Call/WhatsApp/Text: +44 20 3289 5183

Question: Integrated Network Security and Infrastructure Design for Merging Company A and Company B: A Risk-Based Approach to Secure Cloud and On-Premises Integration

04 Jan 2025,2:38 PM

 

You are the cybersecurity professional for Company A and are responsible for protecting the information of the company. Your roles include managing the company’s cybersecurity capabilities and tools, conducting vulnerability management, and assessing risk to sensitive information. Company A has recently purchased Company B and wants to merge both networks.



Executives of Company A have tasked you with making risk-based decisions on integrating Company B’s network with Company A’s existing network. Company B has provided its latest vulnerability scans, network diagrams, and existing cybersecurity capabilities and tools. As a deliverable to the executives, you will submit your recommendations for a secure network design that merges the two networks and allows remote access for employees of both companies in the form of a merger and implementation plan.



For this project, you will use the given scenario and the following supporting documents to complete your network merger and implementation plan:

• “Company A Network Diagram”

• “Company A Risk Analysis”

• “Company B Network Diagram”

• “Company B Vulnerability Report and Cybersecurity Tools”

Scenario
Company A is a global company based in the United States that operates in the financial industry. Company A serves its customers with financial products, such as checking accounts, bank cards, and investment products. Company A has recently acquired Company B and needs to integrate with or remove similar capabilities and tools from Company B. Company B is smaller in size, has no dedicated cybersecurity professional role, and utilizes third-party support for infrastructure needs. Company B offers specialized software to medical providers and accepts credit cards as a payment option.

The executives of the newly merged company have expressed interest in integrating the use of the cloud to allow for scalability and redundancy. As the security professional of the merged networks, you are tasked with creating a secure network design that includes the use of zero trust principles and that utilizes both on-premises and cloud infrastructure. You also have been tasked with ensuring compliance with all regulatory requirements of the merged company, along with utilizing cloud-based technologies to provide security capabilities. Company executives have provided a budget of $50,000 in the first year to create a secure network design to utilize cloud-based services.
Requirements
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.



You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.



Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).



A. Describe two current network security problems and two current infrastructure problems for each company, based on business requirements given in the scenario.


B. Analyze the given network diagram and vulnerability scan for both companies by doing the following:

1. Describe two existing vulnerabilities for each company.

2. Explain the impact, risk, and likelihood associated with each described vulnerability from part B1 as it relates to each company.


C. Create a network topology diagram with details of the proposed merged network requirements.


D. Identify the layer for all components in the topology diagram referencing the layers of the OSI model and TCP/IP protocol stack.


E. Explain the rationale for adding, deleting, or repurposing network components in the newly merged network topology diagram, including details of how each component addresses budgetary constraints.


F. Explain two secure network design principles that are used in the proposed network topology diagram.


G. Explain how the proposed merged network topology diagram addresses two regulatory compliance requirements that are relevant to the newly merged company, including the following in your explanation:

• the name of the regulatory compliance requirement

• why the regulatory requirement is relevant to the newly merged company

• how the proposed merged network topology diagram meets the regulatory requirement


H. Describe two emerging threats that are applicable to the merged organization, including the following in the description:

• potential network security risks of implementing the topology

• potential performance impacts on the merged network after implementation of the proposed design

• how to manage the identified potential security risks


I. Summarize your recommendations for implementation of this proposed merged network based on the scenario and budgetary requirements, including the following in the summary:

• a cost-benefit analysis for on-premises and cloud infrastructure solutions

• a justification for your recommendations to implement the proposed secure merged network design


J. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.


K. Demonstrate professional communication in the content and presentation of your submission.

Expert answer

DRAFT / STUDY TIPS:

Integrated Network Security and Infrastructure Design for Merging Company A and Company B: A Risk-Based Approach to Secure Cloud and On-Premises Integration

A. Network Security and Infrastructure Problems

Company A

Network Security Problems:

  1. Insufficient Segmentation: Company A operates in the financial industry, where segregation of sensitive data and systems is essential. However, insufficient segmentation across its network could expose sensitive financial data, like customer transaction histories and personal details, to unauthorized users within the organization. This lack of separation also makes it easier for attackers to move laterally within the network if they breach one area.

  2. Legacy Systems: As a large, established company, Company A likely has several legacy systems that may not have received security patches or updates in recent years. These systems, which might include outdated servers, software, or applications, often have known vulnerabilities that are easily exploited by cybercriminals. Without regular security updates, legacy systems become prime targets for attackers.

Infrastructure Problems:

  1. Over-Reliance on On-Premises Infrastructure: While Company A may have robust on-premises infrastructure, this model limits scalability and flexibility. The inability to scale quickly in response to changing demands or unexpected spikes in business operations can be a significant bottleneck. Cloud adoption would offer greater scalability and redundancy to address these concerns.

  2. Lack of Cloud Integration: Although Company A has a large-scale infrastructure, it has not fully integrated cloud technologies, leaving opportunities for scalability, cost-efficiency, and enhanced disaster recovery. By not utilizing cloud-based services, Company A may be missing opportunities to improve business continuity and reduce overhead costs.

