PREDICTX and deliver a comprehensive report

The report required to analyze the PREDICTX and deliver a comprehensive report on Information Security Risk Assessment. should consider the following points. Please read the report specification document carefully.

  1. Operations
  2. Datacenter
  3. Network infrastructure
  4. Normal Operations
  5. Physical Security Issues
  6. Logical Security Issues
  7. Business Process
  8. Employees

After analysis of the company, provide a report on Information Security Risk Assessment, which should include Systems Identification and Safeguard Determination phase.
use different templates available on the internet to seek help in designing the requirements. list all the used references.

  1. Project Specifications

PREDICTX is a micro-finance company which consists of 1500 total staff, employed at the headquarters and other branches across the country. Its business model relies on electronic transactions with key customers and suppliers. PREDICTX uses a BizTalk Server implementation for its transactions.
PREDICTX uses BizTalk Server to manage transactions and communications between internal and external applications. PREDICTX communicates with approximately 85 internal applications and 2300 trading partners. It currently processes approximately 2.5 million documents per month, and estimates that it will process 6 million documents per month by the end of 2021.

  1. Data Center Architecture

PREDICTX has installed all the products from Microsoft, which includes domain controllers, file servers, print servers and exchange server. All products are licensed and number of licensed purchased are enough for the company employee strength.
PREDICTX uses BizTalk Server as a message broker to communicate between internal applications and to process, send, and receive correctly formatted messages to and from its suppliers and customers. PREDICTX has to process internal and external documents in different formats. This includes flat files and XML documents.
PREDICTX uses a single firewall to separate its corporate computers from the Internet. As an added layer of security, PREDICTX incorporates Internet Protocol security (IPsec) communication between all its corporate servers and workstations that reside within the corporate network. PREDICTX uses IPsec to encrypt all communications within its internal domain.
PREDICTX uses a file share server to receive flat files. This file share server resides outside its corporate network and domain. A firewall separates the file share server from the corporate network. PREDICTX’s external partners post their flat file documents on this file share server, and they communicate with the file share server through an encrypted Point-to-Point Tunneling
Protocol (PPTP) pipeline. PREDICTX protects access to the file share server by partner passwords that expire every 90 days.
PREDICTX has created a custom file-movement application that retrieves the flat file documents from the file share server and sends them to BizTalk Server for additional processing. The internal applications for PREDICTX also use the custom file-movement application to pass flat files to Application Server, transforms these documents and sends them to PREDICTX’s trading partners.
Before BizTalk Server transforms the partner data to the internal application formats, it validates that it has an entry for the sender, receiver, and document type. If BizTalk Server receives a message for which it does not have an entry for either the sender, receiver, or document type, BizTalk Server rejects the message, and the operations team of PREDICTX review the message. The internal applications send messages in a variety of formats.
PREDICTX also receives documents through HTTP from internal and external sources. External partners post their documents to a Web server outside the corporate network. A firewall separates this Web server from the corporate network. The custom file-movement application also retrieves the documents posted through HTTPS. PREDICTX uses a third-party product to encrypt and sign messages to its trading partners. As an additional piece of security, PREDICTX performs a nightly audit on all the servers to make sure they have the correct security settings. PREDICTX logs all exceptions for review.
PREDICTX uses a Microsoft Exchange server to exchange emails internally and externally. A mail exchange relay is installed outside the firewall to receive emails, check for any virus infection and then move the message to the internal exchange server. An antivirus software is installed on the exchange relay to do the virus check. Outlook web access (OWA) is provided to all the internal users to use the email system outside the company using Microsoft Outlook software installed on their laptops.

