C850 Template(1)

.docx

School

Western Governors University *

*We aren’t endorsed by this school

Course

C850

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

8

Uploaded by EarlFireTapir33

Report
C850: Tech Proposal 1 Emerging Technologies (C850) Task 1 Cora Connell Student ID: 010877828 Western Governors University
C850: Tech Proposal 2 1. What is the Organizational Need? TechFite values its security as one of its top priorities, and the company is in need of a Security Information Event Management solution or SIEM that analyzes large amounts of log data in real-time. This need for high security is why a SIEM will be the best solution to adopt for TechFite’s business needs. “The underlying principles of every SIEM system are to aggregate relevant data from multiple sources, identify deviations from the norm, and take appropriate action. For example, when a potential issue is detected, a SIEM system might log additional information, generate an alert, and instruct other security controls to stop an activity’s progress.” (Gillis, 2022). The same data that is generated by the honeypot devices that they plan on installing as well as their two firewalls need to be able to be protected and logged. What this solution needs to be able to do is to provide all notifications of active security threats as they happen in real-time, as well as be able to analyze any log behaviors that may be linked to suspicious activity. The solution that TechFite needs not only needs to be able to provide analysis, but it also needs to be able to provide storage of their current data log of retention for one year. The honeypots that the company wants to install store enormous amounts of data to appear. It will be a necessity that the adoption of the technology will meet the regulations of both the FISMA and NIST. 2. The Emerging Technology Solution To meet TechFite’s evolving business demands of intrusion detection and data log storage, I would have to recommend the company adopt the emerging technology solution included in the Splunk Enterprise service on the Google Cloud platform. This would be a great
C850: Tech Proposal 3 Security Information Event Management solution that will both work as an intrusion detection system as well as store massive amounts of data for TechFite. “Splunk is a software mainly used for searching, monitoring, and examining machine-generated big data through a web-style interface. Splunk performs capturing, indexing, and correlating the real-time data in a searchable container from which it can produce graphs, reports, alerts, dashboards, and visualizations. It aims to build machine-generated data available over an organization and is able to recognize data patterns, produce metrics, diagnose problems, and grant intelligence for business operation purposes. Splunk is a technology used for application management, security, and compliance, as well as business and web analytics.” (Archita, 2022) Splunk is an emerging technology because it has both an underlying technology and an attribute. The underlying technology that Splunk uses that makes it emerging is its use of anomaly detection. Splunk is able to spot anomalies in its client’s systems to detect suspicious activity for better security precautions. The attribute that makes Splunk an emerging technology is that it requires customization for use by the client that it serves. Splunk offers full customization of its dashboards to read the incoming data as well as its detection sensitivity. Every company has different security wants and needs making it very important for Splunk’s clients to be able to customize this technology’s functionality to fit their unique business needs. 3. The Adoption process The Gartner STREET process is what I will use to recommend, evaluate, and eventually adopt the suggested SIEM technology to TechFite. “STREET is a flexible process to guide people to make far better informed decisions about whether or not to implement a technology to address a need in an organization. Its name is the acronym for its six steps: Scope, Track, Rank, Evaluate, Evangelise and Transfer.” (Liffers, 1970)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
C850: Tech Proposal 4 The scoping stage is where all businesses should determine their specific objectives and what key features they want the new product needs to have to meet those objectives. TechFite’s ideal emerging technology would be one that can analyze log data, store the log data on a long- term basis, and receive alerts for security threats in real time. Lastly, the new product needs to comply with FISMA regulations, using NIST as the specific security framework. The tracking stage is where a business takes the time to research the product vendors and what they offer. What is one of the most important aspects of finding a vendor is finding them through a reputable source. Ways they can find a good source of information by looking through people’s opinions on products through industry forums and word of mouth by other industries that have gone through the same problems. By using Gartner’s website (www.gartner.com), TechFite will be able to use the great tools provided by the website to find valuable information on the vendors that will supply valid solutions. The rank stage is where a business combines the defined objectives from the scoping stage and the research performed during the tracking stage. A great way that TechFite can determine what vendor will most benefit their needs is by plotting down a pros and cons list of which vendors meet certain objectives and which vendors do not meet the predefined criteria outlined during the scoping stage. The evaluation stage is where the top performing vendor that was determined during the tracking stage goes through a process of evaluation by determining the vendor and its product’s risks, benefits, and costs. The benefits of the emerging technology vendor could then be broken down into smaller parts such as business, infrastructure, and processes. By breaking down the evaluation process into smaller, more manageable pieces, TechFite will be better able to
