Provide details of expected security assessment and testing with reasoning against such a system.

An UK wide enterprise in taxation management with its head office in Leatherhead SURREY is looking to enhance its computer systems and reduce its complexity to improve its business processes.

The Enterprise has various offices throughout the United Kingdom.

The Enterprise has grown significantly in recent years and some of its data systems and supporting networking infrastructure has become dated, which may potentially result in security and resilience risks. Additionally, through Brexit concerns they have just acquired SMEs in France, Germany and Spain undertaking similar business operations.

The enterprise sees this as an opportunity to develop/enhance present staffing, enhance business operations and ensure compliance with various regulatory requirements such as GDPR.

A Security Operations Centre (SOC) may form part of this development. – SOC service

The enterprise you work for offers Security Operations Centre (SOC) services and are looking to develop a SOC focused against supporting and providing security services to the Manufacturers.

You as a security operations and assurance consultant have been asked to provide an initial report against such an undertaking to ensure a robust system for future stability, resilience and confidence by all stakeholders. (allowed to make assumptions as this is a fictitious scenario)

Within your considerations the following needs to be considered:

Security considerations for the life cycle of the system i.e. various stages of development, implementation, operational, maintenance and final disposal perspectives.

Against organisational resilience provide critical considerations for business continuity, back-up and disaster recovery of the system.

Provide details of security incident response practices against such a system.

Provide details of expected security assessment and testing with reasoning against such a system.

The proposed system must support the following core aspects: (Network design scope)

• Inter centre communications

• Facilities for remote access to services and databases etc.

• Web and content servers and email systems

• Converged services

• Appropriate bandwidth and servers for streaming video, audio, etc

• Support service flexibility and especially research activities

• Provide management capability with some level of resiliency and disaster recovery with 24×7 operation in ideal conditions

Management concerns (Business objective) (pay more focus on this)

• A need for simplicity in the implementation and management.

• The highest degree of functionality at the lowest possible costs.

• Arrangements that support network and server expansion.

• The impact that failure of the services (server and network equipment) could cause

• The risk of virus and hacker attack to the whole organisation

• Costs of alternative network arrangements for resiliency and availability.

• Maintenance/support considerations.

• Effective communication mechanisms.

Some issues (pay more focus on this as well)

The following list highlights some of the issues that should be considered. These are not necessarily in order of importance and are not comprehensive.

• Assess the technical and functional requirements of the Data centre and network required

• Propose appropriate types of network/s that could be used to meet the requirements.

• Propose appropriate network communications equipment to be deployed.

• Clearly define the role and operation of the network communications equipment.

• Consider the protocol suites to be used and their likely future development

• Identify the service and server requirements.

• Propose strategies for data backup etc.

• Define appropriate system/network software for the Enterprise network to be deployed.

• Clearly define the data transfer rates within the system to provide appropriate levels of aggregation.

• Propose baseline security arrangements.

• You could provide comparative costs in broad terms where possible (detail not required).

Provide details of expected security assessment and testing with reasoning against such a system.
Scroll to top