                               10

Authentication, Encryption, and Awareness                                                              11

Enterprise Risk Assessment, Audit, and Cyber Law                                                             12

Risk Assessment                                                                                                         12

Risk Audit                                                                                                                  13

Cyber Laws                                                                                                                 14

 

 

 

 

 

 

 

 

Security Implementation

Introduction

Fast Pace Insurance Company, one of the leading insurance firms in the world, has been operating in over twenty countries worldwide, with its service provision. The main co-temporal aspect of its services includes dealing with sensitive and critical information, which is used in implementing robust data security plans as often as required. The organization ensures that effective and secure data security plans for the contracted companies are provided, managed well, and used as reference point for future exhortations. Fast Pace Insurance Company requires enabled security elements installed for safety purposes within their systems, to facilitate monitoring and constant checkup of any frailties. In the technical infrastructure, the security strategy, anti-virus and worm concerns, vulnerability scanning, monitoring and all forms of incidence portal response are all addressed by the company’s detailed plan. In the following security plan, a detailed execution of the physical security, authentication, network, encryption, software development, internet, awareness, and the technical demands in the implementation process are discussed, analyzed, and made viable for the company.

Enterprise Security Plan

Security Strategic Planning 

In the company’s strategic planning on security, the focus is on the leveraging any of the existing resources, enhancements, and capabilities within the organization to ensure there is confidentiality, availability, and integrity in the plan. For the company to achieve the strategy of the security plan, contingency measures have to be undertaken in the enterprise goals, approach and viable options forthwith (Marakas and O’Brien, 2014). The company will create a fundamental toolkit for the process, as well as analysis of the immediate steps to ensure that the operational project plan is divided into tasks according to the requirements and demands. It will provide fro consistency and secure approach into the various modalities to ensure that the security plan has an enterprise element into the individualized users. According to information technology, the security plan should guarantee the safety, longevity, credibility, and usefulness of the term to fruition.

The security policies and guidelines to govern the plan have to incorporate a collaborative approach, which ensures that the company does not flout any information security rules. The eleven core policies, which are responsible for the baseline formation of the company uses, have to be identified. The policies are universal, and can be used by the different levels of the company’s structure at all times (Nord, Tucker & Gaylor, 2015). The security program, therefore, will form the template for the plan and ensure that all demands and matters of the security measures are followed according to the protocol. The policies are drawn from guidelines, rules, statutes, best practices in informational technology while being tailored to the company. In each of the services described in the plan below, the category of analysis includes the scope, benefits, costs, and the appropriate timeline when applied.

Vulnerability Scanning

The scope involves scanning of the online applications to determine the various braces in the installed systems. For example, the possibility of breaches, effects, attacks, or even infringement should be determined as soon as possible within the system. All devices within the company’s network are scanned and determined for vulnerability through elimination. All the infrastructural threats are determined at the earliest stage to avoid infiltration into the whole company’s system. Fast Pace Insurance Company uses the systems to obtain outsourced applications and work for the organization mandate (Nord, Tucker & Gaylor, 2015). Therefore, by ensuring that all threats are minimized from the initial basis, there are several costs to be avoided in the process. Another benefit is the time factor into operations and profitability generated in the process. The latter requires supervision due to the robust nature of the system.

The security plan can use up to the first formative twenty-four months of operations to achieve this requirement. The costs incurred in the process will be based on the company funds at the time of the financial year in operation, while sponsorship required from the partners and other parties is ideal. According to Leavitt (2013), the data security of the company, seriousness will be undertaken since the plan will be fast, swift, and cost saving. Implementation according to the intended plan should be carried out in the next financial year use to the demand of the process. Once the implementation is started, the plan will constitute the detailed process of reviews within the contingency demands of the company’s data structure and network. Te reviews of the system can be done on an annual basis to ensure professionalism and a follow-up mechanism for the long term.

Encryption and Anti-Virus

The availability of viruses and worms in data systems and networks is an existent threat to any information technology setup. All the hardware and software components of Fast Pace Insurance Company have the potential to be targeted by malicious groups or infiltrated infections within an online environment (Fichera and Bolt, 2012). Therefore, the security plan will ensure that antivirus software is installed on all hardware and software systems. These include computers, laptops, and all output devices like the printers, fax machines, and prompters within the systems. In addition, all mobile devices in network connection will have to be scanned and installed with antivirus software. The benefits translate to all manner of costs of repair and potential loss of data to the company. All operational modalities are covered in the damages at any given time. They include encryption of data, saves made on the flash disks and hard drives.

