Information Security: Research and Analysis
VerifiedAdded on  2020/05/11
|16
|4747
|240
AI Summary
This assignment delves into the crucial field of information security. It presents a collection of research papers and articles covering various aspects such as data encryption techniques (SSH2, simple steps to data encryption), mobile device security measures (mobile device security for dummies, mobile device security: a comprehensive guide), business continuity planning (Business Continuity Planning: Step-by-Step Guide with Planning Forms), risk management frameworks (Fundamentals of risk management, Security risk management), and virtualization security. Students are expected to analyze these sources and understand the evolving landscape of information security challenges and solutions.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: Network Management and Security 1
Network Management and Security
Name
Affiliate Institution
Network Management and Security
Name
Affiliate Institution
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Network Management and Security 2
Executive Summary
Network management involves configuring and controlling several devices linked to the
network. These devices are hosts, routers, several firewalls, and bridges. Network management is
a very important aspect to STP. It is the engine that help in controlling other dependent
operations within the company. It is the key to privacy and security. A well-managed network
enhances organizational security and threat detections, preventions and mitigation. However, if
STP network is managed poorly, it will lead to vulnerability of the entire organization, especially
if it relies on the network to share critical information and other resources. Therefore, STP needs
proper management of the network to enhance privacy and security. UC and C (Unified
communications and collaboration) need more additional management operations. First quality
of service (QoS) should prioritize traffic of unified communications and collaboration over
traffic of bulk data. The management system should manage queues of QoS in order to identify
excess high priority queues traffic, especially in networks where several sources and high
priority traffic types exist. STP should configure network management system to create a report
of Top-N on interface drops. A drop happens when a link of network is too squeezed to manage
an outgoing packet. All the buffers of the interface are full and therefore the packet is dropped.
The best information source of the functionality of the UC and C systems may not be the
network. As such STP should monitor endpoints and controllers of UC and C to gather
information on configurations, performance and problems. Although the UC and C can create
reports that are separate, STP should recognize one or two reports that can be generated daily or
weekly to aid in identifying when the system has problems that may not been seen by looking the
network.
Executive Summary
Network management involves configuring and controlling several devices linked to the
network. These devices are hosts, routers, several firewalls, and bridges. Network management is
a very important aspect to STP. It is the engine that help in controlling other dependent
operations within the company. It is the key to privacy and security. A well-managed network
enhances organizational security and threat detections, preventions and mitigation. However, if
STP network is managed poorly, it will lead to vulnerability of the entire organization, especially
if it relies on the network to share critical information and other resources. Therefore, STP needs
proper management of the network to enhance privacy and security. UC and C (Unified
communications and collaboration) need more additional management operations. First quality
of service (QoS) should prioritize traffic of unified communications and collaboration over
traffic of bulk data. The management system should manage queues of QoS in order to identify
excess high priority queues traffic, especially in networks where several sources and high
priority traffic types exist. STP should configure network management system to create a report
of Top-N on interface drops. A drop happens when a link of network is too squeezed to manage
an outgoing packet. All the buffers of the interface are full and therefore the packet is dropped.
The best information source of the functionality of the UC and C systems may not be the
network. As such STP should monitor endpoints and controllers of UC and C to gather
information on configurations, performance and problems. Although the UC and C can create
reports that are separate, STP should recognize one or two reports that can be generated daily or
weekly to aid in identifying when the system has problems that may not been seen by looking the
network.
Running Head: Network Management and Security 3
Table of Contents
Executive Summary........................................................................................................................................................2
1 Introduction..................................................................................................................................................................5
1.1 Authorization........................................................................................................................................................5
1.2 Limitations............................................................................................................................................................5
1.3 Scope of the Report..............................................................................................................................................5
1.4 Assumptions.........................................................................................................................................................5
2 Project Background......................................................................................................................................................5
2.1 Network Project Background...............................................................................................................................5
2.2 Project Scope........................................................................................................................................................7
2.3 Project Goal..........................................................................................................................................................7
2.4 Strategic Alignment of the Project.......................................................................................................................7
3 Network security..........................................................................................................................................................7
3.1 Securing Data.......................................................................................................................................................7
3.1.1 Users, Guidelines and Prevention.................................................................................................................7
3.1.2 Privacy Consideration...................................................................................................................................8
3.2 Mobile Devices Security......................................................................................................................................9
3.2.1 User Consideration........................................................................................................................................9
3.2.2 Application Considerations...........................................................................................................................9
3.2.3 Device Considerations..................................................................................................................................9
3.2.4 Policy Considerations.................................................................................................................................10
4 Plan for Hardware Purchases.....................................................................................................................................10
4.1 Hardware Quality...............................................................................................................................................10
4.2 Price of Hardware...............................................................................................................................................10
4.3 Service Agreement.............................................................................................................................................11
5 Business Continuity...................................................................................................................................................11
5.1 Disaster Response...............................................................................................................................................11
5.2 Stabilization and Activation...............................................................................................................................12
5.3 Communication..................................................................................................................................................13
6 Risk Management......................................................................................................................................................13
6.1 Risk Identification..............................................................................................................................................13
6.2 Risk Controls and Mitigation.............................................................................................................................14
Conclusion....................................................................................................................................................................14
Recommendation..........................................................................................................................................................15
Reference list................................................................................................................................................................16
Table of Contents
Executive Summary........................................................................................................................................................2
1 Introduction..................................................................................................................................................................5
1.1 Authorization........................................................................................................................................................5
1.2 Limitations............................................................................................................................................................5
1.3 Scope of the Report..............................................................................................................................................5
