For this individual project, you are to create a fictitious medium-sized company. The company has 150 employees and uses a mixed operating system environment (MacOSX and Windows, or Linux and Windows).
Deliverables:
Define the organization and its purpose
Explain which segments or functional groups within the organization use Windows and which use Linux or MacOSX
Discuss your plans for maintaining the security of those platforms including any tools that you will employ and why, including (at a minimum):
scheduling
testing of patches prior to deployment
and change management
Sample Answer
Fictitious medium-sized company with 150 employees using a mixed operating system environment (MacOSX and Windows, or Linux and Windows)
Organization and its purpose
The company is a software development company that creates and sells a variety of software products, including operating systems, applications, and cloud services. The company has a global presence, with offices in North America, Europe, and Asia.
Segments or functional groups within the organization
Full Answer Section
The following segments or functional groups within the organization use Windows:
- Software development
- Quality assurance
- Sales and marketing
- Customer support
The following segments or functional groups within the organization use Linux or MacOSX:
- Software development
- Research and development
- Information technology
Plans for maintaining the security of those platforms
The company’s security plan for its mixed operating system environment includes the following:
Scheduling
Patches are deployed on a monthly schedule, with the following exceptions:
- Critical patches are deployed immediately.
- Security patches are deployed within 72 hours.
- Non-critical patches are deployed within one week.
Testing of patches prior to deployment
All patches are tested in a sandbox environment before being deployed to production systems. The testing process includes the following steps:
- The patch is installed on a test system.
- The system is tested to ensure that it is still functional after the patch is installed.
- The system is scanned for vulnerabilities to ensure that the patch has been applied correctly.
Change management
All changes to the company’s IT infrastructure are managed through a formal change management process. The change management process includes the following steps:
- The change is submitted for approval.
- The change is reviewed by a team of stakeholders.
- The change is approved or rejected.
- If the change is approved, it is implemented according to a plan.
- The change is tested to ensure that it was implemented correctly.
Tools
The company uses the following tools to maintain the security of its mixed operating system environment:
- A patch management tool to automate the deployment of patches.
- A vulnerability scanner to identify vulnerabilities in systems and networks.
- A security information and event management (SIEM) tool to monitor and analyze security events.
- A firewall to protect networks from unauthorized access.
- An intrusion detection system (IDS) to detect and respond to intrusions.
Conclusion
By following these security best practices, the company can help to protect its mixed operating system environment from cyberattacks.
This question has been answered.
Get Answer