During the consolidation provision made by the security plan, Fast Pace Insurance Company will save on all the extended costs attributed to purchases. On the general, savings associated with the bulk and determinant software acquisitions will be vital for the company in the long-term basis (Jackson, 2010). The immediate implementation of the security plan on matters of encryption and anti-virus is imperative. Within the earliest financial year provision, the institution should be obtained with relative ease. The company should also institute the active login information for the permanent users within the systems according to phases. It, therefore, generates a sense of effectiveness as the deemed projects will be added up one after another to ease up on timeliness and errors, as well as the accuracy of authentication. Encryptions steps should be followed to the latter especially when the mechanisms have to involve potential referencing and backups.

Monitoring and Incidence Response Portal

Monitoring and incidence response portals are responsible for the buffering up of the security plans put in place regarding the data to Fast Pace Insurance Company. The additional structures act as further enhancements to the already placed systems for surety and longevity. Apart from boosting the security measures, there is an added sense of integrity with the delicate, confidential, and robust nature of the data contained within the organization (Kizza, 2005). The response mechanisms can then be used as mitigating features of the company’s systems, despite any potential threats. Once the plan is ensured, the company will be able to respond in time for the loopholes, in terms of the breaches without further defects to the system. The main benefit is the company’s ability to gain vital warning notifications on the system, for the improvement to be made.

The costs associated with response portals are costly due to the robust nature of the responsibility and software management requirement in the implementation. Fast Pace Insurance Company requires additional support from the partners and financial parties in the interested data systems to generate revenue for the process. The company should also opt for an online portal instead of the physical one due to various reasons. The online portal is secure with cloud computing availabilities while it is easier to manage despite factors like distance, time, breaches, and attacks from external sources. According to Lee (2012) within the current financial year availabilities, the company can implement the response portals in the next showpiece as the upgrading and analysis of the potential with the current one is determined. In addition, the timeline allows for the easier transition and availability consideration into the online changes and subsequent initialization.

Technical Infrastructure Planning

Security Plan

Fast Pace Insurance Company is sure to target the database system and security within the networks of the organization. Within the provision of the security plan, the achievement can be made possible with the robust inclusion of the infrastructure, which incorporates the software, hardware, and makes the user aware of all the system’s utilities. The hardware will require a changed approach to the physical attributes of the machinery in use, additional features within the systems, and generated development of the users (Malik, 2013). Software securities require a plan that will incorporate a tactical change in the programs run to ensure that the systems are secure at all times, despite their usage and varied storage capabilities. In the software deliveries, the actualization process of all the company’s demands have to be spelled out in the plan to ensure that, the targets are covered without minimal interference from the users and network abilities.

In the security plan, the actualization of the cost measures has to be used in order Fast Pace Insurance Company to weigh the pros and cons of instituting the changes. The cost effectiveness is central to the changes intended for maximum output and gain for the company on the overall level. The savings and costs of the security plan’s implementation have to be made by the managerial analysis to maintain the operation costs and attributed rewards regarding potential and profitability (Duncan, 2014). The key security features in this plan will be made available to the astute services and strategies according to three features. They will include scanning, response portals and monitoring availabilities, authentication, encryption, and awareness concerns for the whole system implementation.

Scanning

For the actualization of the scanning requirements, the main target for Fast Pace Insurance Company will be on the software uses and the specific network application. The network security demands will have the company’s approval of the cloud packaging that can be instituted for the effective measure and use. For example, Nessus Cloud Package with the tenable.com applications can be sued for the networks and cloud storages, in terms of the demands for extended periods (Kamoru, Frank, and Yemi, 2014). The package is responsible for carrying out the comprehensive form of management in terms of the vulnerable elements of the company’s operations. The cloud computing storage will ensure that the software responsible for scanning and detecting any vulnerability are put in place for information systems. The company will then have two bases for storage and upkeep for backup, in case one fails or is breached.