1.4 Assumptions.........................................................................................................................................................5
2 Project Background......................................................................................................................................................5
2.1 Network Project Background...............................................................................................................................5
2.2 Project Scope........................................................................................................................................................7
2.3 Project Goal..........................................................................................................................................................7
2.4 Strategic Alignment of the Project.......................................................................................................................7
3 Network security..........................................................................................................................................................7
3.1 Securing Data.......................................................................................................................................................7
3.1.1 Users, Guidelines and Prevention.................................................................................................................7
3.1.2 Privacy Consideration...................................................................................................................................8
3.2 Mobile Devices Security......................................................................................................................................9
3.2.1 User Consideration........................................................................................................................................9
3.2.2 Application Considerations...........................................................................................................................9
3.2.3 Device Considerations..................................................................................................................................9
3.2.4 Policy Considerations.................................................................................................................................10
4 Plan for Hardware Purchases.....................................................................................................................................10
4.1 Hardware Quality...............................................................................................................................................10
4.2 Price of Hardware...............................................................................................................................................10
4.3 Service Agreement.............................................................................................................................................11
5 Business Continuity...................................................................................................................................................11
5.1 Disaster Response...............................................................................................................................................11
5.2 Stabilization and Activation...............................................................................................................................12
5.3 Communication..................................................................................................................................................13
6 Risk Management......................................................................................................................................................13
6.1 Risk Identification..............................................................................................................................................13
6.2 Risk Controls and Mitigation.............................................................................................................................14
Conclusion....................................................................................................................................................................14
Recommendation..........................................................................................................................................................15
Reference list................................................................................................................................................................16
Running Head: Network Management and Security 4
1 Introduction
1.1 Authorization
This report has been by STP to carry out evaluation on the current system so as to evaluate and
analyze if it is meeting the set objective of the organization such as privacy, security and
regulations of the country it operates on.
1.2 Limitations
The Manager and employees have limited technical skills and knowledge of the system.
1.3 Scope of the Report
Network management involves configuring and controlling several devices linked to the
network. These devices are hosts, routers, several firewalls, and bridges. Network management is
a very essential part in network functionality. The safety of the whole network depends on its
management and security functionality. Having a network that is secure requires controlled
configuration of tasks. (Singh, 2012). This context involves the network management and
security of STP limited that will help keep data safe for the company and the customers
involved. The company’s project background, network security, plan for hardware purchases,
business continuity and risk management is also discussed.
1.4 Assumptions
STP have already implemented the system and has an internet provider ADSL, switches and
Modems have been implemented in each office branch.
2 Project Background
2.1 Network Project Background
It saves time- the system of STP allows addition of future devices without altering the existing
system thus saving time to develop another system. Also, a network management system that is
excellent will allow STP limited executives to provide direct access to the employees with any
information they require in order to perform effective job. This helps avoid travelling to various
1 Introduction
1.1 Authorization
This report has been by STP to carry out evaluation on the current system so as to evaluate and
analyze if it is meeting the set objective of the organization such as privacy, security and
regulations of the country it operates on.
1.2 Limitations
The Manager and employees have limited technical skills and knowledge of the system.
1.3 Scope of the Report
Network management involves configuring and controlling several devices linked to the
network. These devices are hosts, routers, several firewalls, and bridges. Network management is
a very essential part in network functionality. The safety of the whole network depends on its
management and security functionality. Having a network that is secure requires controlled
configuration of tasks. (Singh, 2012). This context involves the network management and
security of STP limited that will help keep data safe for the company and the customers
involved. The company’s project background, network security, plan for hardware purchases,
business continuity and risk management is also discussed.
1.4 Assumptions
STP have already implemented the system and has an internet provider ADSL, switches and
Modems have been implemented in each office branch.
2 Project Background
2.1 Network Project Background
It saves time- the system of STP allows addition of future devices without altering the existing
system thus saving time to develop another system. Also, a network management system that is
excellent will allow STP limited executives to provide direct access to the employees with any
information they require in order to perform effective job. This helps avoid travelling to various
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running Head: Network Management and Security 5
locations to check out on the condition of the devices, and allow them to see device status at a
central computer. Additionally, employees are allowed to retrieve information using personal
computers while providing access control to network managers. Therefore, time is saved and
used to deal with other activities of the company. (Stallings, 2011)
It’s cost-effective- STP limited have good system that accommodates future changes and thus
saving cost for developing another system once the company expands. Also the management
system will allow STP executives to minimize cost for hiring. Only a single administrator of the
system is needed at a centralized location to control and monitor the whole network. The costs
saved can be used for other operations of the company such as research, training and
development.
It increases productivity-the system of STP limited increases productivity through advertisement
of their product in their website which helps attract more customers who are in need of those
products and services. Additionally, network management system will ensure there is control of
every software and hardware. All devices are interconnected and so malfunctioning of a single
device will affect the functionality of the others. Network management system identify and solve
issues before they are a common knowledge, and thus minimizing productivity hindrances or
data loss. As such, employees are able to focus on other essential duties. (Jacobs, 2014)
prevents business disruption- STP system allows customers to see the products available in the
company and also the company is able to determine what product is missing in all its branches
and work towards making the products available. As such business disruptions is minimized as
both the customer and the company can be able to view what they need and act towards it.
management and security of the network on the other hand, minimizes downtown which can lead
to productivity and revenue loss. (Liu, 2009)
It documents performance- STP system consists of customer information, stock information and
accounts information. As such the company is able to analyze its progress using that data. An
excellent network management system will simplify employees job of achieving SLAs (service
level agreement) and file their achievements with reports. Network management offers real time
statistics and provides visibility into every network aspect. (Loshin, 2013)
locations to check out on the condition of the devices, and allow them to see device status at a
central computer. Additionally, employees are allowed to retrieve information using personal
computers while providing access control to network managers. Therefore, time is saved and
used to deal with other activities of the company. (Stallings, 2011)
It’s cost-effective- STP limited have good system that accommodates future changes and thus
saving cost for developing another system once the company expands. Also the management
system will allow STP executives to minimize cost for hiring. Only a single administrator of the
system is needed at a centralized location to control and monitor the whole network. The costs
saved can be used for other operations of the company such as research, training and
development.