Company B

Network Security Problems:

  1. Lack of Dedicated Cybersecurity Expertise: Company B outsources its cybersecurity, which means it lacks a dedicated internal cybersecurity team. This lack of in-house expertise makes the company vulnerable to attacks, as outsourced teams may not be as responsive or proactive in identifying and mitigating potential threats. This problem is exacerbated if the third-party team is not fully aligned with Company B’s security needs or business objectives.

  2. Insecure Third-Party Connections: Company B’s reliance on third-party providers for infrastructure management creates potential security risks. The company may have limited control over the security measures of its third-party service providers, making it susceptible to data breaches or cyber-attacks that could be facilitated through these external connections.

Infrastructure Problems:

  1. Limited Network Scalability: Company B, being smaller than Company A, likely has an infrastructure that is not designed to scale quickly. This limitation could become a critical challenge when the two companies merge, as Company B’s systems may not be able to handle the increased volume of data or users from Company A.

  2. Inconsistent Software and Hardware Standards: Given Company B’s smaller size, its infrastructure may have a mix of old and new technologies. This inconsistency can lead to compatibility issues when integrating Company A's systems, making it difficult to achieve seamless interoperability between the two organizations.

B. Vulnerabilities and Risk Analysis

1. Existing Vulnerabilities:

Company A:

  1. Unpatched Legacy Systems: Legacy systems that are not regularly updated present a significant security risk. These outdated systems could have known vulnerabilities (e.g., unpatched software flaws) that are easily exploited by cybercriminals.

  2. Insecure Network Segmentation: If Company A does not properly segment its network into distinct zones (e.g., internal, external, DMZ), attackers who gain access to one part of the network could laterally move to other critical systems, potentially accessing sensitive financial data.

Company B:

  1. Insecure Third-Party Connections: Third-party service providers may not have strong cybersecurity measures in place, which could expose Company B to attacks. If a third-party provider experiences a breach, it could result in the compromise of Company B’s network and data.

  2. Weak Endpoint Security: Company B’s lack of dedicated cybersecurity expertise might lead to weak endpoint protections. Employees’ devices, such as laptops or mobile phones, could be easily infected with malware or targeted for unauthorized access if they do not have adequate security measures (e.g., firewalls, antivirus, device encryption).

2. Impact, Risk, and Likelihood:

Company A:

  1. Legacy System Vulnerabilities:

    • Impact: High – Exploited vulnerabilities in legacy systems could give attackers privileged access to sensitive financial data, leading to financial losses, reputational damage, or regulatory fines.
    • Risk: High – Given that legacy systems often have known vulnerabilities and may be directly connected to other critical systems, the risk of exploitation is high.
    • Likelihood: Medium to High – The likelihood depends on how outdated the systems are and whether any security measures are in place to address known vulnerabilities.

  2. Insecure Network Segmentation:

    • Impact: High – Insecure segmentation would allow attackers to access sensitive data across the network.
    • Risk: High – Poor segmentation is a common attack vector, especially if lateral movement is not well controlled.
    • Likelihood: Medium – If segmentation is weak but not entirely absent, the likelihood is moderate.

Company B:

  1. Third-Party Vulnerabilities:

    • Impact: Medium to High – Attacks leveraging third-party vulnerabilities could lead to the compromise of sensitive medical or payment data.
    • Risk: High – Company B relies heavily on third-party vendors, and without stringent controls, this reliance increases the risk of a breach.
    • Likelihood: High – Many third-party services have had incidents of inadequate cybersecurity practices, increasing the likelihood of exploitation.

  2. Endpoint Security Weaknesses:

    • Impact: Medium – Malware infections or unauthorized access could compromise sensitive data or systems.
    • Risk: Medium – If endpoint security is inadequate, the risk of infection or breach is substantial.
    • Likelihood: High – Given the lack of dedicated cybersecurity staff, endpoint security risks are likely to remain unaddressed.

C. Proposed Network Topology Diagram

A comprehensive network topology for the merged organization should include the following:

  1. Core Network: Separate Company A and Company B networks, each with their own perimeter security measures (e.g., firewalls, intrusion detection systems).
  2. Cloud Infrastructure: Cloud resources for scalable computing, data storage, and backup services, ensuring business continuity and disaster recovery.
  3. Remote Access: A secure VPN setup for remote employees, combined with multi-factor authentication (MFA) to enhance access control.
  4. Zero Trust Architecture: Every device and user, regardless of their location within the network, should be treated as untrusted until verified.

D. OSI Model Layer Identification

Each component in the topology can be mapped to the OSI model:

  • Application Layer (Layer 7): User-facing applications, secure file sharing, cloud-based applications.
  • Presentation Layer (Layer 6): Encryption protocols like SSL/TLS for data protection.
  • Session Layer (Layer 5): Authentication mechanisms (e.g., OAuth, SAML) for secure user sessions.
  • Transport Layer (Layer 4): Protocols like HTTPS and VPN tunnels.
  • Network Layer (Layer 3): Routers, firewalls, and IP-based security.
  • Data Link Layer (Layer 2): VLANs, Ethernet switches for network segmentation.
  • Physical Layer (Layer 1): Physical hardware, routers, and servers.

