You have been hired as consultants to design and implement a security initiative for an expanding global eCommerce corporation with two websites and locations in New York and London. There are currently about 300 employees in the company.

In the next three months, the corporation will be acquiring another company in a different line of business with plans to offer products for sale online. This new company is in Paris and will have a Research and Development (R&D) and a Sale Dept., with 150 to 200 employees. They will create new products and sell them online. 

Part of your role would be to recommend the best way to integrate both environments. However, not much information is available about the IT setup for the company being acquired. The other company might even have a mix of operating systems – it is unclear since the IT staff in that company is not very communicative. 

Some critical staff members in the other company are not happy with the upcoming merger and have sworn to be as uncooperative as possible. The Network Manager for the other company has a complex personality. There are plans to fire him, but unfortunately, he is the only one who knows the network architecture entirely. Furthermore, he is unwilling to share. You must find out everything about the new environment and propose specifics on integrating both Enterprise Level environments seamlessly.

In the initial conversation with executives of the global company, you realize that the company does not have a security policy. After much discussion, they have agreed that you should develop a detailed security policy customized for the company. 

In a follow-up meeting with the executives and IT staff of the global corporation, you are also assigned the task of identifying the following:

• Two (2) security audit tools (vulnerability/web scanners).
• Two (2) intrusion detection systems.
• Two (2) network firewall products that would be suitable for the global company. 
• Two (2) automated network asset inventory tools to know what exists at the new location and determine what will be integrated into the merged company.
• You are to test and describe the features of selected security solutions.
• Indicating (a) which you prefer and (b) providing a convincing rationale for why you prefer a specific solution in each category. In other words, you are to evaluate two products for each category and recommend one, giving the reasons for your choice.

Salient points: The new corporate acquisition will increase the total number of computers under your IT department’s care to about 1,000 computers and network devices. The exact number is not precise: Even the management at the other company is not sure of the number of systems in that network because of the difficulty in finding the specifics about the company being acquired. 

It appears the acquired company runs a mixture of a peer-to-peer network and the domain model. Part of the decision you would have to make would be how the integrated environments would be networked: You have the discretion to come up with the design and budget (subject to approval, of course) for the overall security initiative and covering:

• The security policy.
• Network audit to determine what devices and data.
• Seamless integration between the merging companies.
• Recommendation for IDS system(s).
• Recommendations for security audit tools (web/vulnerability scanners).
• Recommendations for network firewall device(s).

Deliverables for the Project:

1. The Security Policy Document (You can adapt an Acceptable Use Policy document from www.sans.org)
2. Plus, a minimum of eight-page (8) paper in APA format in Microsoft Word, double-spaced describing how you would go about implementing the overall security initiative for the company.
3. A 1-page summary of your overall strategy
4. A 1-page of network audit to determine what devices and data 
5. A 1-page of information security-related recommendations for integrating both corporate enterprise environments
6. A 1-page for the Intrusion Detection System (evaluate two different products and recommend one, giving the reasons for your choice). Consider HIDS/NIDS & IDPS.
7. A 1-page for the web/vulnerability scanners (evaluate two different products and recommend one, giving the reasons for your choice
8. A 1-page for the network firewall devices (evaluate two different products and recommend one, giving the reasons for your choice)
9. A 1-page of your overall conclusions demonstrating your grasp of information security best practices and current trends
10. A Microsoft Visio or similar diagram network diagram of all components in a logical layout to show how the deliverables are related
11. A 1-page of Scholar/Product APA references
12. A 10-minute PowerPoints or similar audiovisual presentation of your project

Note: Microsoft Visio is available to you through our College of Technology’s Academic Alliance with Microsoft. If you haven’t taken advantage of this Academic Alliance yet, let your instructor know so you can get access.