It increases productivity-the system of STP limited increases productivity through advertisement
of their product in their website which helps attract more customers who are in need of those
products and services. Additionally, network management system will ensure there is control of
every software and hardware. All devices are interconnected and so malfunctioning of a single
device will affect the functionality of the others. Network management system identify and solve
issues before they are a common knowledge, and thus minimizing productivity hindrances or
data loss. As such, employees are able to focus on other essential duties. (Jacobs, 2014)
prevents business disruption- STP system allows customers to see the products available in the
company and also the company is able to determine what product is missing in all its branches
and work towards making the products available. As such business disruptions is minimized as
both the customer and the company can be able to view what they need and act towards it.
management and security of the network on the other hand, minimizes downtown which can lead
to productivity and revenue loss. (Liu, 2009)
It documents performance- STP system consists of customer information, stock information and
accounts information. As such the company is able to analyze its progress using that data. An
excellent network management system will simplify employees job of achieving SLAs (service
level agreement) and file their achievements with reports. Network management offers real time
statistics and provides visibility into every network aspect. (Loshin, 2013)
Running Head: Network Management and Security 6
It minimizes security risks- an excellent network management system will help safeguard against
bugs, hacking and external and internal risks.
2.2 Project Scope
STP limited have developed a system that controls new stock, manages customer information
and accounts information. They also own a website. The new stock control system helps the
manager to determine what product is available or missing in every branch of the company. The
system also consists of the customer information that details his or her requirement. The
accounts part of the system allows the customer to pay for his or her products and services
instead of paying in cash. The website is used to advertise the products and services offered by
STP limited. The organization is also considering to hire sales people in all its branches.
2.3 Project Goal
STP limited is concerned with the network business continuity and the ability to safeguard
information of the customers and the organization itself. Although the people in STP possess
little knowledge on technical skills, supporting business growth and employee’s empowerment to
increase sales is a major goal in STP. The information system of STP should be more integrated
to enhance reporting in real time. The owner of STP requires to protect the investment done
during the development of the system.
2.4 Strategic Alignment of the Project
STP system was developed to cater for the current and future activities. The system should be
able to control current stock as well as future stock. The system should also manage current
customer information and additional client’s data in the future. In addition, the website of STP
should allow addition for information once the company expands in future. Due to
implementation of the network management system the company will increase productivity,
reduce cost, minimize risks and enhance its overall growth.
3 Network security
3.1 Securing Data
It minimizes security risks- an excellent network management system will help safeguard against
bugs, hacking and external and internal risks.
2.2 Project Scope
STP limited have developed a system that controls new stock, manages customer information
and accounts information. They also own a website. The new stock control system helps the
manager to determine what product is available or missing in every branch of the company. The
system also consists of the customer information that details his or her requirement. The
accounts part of the system allows the customer to pay for his or her products and services
instead of paying in cash. The website is used to advertise the products and services offered by
STP limited. The organization is also considering to hire sales people in all its branches.
2.3 Project Goal
STP limited is concerned with the network business continuity and the ability to safeguard
information of the customers and the organization itself. Although the people in STP possess
little knowledge on technical skills, supporting business growth and employee’s empowerment to
increase sales is a major goal in STP. The information system of STP should be more integrated
to enhance reporting in real time. The owner of STP requires to protect the investment done
during the development of the system.
2.4 Strategic Alignment of the Project
STP system was developed to cater for the current and future activities. The system should be
able to control current stock as well as future stock. The system should also manage current
customer information and additional client’s data in the future. In addition, the website of STP
should allow addition for information once the company expands in future. Due to
implementation of the network management system the company will increase productivity,
reduce cost, minimize risks and enhance its overall growth.
3 Network security
3.1 Securing Data
Running Head: Network Management and Security 7
3.1.1 Users, Guidelines and Prevention
STP needs to secure organizational and customer data that is stored. This involves avoiding
unauthorized individuals from accessing data as well as prevention of information corruption and
infection or intentional and accidental destructions. Encryption of data is one of the method used
in implementing a strategy of a tiered data- security. Securing data steps include; understanding
threats that are likely to occur, alignment of proper defense layers and constant management of
operation carried out as required. (Campagna, Iyer & Krishnan, 2011)
The figure below shows sections of stored data security at rest and while being accessed.
Movement of data is needed for authenticated general access, continuity of the business and
recovery of disaster, safeguarding of the information and archiving for compliance and
preservation of data.
Figure 1: Securing Data
(Source: The Strategic Group, 2012)
3.1.2 Privacy Consideration
The following are some of the items that should be considered in STP as part of safeguarding
stored data;
A tiered protection of data and model of security like defense multiple perimeter rings to deal
with threats that can occur should be implemented. Defense multiple layers can secure and
isolate data if a single defense perimeter is endangered from external or internal threats. (Fried,
2010).