E. Rationale for Network Design Changes

  1. Cloud Integration:

    • Addition of Cloud Security Services: Cloud-based security solutions like AWS Shield and Azure Security Center would provide scalable protection against attacks like DDoS and advanced threats.
    • Repurposing of Legacy Systems: Legacy infrastructure should either be upgraded or replaced by modern, cloud-compatible systems that can scale and integrate securely.

  2. Repurposing Redundant Systems:

    • Consolidation of Third-Party Tools: Company B’s reliance on third-party services should be reduced by moving towards integrated, cloud-based solutions where feasible. This reduces the risk associated with insecure third-party connections and lowers costs in the long term.

F. Secure Network Design Principles

  1. Least Privilege: Implement access control based on the principle of least privilege, ensuring that users and systems have only the permissions necessary to perform their tasks.
  2. Redundancy and Availability: Introduce redundant systems across the cloud and on-premises infrastructure to ensure high availability and mitigate the impact of potential system failures.

G. Regulatory Compliance

  1. HIPAA: As Company B deals with medical data, the design must ensure that all health information is stored securely and encrypted. Access controls and audit logs must be implemented to comply with HIPAA’s security rule.
  2. PCI DSS: The network design must incorporate secure payment processing mechanisms, encryption of credit card data in transit, and strong access controls to prevent unauthorized access to payment information.

H. Emerging Threats

  1. Ransomware Attacks: With an integrated cloud environment, ransomware attacks could affect both on-premises and cloud-based systems. A multi-layered defense strategy, including backup systems and endpoint protection, should be in place.
  2. Cloud Configuration Risks: Improper configuration of cloud services could expose sensitive data. Ensuring strict security protocols for cloud services (e.g., regular audits, proper access management) is essential.

I. Recommendations for Implementation

  • Cost-Benefit Analysis: Cloud services provide a cost-effective solution for scalability, redundancy, and security, especially with the budget of $50,000.
  • Justification: The network design incorporates zero trust principles, regulatory compliance, and scalability to ensure long-term security and business continuity.
Stuck Looking For A Model Original Answer To This Or Any Other
Question?

Related Questions

How Have Cultural, Technological, and Economic Factors Shaped the Global Evolution of Sports Broadcasting? A Critical Analysis of Historical Development, Political Economy, National Policies, and Stakeholder Dynamics

The Early Years of Sports and Television in the US and Europe: Compare and contrast the development of sports broadcasting in the United States and Europe during the early years of television. How did cultural, technological, and economic factors shape the relationship between sports and television in these regions. (35 points) The Political Economy of Global Television Broadcasting: Analyze the political and economic factors that have influenced the globalization of sports broadcasting. How have media policies, market dynamics, and technological advancements contributed to expanding sports media industries worldwide? (35 points) Sports Broadcasting Economics and Media National Policies: Discuss the relationship between sports ...
Is Long-Term Proton Pump Inhibitor Use Necessary for Managing Chronic Gastroesophageal Reflux Disease? A Critical Analysis of Clinical Practice Guidelines and Pharmacological Treatment

Questions.... Describe your assigned client’s situation. Why are they presenting to the clinic? What medications are they currently taking? Assess the applicable clinical practice guideline (CPG) for your assigned client linked on the same page in the lesson where the client case is located. What treatment is recommended by the CPG for your client’s situation? Discuss your personal professional assessment of the client’s situation provided in the scenario. What pharmacological treatment is necessary and why? Reflect on additional questions you have about your assigned client that may influence treatment. What else do you need ...
The Influence of Personal Data on Everyday Life: Theories, Case Studies, and Ethical Implications of Data Monetization and Privacy Challenges

Drawing upon relevant theory, how does personal data shape and influence our everyday lives, and what opportunities or challenges arise from this? Choose one or two case studies to analyze this question in detail. Drawing upon relevant theory and examples, examine how platforms and devices have been built to capture and monetize our personal data, and how this influences our everyday lives. Consider the ethical implications of this. Drawing upon relevant theory and examples, examine the privacy challenges around the control and ownership of personal data. Consider the ethical implications of this. https://youtu.be/87D_wOEELFQ

The Evolution of LGBTQ+ Identities, Legal Perceptions, and Activism (1885–1990): A Historical Analysis

Theme 1 (c.1885 – 1939)   1. Explain how influential sexology has been in the ‘creation’ of sexual identities and diverse sexualities. 2. Discuss the ways in which male homosexual behaviour was perceived by the law and society between 1885 and 1939. 3. Explain how and why female homosexuality and bisexuality have been relegated to the margins of sexuality during the 19th and early twentieth centuries?     Theme 2 (c.1950-1967)   4. What efforts were made by the law and the police to prosecute and curtail homosexual offending and with what implications? 5. Explore the factors which delayed the implementation of the Wolfenden Report’s ...

Copyright © 2012 - 2025 Apaxresearchers - All Rights Reserved.

WhatsApp us