Multimedia Architects and Associates

Multimedia Architects and Associates

Security Audit (Part III)

Akinjide Akinboye, Glenn B., John Truppa, Ken Arias, Tony E. Rumford

University of Phoenix
CMGT/582 Security & Ethics

October 10, 20016

Professor Hall

Introduction

        Multimedia Architects and Associates is a massive company whose reach stretches across the globe. With the massive demand for the Multimedia Architects and Associates’ service comes the need for reliable computer and network systems. This organization must implement the proper network security technologies and methodologies to effectively run the company while maintaining the integrity of the security system as a whole. Technologies are considered mechanisms and not methods; they include firewalls, network intrusion-detection systems, antivirus software, VPN systems, etc. Methods are the procedures and written guides that define how security is implemented. Technologies are the mechanisms used to implement security.

Implementation of Technologies and Methodologies

        The International Standardization Organization (ISO) has recognized four basic risk analysis approaches in ISO13335, which governs Information Technology and Security Techniques. These analysis approaches are baseline, informal, detailed and combined. Since Multimedia Architects and Associates have offices that stretch across the nation, security strength must reflect the risk a global company presents.

Words: 68 must be on par. There is a constant flow of sensitive information and data being sent from one office to another, which is a potential hole in security.

         We recommend purchasing security software to protect each local office from threats within their own network such as viruses, employee negligence, outdated software, intrusions files, etc. Using this new technology, we will then be able to implement our methods or standard operating procedures to operate and maintain the new security systems. Multimedia Architects and Associates is not an IT company they will most likely not have employees capable of operating and maintaining the security networks that will be installed. We recommend finding a third party or outside contractor to properly oversee the security systems to be more cost efficient.

Evaluation of Technologies and Methodologies

        With the new security systems that will be set up at all three locations and the corporate office new methods to maintaining the systems will be implemented. Security firewalls will be set up at each location. These firewalls will prohibit the employees from using websites that are considered nonessential to company production. This will include social media site, movie and video streaming sites, Pandora, etc. Emails will be filtered through a third party company known as Barracuda Email Security Service. Barracuda Security Service will filter the emails to assess and determine whether the email is a threat. If the email is seen as a threat, the employee will receive an email from Barracuda Security Service with details of the email. If the employee verifies the email is no threat, then the employee will download the email form the Barracuda website linked to the email.

Another way to help detect anomalies on the network is through a Network Behavior and Anomaly Detection (NBAD) system or a Security Information and Event Management (SIEM) system. An NBAD system is a device used to detect shifts or sudden changes in traffic thresholds that could indicate irregular behavior on a network (Shackleford, 2015). This type of irregularity is often the sign of some kind of attack or exploit on a network. A SIEM takes an NBAD a step further, combining it with the security events from devices such as firewalls and IPS systems and uses this information to correlate irregular traffic patterns with the specific systems that are likely infected. An NBAD or SIEM is extremely useful in the detection of “zero-day” exploits, which is when vulnerabilities are exploited before a vendor is aware that the vulnerability exists, and rushes to find a solution before information of the vulnerability becomes more widely known (Symantec, 2010).

...