3.1.1 Users, Guidelines and Prevention
STP needs to secure organizational and customer data that is stored. This involves avoiding
unauthorized individuals from accessing data as well as prevention of information corruption and
infection or intentional and accidental destructions. Encryption of data is one of the method used
in implementing a strategy of a tiered data- security. Securing data steps include; understanding
threats that are likely to occur, alignment of proper defense layers and constant management of
operation carried out as required. (Campagna, Iyer & Krishnan, 2011)
The figure below shows sections of stored data security at rest and while being accessed.
Movement of data is needed for authenticated general access, continuity of the business and
recovery of disaster, safeguarding of the information and archiving for compliance and
preservation of data.
Figure 1: Securing Data
(Source: The Strategic Group, 2012)
3.1.2 Privacy Consideration
The following are some of the items that should be considered in STP as part of safeguarding
stored data;
A tiered protection of data and model of security like defense multiple perimeter rings to deal
with threats that can occur should be implemented. Defense multiple layers can secure and
isolate data if a single defense perimeter is endangered from external or internal threats. (Fried,
2010).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Network Management and Security 8
Include logical security; passwords, authorization, encryption, and authentication as well as
physical security; networking cabinets, restricted access, storage and locks on servers. Physical
security involves low profile maintenance. (Kent, 2008)
Logical security on the other hand involves safeguarding the network with firewalls, detecting
programs of virus on servers, running antispyware, and storages systems that have their network
addressed. Databases, server operating system, applications and file system should be secured to
avoid access of stored data from unauthorized individuals. Storage system based volume should
be implemented and masking as defense last line for the stored data. (Fulmer, 2008)
3.2 Mobile Devices Security
3.2.1 User Consideration
Uneducated User- STP should first educate users on mobile applicable threats, ways of
identifying them, and ways to avoid them.
3.2.2 Application Considerations
The Unsafe Applications- STP should determine what programs to be permitted at work place
and whether the programs can access network. For instance, the company may restrict
downloading game apps.
3.2.3 Device Considerations
The Allowable Devices- STP may restrict the allowable devices in the company. For example,
they may allow the use of apple or android only to help developers to avoid writing and
maintaining code for every single platform. (Blyth, 2009)
The stolen and lost Devices- STP should lock down or wipe their devices to prevent
authentication code from being used and data stealing once a tablet or phone is stolen or lost. It is
advisable for the users in STP to keep backing up their personal details to avoid losing it if their
devices are wiped out.
Include logical security; passwords, authorization, encryption, and authentication as well as
physical security; networking cabinets, restricted access, storage and locks on servers. Physical
security involves low profile maintenance. (Kent, 2008)
Logical security on the other hand involves safeguarding the network with firewalls, detecting
programs of virus on servers, running antispyware, and storages systems that have their network
addressed. Databases, server operating system, applications and file system should be secured to
avoid access of stored data from unauthorized individuals. Storage system based volume should
be implemented and masking as defense last line for the stored data. (Fulmer, 2008)
3.2 Mobile Devices Security
3.2.1 User Consideration
Uneducated User- STP should first educate users on mobile applicable threats, ways of
identifying them, and ways to avoid them.
3.2.2 Application Considerations
The Unsafe Applications- STP should determine what programs to be permitted at work place
and whether the programs can access network. For instance, the company may restrict
downloading game apps.
3.2.3 Device Considerations
The Allowable Devices- STP may restrict the allowable devices in the company. For example,
they may allow the use of apple or android only to help developers to avoid writing and
maintaining code for every single platform. (Blyth, 2009)
The stolen and lost Devices- STP should lock down or wipe their devices to prevent
authentication code from being used and data stealing once a tablet or phone is stolen or lost. It is
advisable for the users in STP to keep backing up their personal details to avoid losing it if their
devices are wiped out.
Running Head: Network Management and Security 9
3.2.4 Policy Considerations
The Exit Policy carried out correctly- some employees might quit their duties without alert, get
fired, or sometimes become ill or have an accident. In such cases, STP should have means to
wipe out corporate data from devices and own a policy that is approved by the legal department
and IT of STP that permits them to do so. (Hopkin, 2012).
4 Plan for Hardware Purchases
STP is expected to sometimes purchase computer software and hardware. Some of the factors
that STP should consider when making purchases include; quality, price and service after sale.
4.1 Hardware Quality
Quality- STP should consider the following things to determine the quality of the product;
whether the product meet the company’s needs, do the product possess functions and features the
company need, how well the product is developed, and the lifespan of the product. STP can visit
respected online reviews like Newegg to help them identify the best products. The company
should do research on the best available product. Good reviews of a product can give the
company confident to purchase it. STP should also understand how the product will
communicate well with the technology put in place. Additionally, the company should also
consult from a service provider or another consultant of IT. (Wheeler, 2011)
4.2 Price of Hardware
Price- as much as STP own a budget for product purchase, they should keep in mind that buying
cheap product is not the best option since it may break easily or fails to meet the company’s
needs. This may require the company to replace the product thus increasing expenses. The
company should bear in mind the product cost is a single part of the TCO (total cost of
ownership).
Service after the sale- some of the factors STP should consider before purchasing are;
Return policy: the shipping and restocking cost incurred if the products fails to satisfy the
company needs, time consumed when the company staff members are dealing with the process
of return, and what operation impacts will be experienced for lack of a product in the company.
3.2.4 Policy Considerations
The Exit Policy carried out correctly- some employees might quit their duties without alert, get
fired, or sometimes become ill or have an accident. In such cases, STP should have means to
wipe out corporate data from devices and own a policy that is approved by the legal department
and IT of STP that permits them to do so. (Hopkin, 2012).
