I need help with the following:

Scenario:

In a series of incidents, the inventory of several stores has been way off. The store suspects that someone is tampering with either the purchase transactions or the logging of inventory changes. Your role is to help determine which type of IDS/IPS to recommend for the corporation. When considering which option to implement, consider that your company has a centralized and well established IT department at the main headquarters, but it feels that money is better spent on marketing than on IT infrastructure. The company manages all of the networks from the main headquarters and has two information technology specialists on staff at all times in the retail stores.

General System Description/Purpose

A. System Description (Who)

1. Grocery store supercenter

2. 1000+ employees

3. Company has been in business for over 20 years.

4. The company has over 200 stores located in 25 states.

5. Their main headquarters is in Washington, DC.

System Architecture (What)

1. Each cash register is connected to a network within the store.

2. Each store's main server is connected to the headquarters network.

3. Network within the store is segmented into three subnetworks, one for sales (the cash registers), one for inventory, and one for management.

4. There is restricted access between the segments:

a) The management segment can access and manipulate the other two segments.

b) The management segment can also communicate with the headquarters network through a VPN connection.

c) The store inventory is transmitted to the headquarter servers nightly.

d) The sales segment has access to the inventory segment.

e) The inventory segment cannot access the other two segments.

Functional Architecture (How)

1. The cashiers need availability to access their registers at any given time

2. System maintenance is only performed nightly, and reports are generated every night at 11:59 p.m.

3. Changes are always implemented on a parallel system and never on the live network.

4. The Grocery Store Supercenter likes to deal with commercial off-the-shelf applications that have been tried and tested by many people.

5. There is a need to identify who or what is manipulating the inventory.

6. Management is not convinced that this is an inside job and wants to determine if external entities are accessing the systems.

User Roles and Access Privileges

1. The cashiers do not know how management tracks inventory.

2. The cashiers only have access to their cash registers.

3. The managers of the cashiers can access both the sales and the management segments of the network.

4. There is no need for cashiers to be manually changing records in the inventory. All inventory is updated on purchase or refund transactions.

5. Information technology specialists at the stores have access to all segments of the network and can communicate with the headquarters servers.

Technolnav Fvaluation Criteria \begin{tabular}{|c|c|c|} \hline Evaluation & Evaluation Criteria & Manager's Questions-Aligned to Criteria \\ \hline & \begin{tabular}{l} Potential cause of \\ network outage \end{tabular} & \begin{tabular}{l} 1.a. What are the organizational attributes? \\ 2.a.i. What is the level of concern about who's on (or off) the network? \\ 2.a.iii. What is the level of concern about the ability to defeat secure communications? \\ 2.a.iv. What is the level of concern about resilience? \end{tabular} \\ \hline & \begin{tabular}{l} Potential cause of \\ network \\ disruption/slowdown \end{tabular} & \begin{tabular}{l} 1.a. What are the organizational attributes? \\ 2.a.i. What is the level of concern about who's on (or off) the network? \\ 2.a.iii. What is the level of concern about the ability to defeat secure communications? \\ 2.a.iv. What is the level of concern about resilience? \end{tabular} \\ \hline & \begin{tabular}{l} Potential cause of \\ excessive alerts \end{tabular} & \begin{tabular}{l} 1.b. What are the organizational constraints? \\ 2.a.i. What is the level of concern about who's on (or off) the network? \\ 2.a.iii. What is the level of concern about the ability to defeat secure communications? \end{tabular} \\ \hline \multirow[t]{4}{*}{ Cost } & Software & \begin{tabular}{l} 1.a. What are the organizational attributes? \\ 1.b. What are the organizational constraints? \\ 2.b.i. Can we afford the investment? \\ 2.b.ii. Do we have the right people to implement? \end{tabular} \\ \hline & Personnel (training) & \begin{tabular}{l} 1.a. What are the organizational attributes? \\ 1.b. What are the organizational constraints? \\ 2.b.i. Can we afford the investment? \\ 2.b.ii. Do we have the right people to implement? \end{tabular} \\ \hline & \begin{tabular}{l} Deployment (time to \\ implement) \end{tabular} & \begin{tabular}{l} 1.a. What are the organizational attributes? \\ 1.b. What are the organizational constraints? \\ 2.b.ii. Do we have the right people to implement? \\ 2.b.iii. Will it take too much time? \\ 2.b.iv. Is the tech/activity too complex? \end{tabular} \\ \hline & \begin{tabular}{l} Deployment \\ (complexity) \end{tabular} & \begin{tabular}{l} 1.b. What are the organizational constraints? \\ 2.b.ii. Do we have the right people to implement? \\ 2.b.iv. Is the tech/activity too complex? \end{tabular} \\ \hline \end{tabular} Technology Evaluation Criteria Table \begin{tabular}{|c|c|c|c|} \hline \begin{tabular}{l} Evaluation \\ Factor \end{tabular} & Evaluation Criteria & \begin{tabular}{l} Manager's Questions- \\ Aligned to Criteria \end{tabular} & \begin{tabular}{c} Relevant Organizational Security Plan Information (From \\ Scenario) \end{tabular} \\ \hline & \begin{tabular}{l} Potential cause of \\ network outage \end{tabular} & \begin{tabular}{l} 1.a. \\ 2.a.i. \\ 2.a.iii. \\ 2.a.iv. \end{tabular} & \\ \hline & \begin{tabular}{l} Potential cause of \\ network \\ disruption/slowdo \\ wn \end{tabular} & \begin{tabular}{l} 1.a. \\ 2.a.i. \\ 2.a.iii. \\ 2.a.iv. \end{tabular} & \\ \hline & \begin{tabular}{l} Potential cause of \\ excessive alerts \end{tabular} & \begin{tabular}{l} 1.b. \\ 2.a.i. \\ 2.a.iii. \end{tabular} & \\ \hline \multirow[t]{4}{*}{ Cost } & Software & \begin{tabular}{l} 1.a. \\ 1.b. \\ 2.b.i. \\ 2.b.ii. \end{tabular} & \\ \hline & \begin{tabular}{l} Personnel \\ (training) \end{tabular} & \begin{tabular}{l} 1.a. \\ 1.b. \\ 2.b.i. \\ 2.b.ii. \end{tabular} & \\ \hline & \begin{tabular}{l} Deployment (time \\ to implement) \end{tabular} & \begin{tabular}{c} 1.a. \\ 1.b. \\ 2.b.ii. \\ 2.b.iii. \\ 2.b.iv. \end{tabular} & \\ \hline & \begin{tabular}{l} Deployment \\ (complexity) \end{tabular} & \begin{tabular}{l} 1.b. \\ 2.b.ii. \\ 2.b.iv. \end{tabular} & \\ \hline \end{tabular} Evaluation Criteria Priority List Fundamental Security Design Principles