Memo

MEMORANDUM

To: Sterling Piette, CIO

From: Learning Team A

Date: November 21, 2014

Subject: Network Security Solution

Mr. Piette,

It has come to our consideration the need to enhance the network security and to minimize the internal as well as external threats to Lafleur Trading Company. It is our understanding there is multiple vulnerabilities and security breaches recently noticed by your competitors. In order to prevent such issues you will be pleased to see that we have been working on the redevelopment of Lafleur Trading Company’s network and have found ways to improve on the infrastructure with the following concerns in mind:

* Centralized network support

* The office of the Director of Sales and Marketing owns the most sensitive business data.

* The office of the Director of Human Resources owns the most sensitive personal data

* It is considered likely that the SIDHistory (Security Identifier History) vulnerability has been used by internal threats to gain access to sensitive data

To achieve the goals that are expected of us we will need to re-organize the layout of the network structure while considering employees in your Canadian Warehouse and Remote Offices. From what we can see, Marketing, IT, and HR are all sharing the domain tree and printers. This will likely need to be separated due to the sensitive documents that the Director of HR and Sales and Marketing may possess.

An upgrade of the server Operating System is recommended. Windows Server 2008 R2 is the recommended OS to succeed the current AIX OS. Implementation of an Active Directory system and Group Policy to authorize access and apply permissions within the system is also part of the recommendation. With these changes centralized network support by a centralized IT support team will be necessary.

Currently, the following risks have been identified:

* An out-of-date Operating System lacking sufficient security protection.

* Lack of security...