4 Plan for Hardware Purchases
STP is expected to sometimes purchase computer software and hardware. Some of the factors
that STP should consider when making purchases include; quality, price and service after sale.
4.1 Hardware Quality
Quality- STP should consider the following things to determine the quality of the product;
whether the product meet the company’s needs, do the product possess functions and features the
company need, how well the product is developed, and the lifespan of the product. STP can visit
respected online reviews like Newegg to help them identify the best products. The company
should do research on the best available product. Good reviews of a product can give the
company confident to purchase it. STP should also understand how the product will
communicate well with the technology put in place. Additionally, the company should also
consult from a service provider or another consultant of IT. (Wheeler, 2011)
4.2 Price of Hardware
Price- as much as STP own a budget for product purchase, they should keep in mind that buying
cheap product is not the best option since it may break easily or fails to meet the company’s
needs. This may require the company to replace the product thus increasing expenses. The
company should bear in mind the product cost is a single part of the TCO (total cost of
ownership).
Service after the sale- some of the factors STP should consider before purchasing are;
Return policy: the shipping and restocking cost incurred if the products fails to satisfy the
company needs, time consumed when the company staff members are dealing with the process
of return, and what operation impacts will be experienced for lack of a product in the company.
Running Head: Network Management and Security 10
It is important to avoid returns since it may maximize cost thus interfering with the budget of the
company.
Warranty: warranties apply to the product state at the time the company purchased it. if
something happens to be wrong with the product, the supplier will fix or replace it at no expenses
as long as the extension of the subsequent warrant is in effect. STP should purchase that have
warrants and stands with that policy and can be easily contacted once a problem arises.
4.3 Service Agreement
Service agreement: when STP is handling IT software and hardware they should expect constant
improvements through updates and upcoming versions. These updates are carried out for various
reasons such as general performance boost, introduction of specific features, and dealing with
security vulnerabilities that are being discovered. Service agreements are very important to the
company especially for the products that are essential to functions of the business since losses of
operations due to outdated software or hardware can be costly. (Tran &Gold, 2014)
Normally the more a purchase is complex the more the TCO is impacted by the service after the
sale. If STP is not careful poor service cost can exceed the initial investment.
STP should avoid the temptation of making the price the driving factor in their purchase
decisions. STP should analyze quality, price and service after sale of software and hardware
products. In addition, the company should always consider a second opinion from an IT provider
that is competent.
5 Business Continuity
STP should consider the following factors that will enhance its continuity;
5.1 Disaster Response
Initial Response- everyone in STP should understand what is to be done if something interferes
with daily activities. The staff members should plan and exercise for occurrence of such
situations. This will help in avoiding confusion and tension during such times. The person who
may notice that event should be aware of what is to be done like alerting the security, calling 911
or pulling fire alarms. STP should plan protocols for warning the appropriate decision makers.
It is important to avoid returns since it may maximize cost thus interfering with the budget of the
company.
Warranty: warranties apply to the product state at the time the company purchased it. if
something happens to be wrong with the product, the supplier will fix or replace it at no expenses
as long as the extension of the subsequent warrant is in effect. STP should purchase that have
warrants and stands with that policy and can be easily contacted once a problem arises.
4.3 Service Agreement
Service agreement: when STP is handling IT software and hardware they should expect constant
improvements through updates and upcoming versions. These updates are carried out for various
reasons such as general performance boost, introduction of specific features, and dealing with
security vulnerabilities that are being discovered. Service agreements are very important to the
company especially for the products that are essential to functions of the business since losses of
operations due to outdated software or hardware can be costly. (Tran &Gold, 2014)
Normally the more a purchase is complex the more the TCO is impacted by the service after the
sale. If STP is not careful poor service cost can exceed the initial investment.
STP should avoid the temptation of making the price the driving factor in their purchase
decisions. STP should analyze quality, price and service after sale of software and hardware
products. In addition, the company should always consider a second opinion from an IT provider
that is competent.
5 Business Continuity
STP should consider the following factors that will enhance its continuity;
5.1 Disaster Response
Initial Response- everyone in STP should understand what is to be done if something interferes
with daily activities. The staff members should plan and exercise for occurrence of such
situations. This will help in avoiding confusion and tension during such times. The person who
may notice that event should be aware of what is to be done like alerting the security, calling 911
or pulling fire alarms. STP should plan protocols for warning the appropriate decision makers.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running Head: Network Management and Security 11
The initial response should involve a plan that is clear of the individuals that will be in charge
whether corporately, locally or regionally ensuring that all participants understands.
Planned Response- after operations of initial response and initial evaluation completion, the
event manager may report a disaster thus invoking the plans of business continuity. The planned
response scope for STP should include; the condition of the incident, the impacts associated with
the incident, availability of strategies of response, availability of resources such as supplies, work
areas, technology and people to assist in planned response delivery and protocols to measure,
monitor and control efforts of recovery.
Extended Response- although a company may plan for a particular period of time to deal with
the incident, actual recovery may take more time maybe days, weeks or months. STP therefore,
should stay prepared to extend response even if they don’t expect it to happen. The company
should have resources in place to maintain the extended response. STP should also consider
reshuffling staff, responsibilities and roles for the lengthy response. The organization should be
ready to function under the instruction of others outside the company. If an incident affect more
than the company, authorities of federal, local or regional may assume response command. STP
should acknowledge the occurrence of such incident and include it in the plan.
