Overview and Structure of “Omega Security”

Write the Overview and Structure of “Omega Security” (Proposed name of the company) using at least 600 words. The details should cover: What is the mission of Omega Security is? How Omega Security is structured? What are the job roles and responsibilities of the different parts/units of Omega Security and the different employees of Omega Security? How the roles and responsibilities of each unit and/or employee fit together into the mission of Omega Security? Are there different levels of employees, such as managers and lower level workers who will have different information technology needs? I need to provide the big picture view of Omega Security in this draft. Later this information will be used in the final draft, we will need to discuss the information technology of Omega Security’s proposed business in more detail. But here we are just trying to get a big picture of Omega Security itself and how everybody fits together to fulfill the mission of the Omega Security. The organizational overview section should describe the structure of the business that we are proposing, focusing on the different levels of employees in the organization (upper management, middle management, operational management, and lower level employees, such as production and service workers, and data workers) and their IT needs.

Omega Security is based on providing network and host security to small businesses. The Omega Security will provide a tiered approach to support small businesses and infrastructure with detailed security on the status of network and devices. The security of the business will also include providing the support of applications being used within the business.The name of the business is “The business that I propose to create is based on providing network and host security to small businesses. The business will provide a tiered approach to support small businesses and infrastructure with detailed security on the status of network and devices. The security of the business will also include providing the support of applications being used within the business.The name of the business is “Omega Security”

Upper Management will constantly be considering the ways that the company will be implementing the new security needs of the customer in relation to the services that are being offered. New security needs will be identified through the close communication taking place between the middle managers identifying new threats which have been found to be exploiting network and users. Operational managers will be communicating the information associated with the customers that we are supporting. The information would be related for example to systems not being patched at the proper levels, security measures not being properly implemented on the devices, and users inducing security incidents, etc. Lower level employees would be the analysts responsible for monitoring the traffic associated with our customers. Analysts would be broken out into sections such as network analysts, and host analysts. My proposed employee roster would include: 3 Upper level managers, 4 middle mangers, 3 operations managers, 9 Lead Analysts, and 40 lower level analysts.

The business will use the Splunk as the main tool for analyzing data present within its customer’s organizations. (Security Onion) The Snort IDS will be used to monitor network traffic. Helix with Sleuthkit/Autopsy will be used for host forensics. Tools such as Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico will also be primary suite of tools used for Cyber defense. The company will also provide support for monitoring of the security cameras and alerts within the premises of the business. OmniSure will provide vulnerability assessments of the organizations through the use of penetration testing by leveraging MetaSploit and Kali.

Splunk will be the primary tool responsible for bringing together all the various device outputs. The information provided by the support equipment previously mentioned within question 4 will be gathered and organized into automated reports that would give us insight into the status of each of our customer’s security postures. Often organizations have been known to use a Security Information and Event Manager such as the one offered by ArcSight to accomplish this task, but today there are other more reasonable solutions available to accomplish an Enterprise level security solution such as Splunk.

Our organization will have a Lead Analysts who would keep in close communication with the operations manager. The Lead Analysts would be present within a dayshift, swingshift, and midshift schedule. The Network and Host level Lead Analysts sections would work together in order to verify continuity of operations exists. Operations would entail the monitoring of traffic and network devices, along with the host level analysis in relation to the activity. Lead Analysts would ensure the analysts are performing the necessary tasks for securing customer information and infrastructure. A vulnerability assessment team will have a Lead Analyst within its section as well. They will conduct the scanning of the devices within the organizations to ensure they not vulnerable to some of the known attacks found in the wild. The Lead analysts will work with the Operations managers who will look at the big picture of what is taking place within each of the sections and formulate the necessary measures that should be taken in order to efficiently defend our customers. The Operations manager will take their findings to the middle manager who will make recommendations to customers on updates or upgrades necessary for properly securing their information. The Operational manager will also be responsible for continuation training associated. They would be the experts who know the operations taking place on a day to day basis. They would be the ones who after analyzing the information within their respective sections would then look to provide the Lead Analysts the perspective necessary for oversee the lower level analysts doing the analysis. It would only make sense that both the Operations manager and Lead analysts be the experts.

I have already completed an Abstract and Introduction as well that I will provide you as well.

