Project Deliverable 5: Infrastructure and Security The expansion of a company involves changing various things about the way the company operates. When you add new floors to the company, the infrastructure and security layout must change to accommodate the expansion. Nike, Inc. will use Juniper Networks and MetaFabric for the company’s infrastructure and security needs. Juniper Networks and MetaFabric covers the network that includes routers, switches, and security. An IT infrastructure is extremely important to a company. It encompasses all of the company’s software, hardware, data centers, networks, and other equipment that is used to manage, store, and process information. The infrastructure processes transactions and runs …show more content…
The foundation of this policy is based upon confidentiality, integrity, and availability (CIA). Confidentiality ensures privacy or at least allows the company to restrict access to confidential data. There are multiple risks associated with confidentiality like the loss of privacy, identity theft, and unauthorized access to sensitive information. Controls that should be implemented to combat these issues include access controls, encryption, passwords, authentication, and usernames. Integrity ensures that the data is accurate and reliable. Risks associated with integrity include fraud, edited and inaccurate information, and unauthorized access to sensitive information. Controls that should be implemented to combat these risks include audit logs, data encryption, quality assurance, and hashing. Availability ensures that the data is available when needed. Risks associated with availability include the loss of revenue, customer assurance, and disrupting normal business processes. Controls that should be implemented to mitigate these risks include hardware maintenance, BCP tests, software patching, and backup storage. The security policy addresses IT security, email acceptable use, internet acceptable use, information backups, patch management, reporting security incidents, remote access, and password …show more content…
Vulnerability scanning will occur periodically. Patch management tools will be automatically updated. Missing patches will be implemented after vulnerability scanning occurs. Reporting Security Incidents Security incidents include system malfunctions, the loss or theft of data, unauthorized system access, service loss, changes to hardware or software, and the transfer of confidential information to an unauthorized person. All security incidents should be reported to the IT department. Remote Access Wireless access will use Wired Equivalency Protocol (WEP) and Wi-Fi Protected Access (WPA). Remote users will access Nike’s network through a secure VPN. All company data will be encrypted on all devices. A firewall and anti-virus software will be installed and kept up-to-date on all devices. Authentication for remote users will consist of a username and password. Password