5.2 Stabilization and Activation
Stabilization- each interference despite its cause requires same treatment to avoid the condition
from getting worse. This include having a clear understanding of what happened, the event
cause, and the impacts it can cause if left unsolved. For instance, wildfires containment requires
procedures that are simple. The is no time needed to perform analysis, or delaying decisions
while waiting for information that is more detailed. The company should analyze the impact,
figure out how to solve the situation and determine medium-term and short-term objectives that
are appropriate to the situation. (Kahonge, Okello-Odongo, Miriti & Abade, 2013)
Activation- once STP has conducted impact evaluation, services required to be restored will be
clear. Connecting the plan to the assets or services that is structured to enhance recover helps the
IMT (incident management team) to figure out which plans to be activated. They are able to
identify the responsible individual for the plan, the person to be contacted, the operations to be
carried out, where and who will perform the operations.
The initial response should involve a plan that is clear of the individuals that will be in charge
whether corporately, locally or regionally ensuring that all participants understands.
Planned Response- after operations of initial response and initial evaluation completion, the
event manager may report a disaster thus invoking the plans of business continuity. The planned
response scope for STP should include; the condition of the incident, the impacts associated with
the incident, availability of strategies of response, availability of resources such as supplies, work
areas, technology and people to assist in planned response delivery and protocols to measure,
monitor and control efforts of recovery.
Extended Response- although a company may plan for a particular period of time to deal with
the incident, actual recovery may take more time maybe days, weeks or months. STP therefore,
should stay prepared to extend response even if they don’t expect it to happen. The company
should have resources in place to maintain the extended response. STP should also consider
reshuffling staff, responsibilities and roles for the lengthy response. The organization should be
ready to function under the instruction of others outside the company. If an incident affect more
than the company, authorities of federal, local or regional may assume response command. STP
should acknowledge the occurrence of such incident and include it in the plan.
5.2 Stabilization and Activation
Stabilization- each interference despite its cause requires same treatment to avoid the condition
from getting worse. This include having a clear understanding of what happened, the event
cause, and the impacts it can cause if left unsolved. For instance, wildfires containment requires
procedures that are simple. The is no time needed to perform analysis, or delaying decisions
while waiting for information that is more detailed. The company should analyze the impact,
figure out how to solve the situation and determine medium-term and short-term objectives that
are appropriate to the situation. (Kahonge, Okello-Odongo, Miriti & Abade, 2013)
Activation- once STP has conducted impact evaluation, services required to be restored will be
clear. Connecting the plan to the assets or services that is structured to enhance recover helps the
IMT (incident management team) to figure out which plans to be activated. They are able to
identify the responsible individual for the plan, the person to be contacted, the operations to be
carried out, where and who will perform the operations.
Running Head: Network Management and Security 12
5.3 Communication
Communication-several stakeholders may start several actions to restore and stabilize services in
response to an event. This could be responders group that are diverse working together across
various geographical locations that are dispersed. STP should ensure communication is in time
between several respondents in order to enhance efficient incident response. During an event
response, Communication may be used to; warn stakeholders, alert management, notify
responders, update existing restoration activities state, communicate to senior management, and
ensure that responders are working together. STP should ensure that communication is taken
seriously, define well protocols, determine the individual responsible for initiation and the
notification individual target.
Return to Normal- when an incident is finally solved, STP should put into consideration the
following factors; has the business returned to its normal, how work back-logs will be
minimized, how division of work will be carried out between catch-up tasks of post incidents and
normal duties, and how collection of information for regulatory and insurance will be done.
6 Risk Management
Risk management is the systematic application of practices, procedures and policies of
management to the duties of identifying, communicating, evaluating, monitoring, establishing
the context and treating. It is a process that is iterative and every cycle contributes to the
improvement of the company by offering the management with insight to risks and its effect.
STP can carry out risk analysis in a group. The following is a simple process that the company
should follow in order to mitigate the risks;
6.1 Risk Identification
Risks identification: STP should consider factors that may hinder the ability to meet goals. For
instance, loss of a major staff member, prolonged outage of IT network, delay of vital
information by an individual, among others.
Causes Identification: STP should consider factors that may have caused the occurrence of risk.
For example, the major staff member may find another job opportunity elsewhere, and the
individual to deliver the information might be busy.
5.3 Communication
Communication-several stakeholders may start several actions to restore and stabilize services in
response to an event. This could be responders group that are diverse working together across
various geographical locations that are dispersed. STP should ensure communication is in time
between several respondents in order to enhance efficient incident response. During an event
response, Communication may be used to; warn stakeholders, alert management, notify
responders, update existing restoration activities state, communicate to senior management, and
ensure that responders are working together. STP should ensure that communication is taken
seriously, define well protocols, determine the individual responsible for initiation and the
notification individual target.
Return to Normal- when an incident is finally solved, STP should put into consideration the
following factors; has the business returned to its normal, how work back-logs will be
minimized, how division of work will be carried out between catch-up tasks of post incidents and
normal duties, and how collection of information for regulatory and insurance will be done.
6 Risk Management
Risk management is the systematic application of practices, procedures and policies of
management to the duties of identifying, communicating, evaluating, monitoring, establishing
the context and treating. It is a process that is iterative and every cycle contributes to the
improvement of the company by offering the management with insight to risks and its effect.
STP can carry out risk analysis in a group. The following is a simple process that the company
should follow in order to mitigate the risks;
6.1 Risk Identification
Risks identification: STP should consider factors that may hinder the ability to meet goals. For
instance, loss of a major staff member, prolonged outage of IT network, delay of vital
information by an individual, among others.
Causes Identification: STP should consider factors that may have caused the occurrence of risk.
For example, the major staff member may find another job opportunity elsewhere, and the
individual to deliver the information might be busy.
