Laylaa Okike

MOTIVATION PAPER From : CHARLES AMON – INFORMATION SECURITY Date : 27 FEBRUARY 2022 Subject: Multi-layered Security Implementation – Phase 1 1. Introduction IMS is in the process of acquiring ISO27001 certification which is focused on the implementation of Information Security Management System (ISMS). ISO27001 will benefit IMS by putting all security controls in place and enable different business opportunities. The ISMS is focused on putting cohesive security controls based on process, people and technology. Our focus in this request is to implement technological controls. 2. PURPOSE The purpose of this memorandum is to obtain approval to implement multi-layered security controls. The controls will be put in phases. The first phase is focused on implementing highly required solutions based on the urgent requirements to close the gaps on critical requirements from our clients. The below are solutions that are required in the first phase. a) Security Information Event Management System (SIEM) – This is a security solution that helps organizations recognize potential security threats and exposure of security flaws before they have a chance to disrupt business operations. It surfaces user behaviour anomalies and uses artificial intelligence to automate many of the manual processes associated with threat detection and incident response and has become a staple in modern-day security operation centres (SOCs) for security and compliance management use cases. b) Supported Remote Access Virtual Private Network (VPN) – This enables remote users to securely access and use their organization's network in much the same way as they would if they were physically in the office. With remote access VPN, data can be transmitted without an organization having to worry about the communication being intercepted or tampered with. c) Vulnerability Scanner – Vulnerability scanners are valuable tools that search for and report on what known vulnerabilities are present in an organization's IT infrastructure. Using a vulnerability scanner is a simple, but critical security practice that every organization can benefit from. These scans can give an organization an idea of what security threats they may be facing by giving insights into potential security weaknesses present in their environment. 3. BACKGROUND IMS is currently operating with very minimal security controls. This is a very critical requirement in order for IMS to maintain its creditability support its clients and conduct business with confidence. From previous audits, IMS failed to meet the minimum information security requirements that are mandatory to maintain its business. Non- compliance to these requirements is a serious risk of security breaches, loss of productivity, reputational damage and more. 4. MOTIVATION Cybercrime is one of the most serious problems that most businesses confront. The threat is constantly changing and has the potential to be devastating. Financially, the consequences of a cyberattack or data breach can be devastating, not only in terms of financial loss and the expense of remediation, but also in terms of potential fines for failing to comply with data security legislation. Meanwhile, the reputational harm that a data breach can bring might be just as damaging. The purpose of a multi-layered security approach is to ensure that each individual component of your cybersecurity plan has a backup to counter any flaws or gaps. These layers work together to bolster your defences and build a solid foundation for your cybersecurity program. Below are are a few of the requirements of a multi-layered security controls. a) Monitoring: Ensuring you know what is happening in your environment and can correlate events taking place in different parts of your environment to understand the full picture. b) Vulnerability Scanning: Ensuring that the business knows its exposed weaknesses in order to control the potentials of harm c) Secure Remote Working: Ensuring people are able to work from everywhere securely and monitored. d) Endpoint protection: Is the practice of securing endpoints or entry points of enduser devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats. e) Patch Management: Making sure that updates are applied to user devices, servers, applications, appliances and network equipment in a timely manner. f) Network: Ensuring your network is properly protected, minimising unnecessary services, using a baseline secure configuration, ensuring bandwidth is protected. g) Internet: Ensuring that your access to the internet is monitored and protected but also that users trying to access your services from the internet are properly controlled. h) Users: Reducing privileged access to the minimum and ensuring user identity is properly authenticated before a user is given access. Ensuring users are given Cyber Awareness Training and understand, for example, what phishing is. i) Devices: Ensuring that devices configuration matches a secure baseline, running an effective antivirus and host firewall. j) Firewall & Intrusion Prevention: Ensuring that access to your services from staff, partners and the public is properly protected and that staff remote access is secure. Taking measures to ensure you know if your firewall and other measures have been breached. k) Cyber Threat Intelligence: Ensure all environments are assessed to understand the internal and external threats in order to be able to control them. l) Data Protection: Taking regular backups of your data and ensuring that restoration works, ensuring that you know what data you hold and have appropriate controls in place to protect it. In this phase, we are requesting to implement controls that are under a), b) and c). 5. FINANCIAL IMPLICATIONS: 6. FINANCIAL IMPLICATIONS: No ITEm Unit Price ($) Description Unit Price (R) Qty Total ($) Total (R) Once Off 1 PowerEdge R440 Server 2 Nessus Professional 3 OpenVPN Access Server 4 IBM Security QRadar Software Modern compute platforms from Dell EMC easily scale and leverage key technologies to maximize application performance. The PowerEdge R440 is built on a scalable architecture that provides the choice and flexibility to optimize performance and density Yearly Subscriptions Nessus Professional automates point-in-time assessments to help quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations, across a variety of operating systems, devices and applications. Provides virtual private networking using OpenVPN protocol. OpenVPN protocol uses SSL/TLS with client and server certificates to perform key exchange and mutual authentication. IBM Security Qradar - Security Information and Event Management (SIEM) helps security teams detect, prioritize and respond to threats across the enterprise. As an integral part of your zero trust strategy, it automatically analyzes and aggregates log and flow data from thousands of devices, endpoints and apps across your network, providing single alerts to speed incident analysis and remediation. QRadar SIEM is available for on-prem and cloud environments. R87,306.39 R87,306.39 1 $3,390 $3,390 1 $42 $2100 50 R383 470,61 1 Tax Inclusive GRAND TOTAL $5,490 R470,777 7. RECOMMENDATION We have evaluated and consulted professionals on different security products that offer similar functionality and we recommend the proposed solution as they will enhance our security controls. 8. SIGNATURES REQUESTED BY Signature: MUTHONI KIRUMBI – CTO (IMS Ventures) APPROVED BY 29/03/2022 Signature: JOSPHAT KINYUA – CCO (IMS Ventures) APPROVED BY MKASIRI MSEBENZI – CFO Impuma Group Date: Date: 30/03/2022 Signature: Date: