Telecommunication Services and Storage of The Organizations Data Essay
ANSWER
Marymount University Research Data Center Security Plan
Introduction
Marymount University operates two primary data centers on its campus—the research data center and the business data center. The research data center serves as a valuable resource for students and faculty, allowing them to conduct research and academic activities. However, due to budget and space limitations, the research data center also houses the backup systems for the business data center, leading to a dual-purpose utilization of the space. Recent incidents of unauthorized access and security breaches in the research data center have raised concerns about the security of the business data stored there.
As an entry-level security analyst in the information security department, my objective is to propose a set of controls that will enable the continued use of the research data center for its intended academic purpose while enhancing the protection of the business systems and data residing within it.
Administrative Controls
Access Control Policy
- Access Authorization: Implement strict access control policies for the research data center. Access should be granted only to authorized personnel, including students and faculty members who require it for academic purposes.
- Role-Based Access: Define roles and responsibilities for individuals accessing the research data center. Differentiate between academic users and IT personnel responsible for managing business data systems.
- Access Review: Conduct regular reviews of access rights and privileges to ensure that they are aligned with current academic and administrative needs.
- Access Logging: Implement comprehensive access logging and monitoring to track who accesses the research data center and when.
Security Awareness Training
- Training Programs: Provide security awareness training to all personnel with access to the research data center. This training should include best practices for physical and digital security.
Incident Response Plan
- Incident Handling: Develop and maintain an incident response plan that outlines the steps to be taken in the event of a security incident or breach.
Security Compliance Audits
- Regular Audits: Conduct periodic security audits and assessments to ensure compliance with security policies and standards.
Technical Controls
Network Segmentation
- Network Segmentation: Segregate the network within the research data center to isolate academic and business systems. Implement VLANs or network segmentation technologies to separate the two environments.
Intrusion Detection and Prevention Systems (IDPS)
- IDPS: Deploy intrusion detection and prevention systems to monitor network traffic within the research data center. Configure alerts for suspicious activities.
Access Control
- Access Control Systems: Implement card-based or biometric access control systems for entry into the research data center. Access should be granted only to authorized individuals.
- Two-Factor Authentication (2FA): Enforce two-factor authentication for accessing critical systems within the research data center, especially for business data systems.
Security Monitoring and Logging
- Continuous Monitoring: Establish continuous monitoring of network and system activities. Log and review security events regularly.
Security Patch Management
- Patch Management: Implement a robust patch management process to ensure that all systems and software are up-to-date with the latest security patches.
Endpoint Security
- Antivirus and Anti-Malware: Deploy antivirus and anti-malware solutions on all systems within the research data center.
Data Encryption
- Data Encryption: Encrypt sensitive business data both in transit and at rest to protect it from unauthorized access.
Physical Controls
Access Control
- Physical Access Controls: Enhance physical security by installing security cameras, alarms, and card-based access control systems at the entrances of the research data center.
- Restricted Hours: Restrict access to the research data center to specific hours, aligning with academic needs.
- Secure Cabinets: Store critical business data systems in locked cabinets or racks to prevent unauthorized physical access.
Environmental Controls
- Environmental Monitoring: Implement environmental monitoring systems to track temperature, humidity, and other environmental factors that may impact the data center’s infrastructure.
Backup and Redundancy
- Backup Locations: Establish off-site backup locations for business data to ensure data availability even in the event of a disaster within the research data center.
Conclusion
By implementing these administrative, technical, and physical controls, Marymount University can strike a balance between academic freedom in the research data center and the security of business systems and data. These measures will help protect sensitive business data while allowing students and faculty to continue their academic work within the research data center. Regular assessment and updates to the security plan will be essential to adapt to evolving threats and compliance requirements.
QUESTION
Description
Marymount University has two primary data centers on campus—the research data center and the business data center. Due to budget and space limitations, the research data center is also used to house the backup systems for the business data center, resulting in business data being stored in both locations.
The research data center is typically left unlocked, as many students and faculty members use it for their work. The network infrastructure is not monitored, and the systems themselves are not required to be secured.
Recently, signs of after-hours access have been found in the research data center. Doors have been left open, lights have been on, and logins have been found on research systems. Logs indicate that local logins have been attempted on the business system consoles as well.
You are an entry-level security analyst in the information security department at MU. Your manager – Professor s asks you to propose a set of controls that will allow the use of the research data center for its intended purpose while protecting the business systems that reside there.
For this assignment:
- Write a security plan using the research datacenter description and diagram as a point of reference.
- Describe the administrative, technical, and physical controls you would recommend and why.