Running Head: Network Management and Security 13
6.2 Risk Controls and Mitigation
Identify the Controls: STP should identify controls kept in place aimed to minimize the
likelihood of occurrence of risks in the first place and how to mitigate them once they occur. For
instance, the manager of STP should provide a friendly working environment for the team, and
facilitate similar skills to multiple teams to minimize relying on one.
Company Likelihood and Consequence Descriptors establishment: likelihood descriptors are
normally general but consequence descriptors rely on the context of evaluation. That is, if the
assessment relates to the unit of work, any loss of staff member or finance will impact greatly on
the work. STP should lay down consultation parameters. (Saleh, Refai & Mashhour, 2011)
Risk Rating Descriptors establishment: STP should determine from the outset the low, high,
medium and extreme needs.
Add other Controls: STP should add additional controls to high or extreme risks to minimize the
rate to a level that is acceptable. The company should consider the kind of additional controls
needed, their affordability, priority required for the controls, among other things. The group
should consult those factors with the work unit head.
Make a Decision: once additional controls are made and there still exist high or extreme risks,
STP should make a decision to whether the operation will continue. Sometimes risks may be
greater than the expectation and the company may lack ways to mitigate them but the
organization operations must be carried out as usual. In situations like that, STP should ensure
monitoring and frequent reviews is performed. (Althobaiti, 2017)
Review and Monitor: monitoring and frequent reviews of the profile of risk is a major part of
efficient management of risks.
Conclusion
Network management is a very important aspect to STP. It is the engine that help in controlling
other dependent operations within the company. It is the key to privacy and security. A well-
managed network enhances organizational security and threat detections, preventions and
mitigation. However, if STP network is managed poorly, it will lead to vulnerability of the entire
organization, especially if it relies on the network to share critical information and other
6.2 Risk Controls and Mitigation
Identify the Controls: STP should identify controls kept in place aimed to minimize the
likelihood of occurrence of risks in the first place and how to mitigate them once they occur. For
instance, the manager of STP should provide a friendly working environment for the team, and
facilitate similar skills to multiple teams to minimize relying on one.
Company Likelihood and Consequence Descriptors establishment: likelihood descriptors are
normally general but consequence descriptors rely on the context of evaluation. That is, if the
assessment relates to the unit of work, any loss of staff member or finance will impact greatly on
the work. STP should lay down consultation parameters. (Saleh, Refai & Mashhour, 2011)
Risk Rating Descriptors establishment: STP should determine from the outset the low, high,
medium and extreme needs.
Add other Controls: STP should add additional controls to high or extreme risks to minimize the
rate to a level that is acceptable. The company should consider the kind of additional controls
needed, their affordability, priority required for the controls, among other things. The group
should consult those factors with the work unit head.
Make a Decision: once additional controls are made and there still exist high or extreme risks,
STP should make a decision to whether the operation will continue. Sometimes risks may be
greater than the expectation and the company may lack ways to mitigate them but the
organization operations must be carried out as usual. In situations like that, STP should ensure
monitoring and frequent reviews is performed. (Althobaiti, 2017)
Review and Monitor: monitoring and frequent reviews of the profile of risk is a major part of
efficient management of risks.
Conclusion
Network management is a very important aspect to STP. It is the engine that help in controlling
other dependent operations within the company. It is the key to privacy and security. A well-
managed network enhances organizational security and threat detections, preventions and
mitigation. However, if STP network is managed poorly, it will lead to vulnerability of the entire
organization, especially if it relies on the network to share critical information and other
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Network Management and Security 14
resources. Therefore, STP needs proper management of the network to enhance privacy and
security.
Recommendation
UC and C (Unified communications and collaboration) need more additional management
operations. First quality of service (QoS) should prioritize traffic of unified communications and
collaboration over traffic of bulk data. The management system should manage queues of QoS in
order to identify excess high priority queues traffic, especially in networks where several sources
and high priority traffic types exist.
Secondly, STP should configure network management system to create a report of Top-N on
interface drops. A drop happens when a link of network is too squeezed to manage an outgoing
packet. All the buffers of the interface are full and therefore the packet is dropped.
Thirdly, the best information source of the functionality of the UC and C systems may not be the
network. As such STP should monitor endpoints and controllers of UC and C to gather
information on configurations, performance and problems. Although the UC and C can create
reports that are separate, STP should recognize one or two reports that can be generated daily or
weekly to aid in identifying when the system has problems that may not been seen by looking the
network.
resources. Therefore, STP needs proper management of the network to enhance privacy and
security.
Recommendation
UC and C (Unified communications and collaboration) need more additional management
operations. First quality of service (QoS) should prioritize traffic of unified communications and
collaboration over traffic of bulk data. The management system should manage queues of QoS in
order to identify excess high priority queues traffic, especially in networks where several sources
and high priority traffic types exist.
Secondly, STP should configure network management system to create a report of Top-N on
interface drops. A drop happens when a link of network is too squeezed to manage an outgoing
packet. All the buffers of the interface are full and therefore the packet is dropped.
Thirdly, the best information source of the functionality of the UC and C systems may not be the
network. As such STP should monitor endpoints and controllers of UC and C to gather
information on configurations, performance and problems. Although the UC and C can create
reports that are separate, STP should recognize one or two reports that can be generated daily or
weekly to aid in identifying when the system has problems that may not been seen by looking the
network.
Running Head: Network Management and Security 15
Reference list
SINGH, B. (2012). Network security & management. [Place of publication not identified],
Prentice-Hall Of India Pv.
STALLINGS, W. (2011). Network security essentials: applications and standards. Boston,
Prentice Hall.
