Call/WhatsApp/Text: +44 20 3289 5183

Question: Secure Network Design and Implementation Plan for Merging Company A and Company B

06 Jan 2025,2:05 PM

 

INTRODUCTION

You are the cybersecurity professional for Company A and are responsible for protecting the information of the company. Your roles include managing the company’s cybersecurity capabilities and tools, conducting vulnerability management, and assessing risk to sensitive information. Company A has recently purchased Company B and wants to merge both networks.

Executives of Company A have tasked you with making risk-based decisions on integrating Company B’s network with Company A’s existing network. Company B has provided its latest vulnerability scans, network diagrams, and existing cybersecurity capabilities and tools. As a deliverable to the executives, you will submit your recommendations for a secure network design that merges the two networks and allows remote access for employees of both companies in the form of a merger and implementation plan.

For this project, you will use the given scenario and the following supporting documents to complete your network merger and implementation plan:

  • “Company A Network Diagram”
  • “Company A Risk Analysis”
  • “Company B Network Diagram”
  • “Company B Vulnerability Report and Cybersecurity Tools”

SCENARIO

Company A is a global company based in the United States that operates in the financial industry. Company A serves its customers with financial products, such as checking accounts, bank cards, and investment products. Company A has recently acquired Company B and needs to integrate with or remove similar capabilities and tools from Company B. Company B is smaller in size, has no dedicated cybersecurity professional role, and utilizes third-party support for infrastructure needs. Company B offers specialized software to medical providers and accepts credit cards as a payment option.

The executives of the newly merged company have expressed interest in integrating the use of the cloud to allow for scalability and redundancy. As the security professional of the merged networks, you are tasked with creating a secure network design that includes the use of zero trust principles and that utilizes both on-premises and cloud infrastructure. You also have been tasked with ensuring compliance with all regulatory requirements of the merged company, along with utilizing cloud-based technologies to provide security capabilities. Company executives have provided a budget of $50,000 in the first year to create a secure network design to utilize cloud-based services.

REQUIREMENTS

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).

TASKS

A. Describe two current network security problems and two current infrastructure problems for each company, based on business requirements given in the scenario.

B. Analyze the given network diagram and vulnerability scan for both companies by doing the following:

  1. Describe two existing vulnerabilities for each company.
  2. Explain the impact, risk, and likelihood associated with each described vulnerability from part B1 as it relates to each company.

C. Create a network topology diagram with details of the proposed merged network requirements.

D. Identify the layer for all components in the topology diagram referencing the layers of the OSI model and TCP/IP protocol stack.

E. Explain the rationale for adding, deleting, or repurposing network components in the newly merged network topology diagram, including details of how each component addresses budgetary constraints.

F. Explain two secure network design principles that are used in the proposed network topology diagram.

G. Explain how the proposed merged network topology diagram addresses two regulatory compliance requirements that are relevant to the newly merged company, including the following in your explanation:

  • The name of the regulatory compliance requirement
  • Why the regulatory requirement is relevant to the newly merged company
  • How the proposed merged network topology diagram meets the regulatory requirement

H. Describe two emerging threats that are applicable to the merged organization, including the following in the description:

  • Potential network security risks of implementing the topology
  • Potential performance impacts on the merged network after implementation of the proposed design
  • How to manage the identified potential security risks

I. Summarize your recommendations for implementation of this proposed merged network based on the scenario and budgetary requirements, including the following in the summary:

  • A cost-benefit analysis for on-premises and cloud infrastructure solutions
  • A justification for your recommendations to implement the proposed secure merged network design

Expert answer

DRAFT / STUDY TIPS:

Network Merger and Implementation Plan

A. Current Network Security and Infrastructure Problems

Company A (Financial Industry):

  1. Network Security Problems:

    • Phishing Risks: Employees are frequently targeted by phishing attempts due to financial data sensitivity.
    • Legacy Systems: Some applications lack modern encryption, making them vulnerable to breaches.

  2. Infrastructure Problems:

    • Scalability Issues: The current infrastructure struggles to handle increased traffic during peak hours.
    • Limited Remote Access: Remote work capabilities are outdated, requiring significant upgrades.

Company B (Healthcare Industry):

  1. Network Security Problems:

    • Unsecured Data Storage: Sensitive healthcare data is stored on local servers without encryption.
    • No Dedicated Cybersecurity Role: Reliance on third-party vendors increases response time to threats.

  2. Infrastructure Problems:

    • Outdated Equipment: Network devices like routers and switches are not up-to-date, causing performance bottlenecks.
    • Inconsistent Network Architecture: The infrastructure lacks redundancy, making it prone to outages.

B. Vulnerability Analysis

  1. Existing Vulnerabilities:

    • Company A:
      1. Outdated firewall rules lead to unnecessary open ports.
      2. Lack of multi-factor authentication (MFA) for critical systems.
    • Company B:
      1. Unpatched software vulnerabilities in medical applications.
      2. Weak password policies increase the risk of unauthorized access.

  2. Impact, Risk, and Likelihood:

    • Company A:
      • Impact: Open ports can expose sensitive data to attackers.
      • Risk: High due to frequent targeted attacks in the financial sector.
      • Likelihood: Moderate, given the current security measures.
    • Company B:
      • Impact: Unpatched vulnerabilities could lead to ransomware attacks.
      • Risk: High due to sensitive patient data.
      • Likelihood: High, as software updates are irregular.