  1. Data Center Diagram
  2. Potential Threats and Security Concerns

PREDICTX wants to make sure that it receives and processes only messages from authenticated sources. PREDICTX also wants to make sure that it can receive and retrieve documents from outside its corporate network as safely as possible. The firewall that separates PREDICTX’s corporate network from the Internet only lets through traffic from port 80 and port 443. The firewall rejects all other traffic.
PREDICTX also wants to make sure that their email system is not hacked or cracked because they heavily rely on the email messages from clients to process their transactions.
PREDICTX also want to protect its data regarding its employees, customers, transactions, financial and other documents related to business.
PREDICTX wants to make sure that the employees use encrypted USBs only, they would like to distribute the digital certificate using the domain controllers.
PREDICTX also wants to implement backup process to secure all critical data of the business.
PREDICTX is also looking into Cloud Computing and Virtualization solutions to protect their data from disaster.
PREDICTX would like to implement physical security as well and central monitoring system.
PREDICTX would also like to implement VoIP system and record all the official calls to protect against any espionage.

  1. Recent Threats Faced by the Company

Following are the recent incidents faced by the company few months ago.

  1. The help desk person realized that someone is sending emails from the CEO account; he suspected an email hack and escalate the Incident to the network team. The CEO assistant had access to the email account but she was not present in the office at the time of the email sent. The CEO was also at home and enjoying dinner with his family. The network team did its own checkup, concluded that email has been initiated by the director account and it’s a legitimate email, and not hacked. Since the company do not have an information security team, they could not figure out on who has sent the email to the system and the case was
  2. The helpdesk team reported that one of the BizTalk server failed to respond in the middle of the day, when most of the transactions were processing. Clusters of BizTalk servers is running in the datacenter and suppose to take over if one of the server fails, but it did not happen. A network team member examined the situation and figured out that the problem in the network connection did not force the redundant server to take However, it took him long time to fix the issue, which resulted in many transaction failure and loss of revenue.
  3. Many of the employees in the company report virus threats and assume hacking and cracking. Therefore, they have started copying their important data on the USB hard Drives and keep them in their laptop bags in case of emergency. The employees are allowed to bring in the USB flash drives, USB hard Drives and any other media into the
  4. The company personal security officer reported that he has spotted a person roaming in the office area. This person do not seems to be an employee or any partner vendor engineer or support. He reported the issue to the management and the person was just asked to leave the premises without any interrogation. The management is concerned about the physical security of the company. They are concerned on privacy, identity theft, social engineering and physical theft of any
  5. One of the female employee reported that another colleague is harassing her by sending personal emails. The company management intervened and gave warning to the employee if this is reported again he will be fired. However, the employee threatened the management if they fired him he will sue the company and fight for his

7. Report Requirements

 Below are the requirements where is supposed to fulfill.
 

A)    Introduction to the Case

 Introduce the case study, its purpose, and its outcome.
(NOTE: Technical language is explained. The conclusion addresses the project specifications and requirements in a thoughtful and logical way. provides clear explanation of relationship)

B)    The Company

 Provide an overview of the company; describe the business activities, core business function, and thorough analysis of the data center diagram.
(NOTE: Company overview and analysis is well focused on given objectives and produced the excellent analysis on finding/ results. Applies them to problem correctly and clearly establishes their relevance.)

C)    Risk Determination Phase

 Describe each of the following based on the provided Company PREDICTX scenario. (Refer to Appendices for more details):

  1. Identify Assets, asset owners
  2. Identify Asset Value
  3. Identify threats to Assets and their Likelihood
  4. Identify Vulnerabilities and the Likelihood of their Exploitation by the Identified threats
  5. Describe Risks to the Assets based on Points (3, 4, 5)
  6. Evaluate Risk based on Point (6)

D)    Safeguard Determination Phase

 Describe each of the following based on the provided Company PREDICTX scenario. (Refer to Appendices for more details):

  1. Define the recommended Controls and Safeguards based on the 20 critical security controls.–> use the PDF I sent it to you
  2. Determine the residual likelihood of occurrence if control and safeguard are implemented.
  3. Determine residual severity of impact if candidate control and safeguard are implemented.
  4. Determine residual risk

Report Requirements

 MS Word report with  3000

  1. Font: Times New Roman, size
  2. APA referencing with in-text references and a “references”

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Order Now

Calculate a fair price for your paper

Such a cheap price for your free time and healthy sleep

1650 words
-
-
Place an order within a couple of minutes.
Get guaranteed assistance and 100% confidentiality.
Total price: $78
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?