Both hardware and software firewalls will be used in the security plan for scanning requirements. All the firewall software and firewall hardware in individual machines of all the users within the organization’s structure will be installed. In the firewall case, Fast Pace Insurance Company will have to use the choking gate, packet filtering only, and dual homed gateways within the network systems. The three of the firewalls will be instituted with ensuring that there is the detection of any potential threat or breach capability within the systems. The packet only filtering will also institute warning to the users upon an outreach of the vulnerable systems, information technology pathways and routes for utilities of the data systems (Liang, Ge, Wang, and Lin, 2012). Of the three, the latter is the easiest to install as well as complimentary on the requirements for the usage and enhancements.

Response Portals and Monitoring

Monitoring and response portals require a surveillance system for effectiveness to be achieved in the security plan. Fast Pace Insurance Company will have to outsource additional hardware and software components for usage like machines, printers, fax machines, laptops, Solaris databases and their servers. The latter will facilitate the tracking the users’ activities within the virtual environment. In addition, the Internet protocol monitor will be important in the prevention of malicious entry of the virtual environment. For all the internets concerns, the IP host server is responsible for all activities, management of the data storage, use, follow-up basis, and ensured consistency (Marakas and O’Brien, 2014). All the database and facilitations of the additional networks support systems will be crucial to the monitoring basis of the system and security round the clock. Online verification mechanisms will be used forthwith.

Fast Pace Insurance Company will have to use Microsoft network monitor in the system, especially for the portal needs and response. The monitoring and incidence based responses have to be virtual and in real time for effective analysis and traffic determinants. Monitoring of the incoming and sent traffic of data utilities by the users will be crucial for the survival of the system and user friendliness. Network protocols will also be monitored all the time for support and alert responses. Unusual activities will be addressed by the MySQL database support provision for the operations within the networks. Nagios, leading software with the alert and report mechanism, will also be used. The tap devices of network requirements in the communication and anomaly especially when correcting the faults within the systems and errors. The responses should be swift and prompt to avert further breaches.

Authentication, Encryption, and Awareness

For authentication, encryption, and awareness concerns of the Fast Pace Insurance Company, various software utilities can be incorporated. For example, Ax Crypt, Vera Crypt, GNU Privacy Guard, and Bit Locker can all be used in the awareness concerns. All the above software programs perform similar functions,, especially with encryption concerns and authentication. According to Leavitt (2013), Vera Crypt software will be useful when installed in the machines based on the network of the organization especially with the usage of Microsoft operating systems as well as Linux and OS X. The above sets up Fast Pace Insurance Company with an advantage on the costs to b used in the process, especially when considering that the different encryption software demands will be generated for the different systems. Regarding the encrypted hardware that can be used in the systems, SSD USB drives with the Aegis Padlock and DT variety with the desktop can be used.

The selection of the antivirus software will be deliberate carefully since the performance of the provisions is not the same, within the available mechanisms. For example, Fast Pace Insurance Company can utilize Kaspersky Security Network packages, designed for the needs of different computers on networks as opposed to that software that serve only single machines. One of the critical aspects of the antivirus software, which should be instituted in the mandates, is the need for constant upgrading, to the latest provisions to face the evolution of threats (Nord, Tucker & Gaylor, 2015). If the software is not updated, minimal efficiencies will be realized in the job performed in the thwarting of the threats aimed at the data stored and functionalities of the processes. Fast Pace Insurance Company should outsource the software for the antivirus demands, especially those that are renowned.

Enterprise Risk Assessment, Audit, and Cyber Law

The aim of Fast Pace Insurance Company’s mandate on the security plan is to ensure that there are no intruders, both internal and external, to the organization’s enterprise data protection. The system in all capacity has to be planned well. For the plan to succeed, a risk assessment audit and audit of the risks has to be ensured from the original basis. It then requires the culmination of the cyber-law policies, which will enable the network operations to be carried out in guidance, within the firm’s mandate. The essence of the risk assessment is to ensure that there is absolutely no existence of loopholes in the new system before its implementation (Kamoru, Frank, and Yemi, 2014). Once the audit is done on risks and assessment, there is an increased chance of success and effectiveness towards the overall performance and appropriated conformity within the system.

Risk Assessment

In the global security guidelines, risk assessment is important within the HIPAA, in terms of the information security standards. In Fast Pace Insurance Company, the organization will institute the assessment at the System Development Life Cycle and carried out within the protracted three phases. The first phase of the process includes documentation of all the requirements. It is essential as it helps determine the areas that carry potential risks to the system. In the second phase, it will be characterized by threat determination. In this, there is clearer identification from the controls, with the available ones in check before inputting any new ones. Monitoring activities and vulnerability scanning can facilitate the risks assessment in terms of the documentation process for the company. At the onset, the available controls will provide for the equivalent assessment.

