Culminating Project Title
Date of Award
Culminating Project Type
Information Assurance: M.S.
Information Assurance and Information Systems
Herberger School of Business
Jim Q. Chen
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
The increasing sophistication of information security threats and the ever-growing body of regulation has made information security a critical function in organizations. Software companies and application vendors are unable to keep up with rapidly growing attacks and changing threat patters. The need for information security should be apparent and require substantial research, knowledge, and ability to design and implement an effective security program. Also, requires a great investment of time and resources. Many small and medium businesses may understand the importance of risk, but lack in grasping the severity of the problem and resources to identify it. A well analyzed and implemented information security program can reduce the damage caused by an attack by reducing the mean time to detect, contain and restore. The purpose of this paper is to present a systematic approach to conduct analysis by gathering data, implementing and monitoring the critical security controls. An effective information security process ensuring strong security posture to defend against cyber-attacks with minimum resources and open source software is the key to this research as it reduces the cost to implement and maintain the security operations center. The literature focuses on increasing cyber-attacks on organizations and how to prevent these attacks using technical countermeasures and non-technological side of information security. This research refers to CIS critical security controls (CSC) to classify data, systems and analyze risk using Qualitative and Quantitative data. Research data is collected from J & B Group Information technology team. Importance of security program is not only adopting best security processes and tools but also must be reviewed, updated and maintained on a regular basis. Continuous monitoring of security controls is driven with open source SIEM tool with minimum license and by establishing custom rules for generating offenses and alerts.
Eemani, Hareesh Reddy, "Analyzing, Implementing and Monitoring Critical Security Controls: A Case Implemented in J & B Group" (2017). Culminating Projects in Information Assurance. 36.