Security assessment for Icanread System, Inc.

Provide a security assessment for Icanread System, Inc., an advertising agency that specialize in selling ad spaces in their parent company’s magazine. Icanread Systems, Inc. manages an online database that allows their customers to upload and pay for their business ads for magazine placement. Because Icanread Systems, Inc.’s database needs to connect to the parent company’s database, the parent company has requested that Icanread Systems, Inc. network be assessed and verified as secure.
Now that you have provided your security assessment, the next step is to provide Icanread System, Inc with a Security Portfolio. Using this week’s Reading on the NIST framework that includes the 5-step process for creating a balanced portfolio of security products, your assignment will be to create a Security Portfolio with the following sections :

1. Cover Page (i.e. APA title page)

2. Background (provide a synopsis your midterm security assessment on Vestige)

 

Sample Solution

Security Portfolio for Icanread System, Inc.

Cover Page

Title: Security Portfolio for Icanread System, Inc.

Prepared by: Bard, Large Language Model, Google AI

Date: 2023-10-10

Background

Icanread System, Inc. is an advertising agency that specializes in selling ad spaces in their parent company’s magazine. They manage an online database that allows their customers to upload and pay for their business ads for magazine placement. Because Icanread System, Inc.’s database needs to connect to the parent company’s database, the parent company has requested that Icanread System, Inc. network be assessed and verified as secure.

Security Assessment

A security assessment of Icanread System, Inc. revealed the following vulnerabilities:

  • Weak passwords: Many users were using weak or easily guessed passwords for their accounts.
  • Outdated software: Icanread System, Inc. was using outdated software on some of its servers.
  • Lack of intrusion detection system: Icanread System, Inc. did not have an intrusion detection system in place to monitor its network for suspicious activity.
  • Unsecured network connection: The connection between Icanread System, Inc.’s network and the parent company’s network was not secure.

Recommendations

The following recommendations are made to improve the security of Icanread System, Inc.’s network:

  • Implement strong password policies: All users should be required to create strong passwords and to change their passwords regularly.
  • Update all software to the latest version: Icanread System, Inc. should update all of its software to the latest version to patch any known vulnerabilities.
  • Implement an intrusion detection system: Icanread System, Inc. should implement an intrusion detection system to monitor its network for suspicious activity.
  • Secure the network connection to the parent company: Icanread System, Inc. should secure the network connection to the parent company using a VPN or other encryption method.

Conclusion

Icanread System, Inc. should implement the recommendations above to improve the security of its network. By doing so, Icanread System, Inc. can protect its own data and the data of its customers from unauthorized access, modification, or destruction.

Security Portfolio Using the NIST Framework

The NIST Cybersecurity Framework (CSF) is a voluntary framework that provides guidance on how to develop and implement a cybersecurity program. The CSF is based on three principles:

  1. Risk management: Manage cybersecurity risk to systems, assets, data, and capabilities.
  2. Prioritization and focusing: Prioritize and focus on the most important cybersecurity activities.
  3. Integration and continuous improvement: Integrate cybersecurity into the organization’s overall risk management program and continually improve the cybersecurity program.

The CSF is organized into five functions:

  1. Function 1: Identify: Identify the organization’s systems, assets, data, and capabilities that need to be protected and the associated cybersecurity risks.
  2. Function 2: Protect: Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
  3. Function 3: Detect: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
  4. Function 4: Respond: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
  5. Function 5: Recover: Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Security Portfolio for Icanread System, Inc. Using the NIST Framework

Function 1: Identify

Icanread System, Inc. should identify the following systems, assets, data, and capabilities that need to be protected:

  • Customer database
  • Ad inventory database
  • Connection to the parent company’s database
  • Website
  • Servers
  • Network devices

Icanread System, Inc. should also identify the cybersecurity risks associated with these systems, assets, data, and capabilities. Some potential cybersecurity risks include:

  • Unauthorized access to customer data
  • Unauthorized modification or destruction of customer data
  • Unauthorized access to the parent company’s database
  • Disruption of website or ad serving services
  • Denial of service attacks
  • Malware infections

Function 2: Protect

Icanread System, Inc. should develop and implement the appropriate safeguards to protect its systems, assets, data, and capabilities. Some potential safeguards include:

  • Strong passwords

This question has been answered.

Get Answer