You have been appointed the deputy chief information security officer at one of the subsidiaries of the media company you work for


“Executive briefing”
Deliverables:
6-pages review follow to the plan provided below, APA format.

Scenario:
You have been appointed the deputy chief information security officer at one of the subsidiaries of the media company you work for. As the company continues to expand geographically, the CEO wants to manage travel costs by using real-time low-cost commercial video conferencing systems for meetings and collaboration. However, such systems come with security issues.
There have been disturbing reports of malicious actors stealing emails, videos, and sensitive data from other media companies. The company’s chief information officer, or CIO, and chief technology officer, or CTO, say that video conferencing systems will integrate with the current enterprise networks. But they did not assess system options.
They, along with the chief information security officer, or CISO, have asked you to recommend a modernization strategy for the company’s video conferencing while maintaining the security of the sensitive information discussed by the users. Business communications between subject matter experts, engineers, and executive leaders must be protected. Your task is to provide a proposal for a secure video conferencing system.
You need to analyze the features of three videoconferencing systems and provide an overview of each system. After you complete the overview of the systems, you’ll recommend a system which best meets the business functionality and security requirements. You will also prepare a set of high-level executive to give the CEO and CIO an overview of your study. Your study and recommendation will be critical to the company’s success.

Sections to consider

I. General Statement of Purpose
In this section, briefly restate the goal and purpose of your research on secure videoconferencing and what you will cover during this presentation.

II. Functional Requirements
• Describe in detail the functional requirements to meet your organizational goal.
Then
• Describe proposed option/solution 1 to achieve the goal.
• Describe proposed option/solution 2 to achieve the goal.
• Describe proposed option/solution 3 to achieve the goal.

III. Implementation Challenges

For each proposed option/solution:
• Describe the compatibility of proposed changes with system administration.
• Include a cost table similar to this; adjust the table to suit your presentation.
Item # Product Name Unit Selling Price/Cost in USD Quantity Extended Price in USD

         Subtotal     
         Taxes    
         Grand Total  

• Describe the compatibility of proposed changes with a privileged management system.
• Examine and describe how the data exfiltration process will occur.
• Summarize, in your own words, your perception of how the overall changes to systems and challenges you have described will affect the general project statement of purpose requirements.

IV. Identify Vendor Risks
For each proposed option/solution:
• Research and describe the system’s known vulnerabilities and exploits.
• Provide a history of normal timelines, a history of release of patches, and a history of using work-around solutions within the system without using a patch (if applicable).
• Summarize your findings on the timeliness of each proposed option/solution vendor’s response in releasing patches and using work-arounds to help customers stay secure.

V. Best Practices for Secure Videoconferencing
For whatever system is chosen:
• Research and recommend how you think users and system administrators should set up and operate videoconferences—recommend best practices,
• Briefly discuss how the best practices you have identified will improve security and minimize risks of data exfiltration and snooping.

VI. System Integrity Checks
For whatever system is chosen:
• Develop system integrity checks for files shared between users of videoconferencing systems.
• Describe how system integrity checks will ensure file protection of sensitive files.
• Describe how system integrity checks will prevent exfiltration of sensitive files.

VII. Final Recommendation
In this last section, propose the videoconferencing system that best meets both:
• business functionality
• security requirements

Additional Recommendation:
For the section of Functional Requirements
The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.
In developing those requirements, research three videoconferencing solutions such as Zoom, Skype, GotoMeeting, Polycom, and Cisco WebEx and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a section of your proposal. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected.
For the discuss Implementation Challenges
This section of the proposal also must include the changes the media company will need to make to implement the systems.
Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems.
The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your proposal.
For the step of Identify Vendor Risks
Now, it’s time to take a close look at how they serve their clients. This will take some research. Look at the systems’ known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure.
For the Develop Best Practices for Secure Videoconferencing
But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company’s videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.



Source link

Leave a Reply