JACOBS, S. (2014). Security management of next generation telecommunications networks and
services. http://www.books24x7.com/marc.asp?bookid=63715. Hoboken, New Jersey : IEEE
Press Wiley
LIU, D. (2009). Next generation SSH2 implementation: securing data in motion. Burlington,
MA, Syngress Pub. http://www.books24x7.com/marc.asp?bookid=32199.
LOSHIN, P. (2013). Simple steps to data encryption: a practical guide to secure computing.
Waltham, MA, Syngress. http://www.books24x7.com/marc.asp?bookid=54046
CAMPAGNA, R., IYER, S., & KRISHNAN, A. (2011). Mobile device security for dummies.
Hoboken, NJ, Wiley.
FRIED, S. (2010). Mobile device security: a comprehensive guide to securing your information
in a moving world. Boca Raton, FL, Auerbach Publications.
KENT, L. (2008). 6 steps to success in teaching with technology: a guide to using technology in
the classroom. New York, iUniverse, Inc.
FULMER, L. K. (2008). Business Continuity Planning: Step-by-Step Guide with Planning
Forms. Brookfield, Rothstein Publishing. http://public.eblib.com/choice/publicfullrecord.aspx?
p=3400332.
BLYTH, M. (2009). Business continuity management: building an effective incident
management plan. Hoboken, N.J., J. Wiley & Sons. http://www.123library.org/book_details/?
id=6224.
HOPKIN, P. (2012). Fundamentals of risk management: understanding evaluating and
implementing effective risk management. London, Kogan Page.
Reference list
SINGH, B. (2012). Network security & management. [Place of publication not identified],
Prentice-Hall Of India Pv.
STALLINGS, W. (2011). Network security essentials: applications and standards. Boston,
Prentice Hall.
JACOBS, S. (2014). Security management of next generation telecommunications networks and
services. http://www.books24x7.com/marc.asp?bookid=63715. Hoboken, New Jersey : IEEE
Press Wiley
LIU, D. (2009). Next generation SSH2 implementation: securing data in motion. Burlington,
MA, Syngress Pub. http://www.books24x7.com/marc.asp?bookid=32199.
LOSHIN, P. (2013). Simple steps to data encryption: a practical guide to secure computing.
Waltham, MA, Syngress. http://www.books24x7.com/marc.asp?bookid=54046
CAMPAGNA, R., IYER, S., & KRISHNAN, A. (2011). Mobile device security for dummies.
Hoboken, NJ, Wiley.
FRIED, S. (2010). Mobile device security: a comprehensive guide to securing your information
in a moving world. Boca Raton, FL, Auerbach Publications.
KENT, L. (2008). 6 steps to success in teaching with technology: a guide to using technology in
the classroom. New York, iUniverse, Inc.
FULMER, L. K. (2008). Business Continuity Planning: Step-by-Step Guide with Planning
Forms. Brookfield, Rothstein Publishing. http://public.eblib.com/choice/publicfullrecord.aspx?
p=3400332.
BLYTH, M. (2009). Business continuity management: building an effective incident
management plan. Hoboken, N.J., J. Wiley & Sons. http://www.123library.org/book_details/?
id=6224.
HOPKIN, P. (2012). Fundamentals of risk management: understanding evaluating and
implementing effective risk management. London, Kogan Page.
Running Head: Network Management and Security 16
WHEELER, E. (2011). Security risk management: building an information security risk
management program from the ground up. Waltham, MA, Syngress.
http://www.books24x7.com/marc.asp?bookid=41881.
Tran, S. and Gold, S. (2014) Virtualization Security, Strategy and Management. International
Journal of Communications, Network and System Sciences, 7, 423-429.
doi: 10.4236/ijcns.2014.710043.
Kahonge, A., Okello-Odongo, W., Miriti, E., and Abade, E. (2013) "Web Security and Log
Management: An Application Centric Perspective," Journal of Information Security, Vol. 4 No.
3, pp. 138-143. doi: 10.4236/jis.2013.43016.
Saleh, Z., Refai, H., and Mashhour, A. (2011) "Proposed Framework for Security Risk
Assessment," Journal of Information Security, Vol. 2 No. 2, 2011, pp. 85-90.
doi: 10.4236/jis.2011.22008.
Althobaiti, A. (2017) Analyzing Security Threats to Virtual Machines Monitor in Cloud
Computing Environment. Journal of Information Security, 8, 1-7. doi: 10.4236/jis.2017.81001.
WHEELER, E. (2011). Security risk management: building an information security risk
management program from the ground up. Waltham, MA, Syngress.
http://www.books24x7.com/marc.asp?bookid=41881.
Tran, S. and Gold, S. (2014) Virtualization Security, Strategy and Management. International
Journal of Communications, Network and System Sciences, 7, 423-429.
doi: 10.4236/ijcns.2014.710043.
Kahonge, A., Okello-Odongo, W., Miriti, E., and Abade, E. (2013) "Web Security and Log
Management: An Application Centric Perspective," Journal of Information Security, Vol. 4 No.
3, pp. 138-143. doi: 10.4236/jis.2013.43016.
Saleh, Z., Refai, H., and Mashhour, A. (2011) "Proposed Framework for Security Risk
Assessment," Journal of Information Security, Vol. 2 No. 2, 2011, pp. 85-90.
doi: 10.4236/jis.2011.22008.
Althobaiti, A. (2017) Analyzing Security Threats to Virtual Machines Monitor in Cloud
Computing Environment. Journal of Information Security, 8, 1-7. doi: 10.4236/jis.2017.81001.
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.