C850: Tech Proposal 5 understand the value that the vendor has for their company and the implementation of the solutions. The evangelization stage is where everyone gets to share their opinions and learn about the benefits that the vendor will give to the company. TechFite’s project managers should share the proposals with the top leading executives that make large business decisions. TechFite should use staff that is educated in making a convincing argument to get their point across efficiently and accurately to their audience. The transfer stage is where the correct department gets the responsibility of solution implementation. For TechFite, if the Splunk vendor gets approved through all of the preceding approval processes, then the tech department will handle the implementation. 4. The Technology Impact It is always best practice to lay out any impacts that a new product would have on the company’s process and people. Whether that impact is positive or negative, both are equally important in its discovery. A positive impact that Splunk Enterprise service on the Google Cloud platform would have on TechFite would be that it would provide the analysis of logs and the detection of security events in real-time, meaning that it would make it easier for TechfFte to detect suspicious behavior. With this automation of log analysis, TechFite’s security department employees would have more time to concentrate on other security-related tasks. By these specific employees being able to have more time to do other important tasks, the company will have better security overall.
C850: Tech Proposal 6 One potentially negative impact that this technology solution will have on TechFite will be a natural disaster such as a tornado, earthquake, or hurricane. If one of these disasters takes the network’s connection offline and breaks the fiber optic lane, all of that downtime could be a huge loss of money for the company. A way to mitigate this negative impact is to make sure that the company has a disaster recovery plan and also has a backup site to make sure the security department has access to all of its resources. Another potential negative impact of the product would be the loss of jobs due to the automation of duties performed by SIEM technology. With security employees having less work to do, this may create more layoffs for certain employees. One solution that could be implemented to minimize this drawback would be to reconfigure the positions in the security department or give the security department bigger projects since the company will grow with this product’s implementation. 5. The Technology Comparison A great alternative emerging technology solution would be another SIEM called Mezmo. One advantage that Mezmo has, unlike Splunk, is that it offers a free trial to its users. Before committing to a product, it is good to have a free trial to be able to try out the product before any money is paid. Another advantage that Mezmo has over Splunk is Mezmo’s ease of setup. Mezmo has a more user-friendly approach when it comes to setting up the technology in the company. This alternative technology solution was not chosen because of the disadvantages that it has over Splunk. One of those disadvantages is that Mezmo is far more used by small businesses and other large enterprise companies largely use Splunk. The fact that Splunk better caters to large companies like TechFite, Splunk was far superior to Mezmo. Another disadvantage that Mezmo has is that it does not offer diverse systems monitoring. TechFite has
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
C850: Tech Proposal 7 multiple systems that need real-time monitoring so Splunk was chosen over Mezmo because Splunk offers diverse systems when it comes to its monitoring capabilities. 6. The Adoption Metrics and Success The successful implementation of Splunk Enterprise service on the Google Cloud is key. The first step would be to make a log of how well the current TechFite systems are detecting any security threats and keep those numbers logged to be compared for future use. Then, after Splunk is launched and running smoothly for 90 days, the new numbers of security detection will be compared to the numbers recorded before the technology was implemented. If the newly recorded numbers show a vast increase, then the company will know that Splunk is doing an efficient job of showing the security threats. When it comes to employee productivity and the security department’s work hours it takes to read the logs, we will also compare the amount of time before and after the 90 days of employee work hours. If the employee’s log-checking work hours go down, then it will show that Splunk is doing a better job at increasing the company’s use of time. By the comparison of the predetermined benchmarks made before and after the 90-day mark, the success of the implementation can be determined. 7. References Used
C850: Tech Proposal 8 Gillis, A. S. (2022, December 9). What is Siem?: A definition from techtarget.com . Security. Retrieved December 23, 2022, from https://www.techtarget.com/searchsecurity/definition/security-information-and-event- management-SIEM Archita, A. (2022, April 22). What is splunk - splunk meaning and splunk architecture . Intellipaat Blog. Retrieved December 23, 2022, from https://intellipaat.com/blog/what-is- splunk/ Liffers, M. (1970, January 1). Driving emerging technology evaluation with the street process . Murdoch University Research Repository. Retrieved December 23, 2022, from https://researchrepository.murdoch.edu.au/id/eprint/5384/ Nguyen, T. (2019, June 24). 5 splunk alternatives - faster, more affordable logging platforms: Mezmo . RSS. Retrieved December 23, 2022, from https://www.mezmo.com/blog/5- splunk-alternatives-for-logging-their-benefits-shortcomings-and-which-one-to-choose G2. (n.d.). Mezmo vs. Splunk Enterprise 2022 | G2 . G2 - BUSINESS SOFTWARE REVIEWS. Retrieved December 23, 2022, from https://www.g2.com/compare/mezmo-vs-splunk- enterprise