Udacity Security Analyst Project 1 - Security Controls
Project Description
With this project, I was tasked with examining network topology diagrams and the overall network security posture for a fictitious company. I was asked to analyze the company’s current security controls and make recommendations to improve the security of their network while keeping their business needs in mind. I as then asked to provide a deployment plan to implement these new controls. Specific tasks and examples documents are as follows:
Examine company network diagrams and business
Based off the company’s network diagrams and a description of how the business uses different systems within the network, I was asked to review how well the company’s current security controls hold up against the NIST-800-53 framework. Click below to see an example of an abbreviated NIST-800-53 workbook and my analysis!
Provide the company’s management with additional recommended physical, administrative and logical controls that can be implemented to enhance the company’s information security posture.
Propose two applicable information security policies to the company based off the above analysis
Read integration and administration documentation for third-party security solutions that would help strengthen the company’s security posture. Created a network diagram and deployment plan to integrate these third-party technologies—OpenVPN and Duo—into the company’s network. These technologies allow the company’s employee’s to access resources from outside the network through a secure VPN and authenticate them using two-factor authentication. The flexibility to work remotely has been crucial during the covid pandemic but it has also increased security risks for companies who do not implement secure identity and access management principles.