B.

Discuss pros and cons of Risk Management and Risk Assessment for a company that conducts

some of its business over the public Internet.

1. List three positive and three negative reasons for using the public Internet.

2. Describe in full detail at least five measures that the company can take to protect their

information over the public Internet.

Pros and Cons of Using the Public Internet for Business

1. Pros of Using the Public Internet:

1. Cost-Effectiveness: The public Internet is much cheaper compared to private networks or

dedicated leased lines. It allows businesses to reduce operational costs while maintaining

connectivity.

2. Global Reach: The Internet enables businesses to access a vast, worldwide market. Customers,

vendors, and employees can connect to the company’s services from anywhere, expanding the

company’s potential reach and opportunities.

3. Easy to use and to access: With the public Internet, businesses can quickly deploy applications,

communicate with clients, and implement services without extensive technical infrastructure.

2. Cons for Using the Public Internet:

1. Insecure: Conducting business over the public Internet exposes sensitive data to cyberattacks, such

as hacking, phishing, and malware.

2. Unreliable: The public Internet is subject to outages, bandwidth issues, and latency, which can

disrupt business operations and lower productivity.

3. Privacy Concerns: Data transmitted over the public Internet is at higher risk of being intercepted,

which could lead to breaches of customer or corporate privacy.

Five Measures to Protect Company Information over the Public Internet

Use encryption protocols like SSL/TLS for websites and communications to protect data in transit.

Encrypt sensitive stored data using AES-256 or similar secure encryption methods to prevent unauthorized

access.

2. Deploy Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS)

Install and configure firewalls to filter unauthorized traffic and block malicious attacks. Then use IDS/IPS

to monitor network traffic for suspicious activity and respond proactively to potential breaches.

3. Enforce Multi-Factor Authentication (MFA)

Require users to provide multiple forms of authentication (e.g., password + mobile verification) to access

sensitive systems or information, reducing the risk of account compromise.

4. Regularly Update and Patch Systems

Ensure all software, including operating systems, web applications, and third-party tools, is regularly

updated to patch vulnerabilities and protect against known exploits.

5. Train Employees on Cybersecurity Best Practices

Educate employees about recognizing phishing emails, avoiding suspicious downloads, and using secure

methods to access company resources. Also conduct regular security drills to ensure readiness against

potential threats.

C. Name and explain in detail 5 basic control principles of a Secure Network for MinnEast

Bank System. This is a large bank with thirty-seven branches that are connected to a data center

which hosts transaction servers of various types. Each branch has personal computers and ATM

machines connected to its own server via LAN or WAN circuits. The branch servers store the daily

transaction data and transmit to the data center several times per day. Tellers use eight-digit

passwords. Your answer could include a variety of asset types including: hardware, circuits,

network software, client software, organizational data and mission critical applications.
 For MinnEast Bank System, ensuring the security of its network across thirty-seven branches and a

central data center is critical. The following five basic control principles are essential for safeguarding

data and transactions:

1. Authentication and Access Control

Robust authentication methods are essential to guarantee that only authorized individuals can

access sensitive systems and information. Although the bank currently employs eight-digit

passwords, augmenting this system with multi-factor authentication (MFA) can greatly enhance

security. MFA necessitates that users confirm their identity employing various methods, such as a

password combined with a security token or smartphone application. This extra layer of security

aids in preventing unauthorized access even if passwords are compromised. This principle is

applicable to user accounts on servers, personal computers, and ATMs, ensuring that only

authorized employees or devices can enter systems that hold transaction data.

2. Data Encryption

Securing sensitive data through encryption is vital to shield it from unauthorized access. This

encompasses encrypting data both when it's saved and during. Utilizing secure protocols like

TLS/SSL for communication guarantees that data maintains its confidentiality and remains

unaltered throughout its transfer. Furthermore, encrypting stored transaction data protects it from

breaches.

Encryption safeguards organizational data, mission-critical applications, and transaction logs from

exposure or modification during transfer or storage.

3. Network Segmentation and Isolation

Network segmentation consists of partitioning the network into smaller, isolated segments to

contain possible breaches. For MinnEast Bank, this entails establishing distinct zones for branch

servers, ATM machines, and the data center. By separating these segments, even if one area is

compromised, the threat can be confined without impacting other essential systems.
 This control pertains to network hardware such as routers and firewalls, and software

configurations that establish each segment's boundaries.

4. Intrusion Detection and Prevention Systems (IDPS)

An IDPS tracks network traffic and system operations for indications of malicious behavior or

policy infractions. By implementing IDPS at both branch servers and the data center, MinnEast

Bank can recognize unauthorized access attempts, malware infections, or data exfiltration in real-

time. These systems generate alerts for suspicious activities and can respond automatically by

blocking harmful traffic. This principle shields the bank's complete infrastructure both hardware

and software from external and internal dangers that could compromise critical data.

