You are an independent consultant who specializes in Information Technology security issues. You have been retained by the Designer Distributions Company, a mid-sized and growing consumer goods distribution company, for an assignment to assess the state of their computing environment security situation. The company's newly hired VP of IT is conducting this project because she does not have a security specialist on her staff and has learned that the company does not have a comprehensive security strategy. In fact, she suspects lack of even basic security knowledge in both the IT staff and the user community.
The company has a headquarters office building, which includes the principal data center, and a separate warehouse linked to the office by an private data network. The warehouse has a small computing facility of its own for order shipment data entry and tracking. This computer is linked to the headquarters order entry systems through the network. Additionally, there are Internet-based data links to several key suppliers used to share reorder, production and shipping schedules and status information. When potential new suppliers compete for contracts with Designer Distributions, their proposals are received and negotiated via Email.
You have been interviewing executives and staff at the company and at key suppliers and are beginning to evaluate what you have learned in preparation for preparing your report to the VP of IT.
Details: One of the recommendations you are making to Designer Distributions corporation is to create a full-time position of security administrator. Until now, the job has been done on a part-time basis in the systems administration department, which was a viable approach when the company did not have inter-facility and Internet networking connections. Now you believe that security planning, implementation, and administration tasks required to support the growing network justify a stand-alone position. In support of this recommendation, you are preparing a presentation describing these tasks, their purpose, and their criticality.
Access to business applications such as Designer Distributions' order processing/shipment scheduling system from a remote company location (e.g. the warehouse)
A corporate email system used internally by employees and externally to the Internet for correspondence and supplier bid proposals
A company website on the Internet as well as employee access to the Internet
File transfer capabilities allowing sales staff access to and transmission of data files containing supplier and customer specific information (using remote dial-up phone connections)
A wireless network within the headquarters building that allows employees to move their laptop computers from desks to conference rooms while maintaining connectivity to the computer applications and email system
Your presentation should describe the implementation and ongoing maintenance of security system features that protect these networking elements from the risks that you identify.
Security Policies for a company's Networks are outlined.