Network Security Plan - CQUniversity Case Study, Semester 1

Verified

Added on  2019/09/20

|3
|451
|2880
Report
AI Summary
This report presents a comprehensive Network Security Plan for CQUniversity, addressing critical aspects of network security. It begins with an introduction outlining the organization's needs, business domain, and proposed action plan. The plan details project deliverables, objectives, and assumptions. A thorough risk analysis identifies and assesses physical and non-physical assets, along with associated risks. Security policies cover various areas such as acceptable use, network access, and intrusion detection. The report also includes disaster recovery and business continuity strategies, encompassing business impact analysis and incident response procedures. Specific security strategies and recommended controls are provided to mitigate identified risks, followed by an analysis of residual risks and a management plan. The plan concludes with resource allocation, a conclusion, and references, offering a complete framework for securing the network. The report is a valuable resource for students, offering insights into practical network security implementations.
Document Page
Network Security Plan Template*
Introduction (one page)
Provide a clear and concise description of your network security plan in terms of the
organisation’s needs. Make sure to include a brief description of the organisation, the
business domain, security issues, your action plan to address the issues, and respective
recommendations.
Scope (one page)
Focusing on the mission of the project, describe as clear as possible the deliverables of the
plan and milestones.
Objectives (one page)
Provide clear and concise statements about what the security plan is designed to achieve.
Include the business and technical goals to ensure the network is protected against intruders.
Assumptions (one page)
The information provided in the case study is not comprehensive, therefore a number of
factors need to be assumed. Document any assumptions you make, in preparing the plan.
Risk Analysis (14 pages)
Asset Identification and Assessment
Physical Assets
Non-Physical Assets
Risks
Individual Asset Risk Analysis
Risk Summary
Threats, Challenges and Vulnerabilities
Threats
Challenges
Vulnerabilities
Security Policies (10 pages)
Acceptable Use Policies
Email and Communications Policy
Internet and Network Access Policy
Workstation Policy
Network Security Policies
Antivirus Policy
*Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
DMZ Policy
Extranet Policy
VPN and Remote Access (Work-at-home) Security Policy
Wireless and BYOD Policy
Firewall Policy
Intrusion Detection Policy
Vulnerability Scanning Policy
Internet Policy
IP Address and Documentation Management Policy
Physical Security Policies
External Protection
Internal Protection
Personnel Policies
Visitors Policy
Employee Hiring and Termination Policy
User training Policy
Data Policies
Information Classification and Sensitivity Policy
Encryption Policy
Backup Policy
Password Management and Complexity Policy
System and Hardware Policies
Hardware Lifecycle and Disposal Policy
Workstation Policy
Switch and Router Policy
Server Security Policy
Logging Policy
Disaster Recovery and Business Continuity (five pages)
Business Impact Analysis
Insurance Consideration
Incident Response Team
Physical Safeguards
Prepared Items
Incident Response Procedures
Restoration Procedures
*Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
Document Page
Forensics Considerations
Maintaining the Plan
Security Strategies and Recommended Controls (two
pages)
Security Strategies
Specific recomended Controls to mitigate the risks uncovered.
Residual Risks (three pages)
List of Residual Risks - that remain after all possible (cost-effective) mitigation or
treatment of risks.
Residual Risk Management Plan - estimate, describe and rate these residual risks to
guide the priorities for ongoing management and monitoring of risks.
Resources (one page)
They include any type of resources like humans, communities of practice, and quality audit
groups required to implement the recommendations.
Conclusion (one page)
References (one page)
*Networks and Information Security Case study - Copyright © Edilson Arenas - CQUniversity
chevron_up_icon
1 out of 3
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]