5. Regular Audits and Monitoring

Performing regular audits and constant monitoring of user actions, network traffic, and system logs

is critical for identifying irregular activities that may suggest security breaches. For MinnEast

Bank, establishing log management systems to capture transaction logs, access logs, and

authentication attempts across all branches is vital. Periodic audits guarantee compliance with

security policies while real-time monitoring tools assist in swiftly identifying emerging threats.

This control pertains to organizational data, network software, mission-critical applications, and

hardware by ensuring that logs from personal computers, branch servers, ATMs, and the data

center are perpetually monitored for unusual activities.

By implementing these five principles of authentication and access control, data encryption,

network segmentation, intrusion detection and prevention systems, and regular audits. This

approach will protect hardware, software applications, and sensitive organizational data while

maintaining the integrity, confidentiality, and availability of transaction information across all

branches and the central data center.

E. Chicago Consulting (REQUIRED TO BE ANSWERED)

100Base-T Ethernet LAN segments (each using a 48-port switch) to a core switch. The LANs are

all in the same building and they also need connectivity to an ISP for Internet. There are also two

wireless access points for mobility in conference rooms on each LAN segment. Develop and draw

a simple backbone and determine the total cost (i.e., select the device and price it) for all of the

required network components. You do not need to include the cost of cabling in this exercise,

though of course it is a vital cost.

 Your answer must have a drawing and a spreadsheet illustrating the individual

component and total costs.

Use prices from www.cdw.com.

To connect the four 100Base-T Ethernet LAN segments in the building, we recommend

implementing a backbone consisting of robust switches, reliable routers, and high-performance

wireless access points. For the Ethernet backbone, we propose using the NETGEAR

ProSAFE 48-Port GbE Smart Managed Switch with 8 PoE. Each LAN segment will be

equipped with one of these switches, which offer 48 Ethernet ports for connecting devices and

eight PoE ports for powering peripherals like wireless access points. These switches provide

smart management capabilities, allowing for efficient network performance and scalability.

To ensure Internet connectivity, we suggest deploying the Cisco 867VAE Secure Router for

each LAN segment. This device is an entry-level router that combines routing functions, a DSL

modem, and a 5-port switch, making it a cost-effective yet versatile solution for managing the

network's external connectivity.

For wireless coverage in the conference rooms, we recommend the Cisco Aironet 3702i

Wireless Access Points, with two access points allocated per LAN segment. These access
 points support the 802.11ac standard, delivering high-density coverage, improved range, and

excellent throughput, which is crucial for seamless mobile device connectivity and enhanced

user experience.

Seria Product Cost per Quantity Total Cost

l Unit

1 NETGEAR ProSAFE 48-Port GbE Smart $676.99 4 $2,707.96

Managed Switch w/8 PoE

2 Cisco 867VAE Secure Router $372.99 4 $1,491.96

3 Cisco Aironet 3702i Wireless Access Point $1,009.99 8 $8,079.92

Total $12,279.84

This configuration ensures a reliable and scalable network infrastructure capable of meeting the

organization’s current and future needs. The wired backbone provides robust connectivity, while the

wireless solution enhances mobility and flexibility in the conference rooms. The recommended equipment

is cost-effective and designed to support future network security upgrades if required.

F. Data Center

Organizations spent (lots of) money for service providers to house their servers, databases and host

their VoIP, network and other applications.

 Why would they do so?

 Name 5 reasons and explain each IN DETAIL.

VoIP systems, and other applications in data centers because service providers bring valuable

benefits. Here are five reasons, explained in simple terms:

1. Focus on Core Activities

Not every company specializes in managing IT infrastructure. By outsourcing these tasks to service

providers, companies can focus on their main business goals without getting distracted by technical issues

or IT management.

2. Lower Costs

Setting up and running an IT department can be very expensive. Service providers help companies save

money by offering access to skilled technicians and 24/7 support without requiring the company to invest

heavily in hiring, training, or maintaining IT staff and equipment.

3. Flexibility with Technology

Technology changes quickly, and companies may struggle to keep up if they manage IT on their own.

Service providers stay updated with the latest advancements and can help businesses upgrade their

systems without the hassle of managing it themselves.

4. Increased Efficiency

Service providers are experts in their field. They can identify and fix issues with servers, networks, or

software much faster than a company might be able to on its own. Their expertise ensures smooth and

efficient operations.

5. Support for Business Goals

Good service providers understand the specific needs of a business and provide tailored solutions to meet

those needs. Their expertise and industry knowledge help companies achieve their objectives more.