C. Proposed Network Topology Diagram

The merged network will incorporate:

  • Cloud-based Services: For scalability and redundancy.
  • Zero Trust Architecture: Segmenting sensitive systems and enforcing strict access controls.
  • VPNs and Encrypted Channels: To secure remote access.
  • Firewall and Intrusion Detection Systems (IDS): For proactive monitoring.

(Note: A diagram can be included as a visual representation in the final submission.)

D. OSI and TCP/IP Layer Components

  • Application Layer: Web applications, email systems.
  • Transport Layer: Secure protocols (TLS/SSL).
  • Network Layer: Routers, VPNs.
  • Data Link Layer: Switches.

E. Rationale for Network Design

  • Added Components:
    • Cloud Infrastructure: Ensures scalability and redundancy while fitting the $50,000 budget.
    • Multi-Factor Authentication: Enhances security for sensitive data.
  • Repurposed Components:
    • Company B’s Servers: Used for non-critical workloads after patching.
  • Deleted Components:
    • Outdated Equipment: Redundant or inefficient devices from Company B’s network.

F. Secure Network Design Principles

  1. Least Privilege: Limits access to resources based on job roles, reducing attack vectors.
  2. Network Segmentation: Separates sensitive systems (e.g., financial and healthcare data) for enhanced security.

G. Regulatory Compliance

  1. PCI DSS: Relevant for handling credit card transactions in both companies.
    • Compliance: Implementing encryption and secure payment gateways.
  2. HIPAA: Applicable for protecting healthcare data in Company B.
    • Compliance: Enforcing access controls and regular audits.

H. Emerging Threats and Mitigation

  1. Ransomware Attacks:
    • Risk: Disrupts operations and exposes data.
    • Mitigation: Regular backups and employee training.
  2. Insider Threats:
    • Risk: Malicious or negligent employees causing breaches.
    • Mitigation: Implementing activity monitoring and least privilege principles.

I. Recommendations

  1. Cost-Benefit Analysis:
    • On-Premises: High initial costs but better control.
    • Cloud: Cost-effective and scalable.
  2. Implementation Justification:
    • Hybrid approach balances cost and security.
    • Zero trust architecture ensures regulatory compliance and robust security.
Stuck Looking For A Model Original Answer To This Or Any Other
Question?

Related Questions

How Have Cultural, Technological, and Economic Factors Shaped the Global Evolution of Sports Broadcasting? A Critical Analysis of Historical Development, Political Economy, National Policies, and Stakeholder Dynamics

The Early Years of Sports and Television in the US and Europe: Compare and contrast the development of sports broadcasting in the United States and Europe during the early years of television. How did cultural, technological, and economic factors shape the relationship between sports and television in these regions. (35 points) The Political Economy of Global Television Broadcasting: Analyze the political and economic factors that have influenced the globalization of sports broadcasting. How have media policies, market dynamics, and technological advancements contributed to expanding sports media industries worldwide? (35 points) Sports Broadcasting Economics and Media National Policies: Discuss the relationship between sports ...
Is Long-Term Proton Pump Inhibitor Use Necessary for Managing Chronic Gastroesophageal Reflux Disease? A Critical Analysis of Clinical Practice Guidelines and Pharmacological Treatment

Questions.... Describe your assigned client’s situation. Why are they presenting to the clinic? What medications are they currently taking? Assess the applicable clinical practice guideline (CPG) for your assigned client linked on the same page in the lesson where the client case is located. What treatment is recommended by the CPG for your client’s situation? Discuss your personal professional assessment of the client’s situation provided in the scenario. What pharmacological treatment is necessary and why? Reflect on additional questions you have about your assigned client that may influence treatment. What else do you need ...
The Influence of Personal Data on Everyday Life: Theories, Case Studies, and Ethical Implications of Data Monetization and Privacy Challenges

Drawing upon relevant theory, how does personal data shape and influence our everyday lives, and what opportunities or challenges arise from this? Choose one or two case studies to analyze this question in detail. Drawing upon relevant theory and examples, examine how platforms and devices have been built to capture and monetize our personal data, and how this influences our everyday lives. Consider the ethical implications of this. Drawing upon relevant theory and examples, examine the privacy challenges around the control and ownership of personal data. Consider the ethical implications of this. https://youtu.be/87D_wOEELFQ

The Evolution of LGBTQ+ Identities, Legal Perceptions, and Activism (1885–1990): A Historical Analysis

Theme 1 (c.1885 – 1939)   1. Explain how influential sexology has been in the ‘creation’ of sexual identities and diverse sexualities. 2. Discuss the ways in which male homosexual behaviour was perceived by the law and society between 1885 and 1939. 3. Explain how and why female homosexuality and bisexuality have been relegated to the margins of sexuality during the 19th and early twentieth centuries?     Theme 2 (c.1950-1967)   4. What efforts were made by the law and the police to prosecute and curtail homosexual offending and with what implications? 5. Explore the factors which delayed the implementation of the Wolfenden Report’s ...

Copyright © 2012 - 2025 Apaxresearchers - All Rights Reserved.

WhatsApp us