9-Iron Country Club Case Study
Scope
Design a remote access solution for the 9-Iron Country Club. This report includes the following considerations:
Needs and desires of customers and club members – available services, time availability, and network design
Risk management or assessment – protection of confidential and personally identifiable Information (PII)
Data classification and security requirements – what measures will be implemented to protect the three states of data
The nature of telework and remote access technologies – permitting access to protected resources from external networks and often external hosts as well, generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal …show more content…
Risk Management or Assessment/Major Security Concerns
Lack of Physical Security Controls – primary mitigation strategies are encrypting the client device’s storage or not storing sensitive data on the client device
Unsecured Networks – Risk from using unsecured networks can be mitigated but not eliminated. Us encryption technologies to protect the confidentiality and integrity of communications, as well as using mutual authentication mechanisms to verify the identities of both endpoints
Infected Devices on Internal Networks – Use appropriate anti-malware technologies; network access control (NAC), possible use of a separate network for telework client devices
External Access to Internal Resources – Servers made available through external access should be appropriately hardened against external threats and access to the resources are limited to the minimum necessary firewalling and access control mechanisms (Scarfone, 2009).
Data Classification and Security Requirements
Encrypting Data at Rest – encrypt all sensitive data when it is at rest on the device and on removable media used by the device. Employ storage encryption
Design a remote access solution for the 9-Iron Country Club. This report includes the following considerations:
Needs and desires of customers and club members – available services, time availability, and network design
Risk management or assessment – protection of confidential and personally identifiable Information (PII)
Data classification and security requirements – what measures will be implemented to protect the three states of data
The nature of telework and remote access technologies – permitting access to protected resources from external networks and often external hosts as well, generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal …show more content…
Risk Management or Assessment/Major Security Concerns
Lack of Physical Security Controls – primary mitigation strategies are encrypting the client device’s storage or not storing sensitive data on the client device
Unsecured Networks – Risk from using unsecured networks can be mitigated but not eliminated. Us encryption technologies to protect the confidentiality and integrity of communications, as well as using mutual authentication mechanisms to verify the identities of both endpoints
Infected Devices on Internal Networks – Use appropriate anti-malware technologies; network access control (NAC), possible use of a separate network for telework client devices
External Access to Internal Resources – Servers made available through external access should be appropriately hardened against external threats and access to the resources are limited to the minimum necessary firewalling and access control mechanisms (Scarfone, 2009).
Data Classification and Security Requirements
Encrypting Data at Rest – encrypt all sensitive data when it is at rest on the device and on removable media used by the device. Employ storage encryption