Below is the Abstract and Introduction. Please let me know your thoughts on this paper.

Abstract

Today businesses and individuals who have been engulfed within information technology must understand that Intrusion detection is a self-describing term that is necessary. It suggests that detection is the key element that must be addressed regarding intrusions and the use of technology. Detecting an intrusion is the prerequisite to prevention, and if systems are to be used they must be protected for businesses and normal users, it is only through capable methods of detection that prevention can be accomplished. If prevention is the ultimate goal to security, then detection must be the starting point because knowing how a door is being opened is the only effective way we may learn to keep it locked. No user or business should operate blindly within an environment without having a security company that protects them from attacks.

Introduction

The world is becoming an electronic field of challenges when it comes to security, and those who have the intentions to harm others have a new and assessable form of weaponry to infiltrate, attack, and lay waste to specific targets on a level never seen before. If you want to stop a thief before he breaks in and steals your belongings, it is mandatory
that your home is secure enough where he cannot get in to do you harm. That being said, detection becomes the most vital part of providing security because it is the precursor to infiltration.

“Some automated tools for detection of unauthorized computer-system use (“intrusions”) are now available [Lunt, 1993], of which NIDES [Lunt et al, 1989] is a good example. These tools examine records of events in a computer system (“audit files”) or monitor events in real time. They do both “anomaly detection” (of statistically unusual behavior like 3 A.M. logins) and “misuse detection” (of suspicious event sequences like finding the password file and copying it). However, such automated tools require significant time and space resources and are not feasible on small computers. Also, no tool can be perfect since new threats constantly emerge and intruders learn to
disguise old threats” (Rowe & Schiavo, 1998).

As the interconnect ability of computers increases, so does the likelihood of threats and intrusion. It is important to bear in mind that these new threats are raised each day and preparedness for detecting intrusion requires not only
covering all bases, it also requires that all T’s are crossed and all I’s are dotted. It is the seemingly insignificant or the outside chance of access that leads to a poorly protected system. Intrusion detection means that all means,
sensitive and less sensitive areas of access are considered, not merely the obvious or most difficult to break through. However, the intrusion detection system is based on discovering an intrusion, as it happens, or after the fact.

One such intrusion detection system, or IDS, is ‘Snort’. “Snort has developed into the security practitioner’s
pocketknife. Snort is a tool that can be used for a variety of functions related to intrusion detection. Snort can be used as a sniffer, packet logger, or network intrusion detection system” (Koziol, 2003). Although effective IDS’s
exist, they are useless if not working within a system, no matter how efficient they might be at detection. Therefore, utilizing a program such as Snort is a useful tool in intrusion detection, but only for the system, it is installed
on. “It would not be appropriate to mention the use of Snort without also mentioning Sguil. Analysts monitoring a high-bandwidth link may put Snort on one platform, the Sguil database on a second platform, and the Sguil daemon on a third platform. Analysts conceivably have the opportunity to consolidate all client and server functions on a single platform” (Bejtlich, 2004).

One interesting point about intrusion detection is the Zero Day exploit. There is a lag so to speak between the time
unauthorized access is gained, and the systems administrators discover that activity. Further still, is the lag between those times a solution is in place to correct any vulnerability that allowed the access. During that period,
hackers utilize and exploit the vulnerability, as well as sharing the information with other hackers to allow them to exploit the window found to access a system. Simply stated, zero day indicates the exploitation of a systems
security vulnerability on the day it is discovered. The goal of security professionals is to use all the tools provided to identify activity potentially indicative of zero day exploitation.

The intent of a security company should be to make machine data accessible across an organization and identify data patterns. It does this by providing metrics, diagnosing problems and providing intelligence for business operations. Splunk is a form of horizontal technology used for application management, security and compliance, as well as business and web analytics. Most enterprises struggle with being able to correlate information present within each of the devices present within a network. A successful security company would use a tool such as Splunk in order to data mine all the logs present within their customer’s network.

…………..Answer preview………..

Security Management is one of the considerable factors that will develop Omega Security effectively. The growth and development of information technology has influenced more than a few factors in the contemporary world. Success has become a complex factor to most organizations due to increased insecurity influenced by unauthorized users. This has made most organizations to face serious challenges such as malicious threats……………..

APA

744 words