In the risk assessment, the third phase will be tasked with safeguarding the system from any or potential risk, established before. The countering mechanisms against any of the risk obtained or identified will be instituted within the phase. Fast Pace Insurance Company enterprise security plan will then use encryption and antivirus for the mitigating aspects. After the execution of the three phases, there will be a detailed summary of all the findings and documentation, in regards to a concise approach and future response from it (Liang, Ge, Wang, and Lin, 2012). In the summary, the architecture of the system has to be elaborated, while the security controls availed when put in place. Another possibility is the continuity plan of the company’s intended safeguarding of the security concerns for the long term. Developed changes to the system will also be provided in the summary for cross-referencing and use in subsequent shifts of improved forms.

Risk Audit

For the company to determine the management controls within the security system of Fast Pace Insurance Company, the plan has to undergo an audit. The audit will, therefore, be establishing the authenticity of the control put in place for safeguarding of the interests of the organization. In addition, the audit is also meant to ensure that the integrity of data and information of the company is boosted within the systems. It will also help check the viability of the company’s goals and objectives. The process of auditing will take its stride in phases, with the first one being planning. The dynamics of the system will be studied as well as the nature of the pre-existing controls of management in the security plan. The second phase is instrumental in determining if the controls in place are functioning or faulty.

Testing of the controls will be carried out after studying and evaluating them from the first and second phases. Evaluation will take into account all manner of proceeds to ensure that challenges to the system are robust enough. Attempted hacks and forceful entry into the system will provide the key answers. It also shows the penetrative elements of the possible attacks to the system. Once the findings are obtained, the next step within the audit mandates is the provision of them and reports (Liang, Ge, Wang, and Lin, 2012). All the test results are provided with possible feedback of the solutions towards the problems to the security demands. The follow-up activities are then scheduled after the reports. Changes will be made where appropriate and subsequent training of the users regarding the system’s functionality and upgraded mechanism. At the conclusive bit, reports on all generated steps will be availed.

Cyber Laws

For the use of resources within Fast Pace Insurance Company, there needs to be an internet connection available. Cyber laws will be of help in guiding the usage as well as showing the proper interactive requirements within the system. Other networks and internet protocols will be in scrutiny within the security plan, for the effective measure, control, and management according to the goals and objectives of the company. With the health Insurance, Portability and Accountability Act will be used for compliance according to the legislation of the systems. The public and governmental input will be identified within the system to ensure that there is reliance on the clear guidelines provided in totality. Federal Information Security Management Act will also be used in the security plan for compliance regarding the internet use and effective control aspects of the company’s mandate (Kamoru, Frank, and Yemi, 2014). The application of the consolidated system, which is new, will take effect on the agreed timeline with the operations of Fast Pace Insurance Company. Subsequent reviews with the governmental jurisdiction of the laws to be followed will be of value to the company.

 

Reference:

Duncan, D. P., & Farmer, D. B. (2014). U.S. Patent application 14/152,317.

Fichera, J., & Bolt, S. (2012). Network intrusion analysis: methodologies, tools, and techniques for incident analysis and response. Boston: Newness.

Jackson, C. (2010). Network security auditing. New York: Cisco Press.

Kamoru, O. K., Frank, I., & Yemi, A. (2014). Computer security measures, tools and best practices. British journal of applied science & technology, 4 (31), 4380.

Kizza, J. M. (2005). Computer network security. Boston: Springer Science & Business Media

Leavitt, N. (2013). Today’s mobile security requires a new approach. Computer, (11), 16-19.

Lee, R. (2012). Software and network engineering. New York: Springer.

Liang, Z. Y., Ge, Y., Lin, Y. H., Wang, Y. Q., & Lin, G. H. (2012). U.S. Patent No. 8,194,553. Washington, DC: U.S. Patent and Trademark Office.

Malik, S. (2003). Network security principles and practices. New York: Cisco Press

Marakas, G. M., & O’Brien, J. A. (2014). Introduction to information systems. Singapore: McGraw Hill.

Nord, J., Tucker, B. E., & Gaylor, T. (2015). U.S. Patent No. 20,150,169,892. Washington, DC: U.S. Patent and Trademark Office.