Professional Documents
Culture Documents
Innovations Lab
Proposal Document
Table of Contents
INTRODUCTION ......................................................................................................................................3
STRATEGY ................................................................................................................................................3
ARCHITECTURE ......................................................................................................................................4
CONSIDERATIONS: .................................................................................................................................8
CONCLUSION ......................................................................................................................................... 10
REFERENCES ......................................................................................................................................... 11
Innovations Lab Proposal Document 3
Introduction
The purpose of this document is to set out the strategy, architecture and plan for the new
Innovations lab that the company would like to setup. This lab will accommodate users from
many different government agencies. Security and business continuity, risks, and threats have
Strategy
For the innovation lab, it is proposed to use a mixture of the National Institute of Standards
and Technology’s (NIST) Cybersecurity Framework (CSF). The framework’s core has four
elements: Functions, Categories, Subcategories, and Informative References. Within the Functions
there it is organized by cybersecurity activities by the highest levels, and they are Identify, Protect,
Detect, Respond, Recover. Using this basic core and creating different matrixes for different
element of the innovation, it will help ensure that the organizations goals with the lab, as well as
the normal organization business systems and services are put in less risk.
Innovations Lab Proposal Document 4
Architecture
The Architecture that is proposed for the Innovation Lab is to have a totally discrete
infrastructure, apart from any development, testing, or production environments from the
in a totally separate sever room so as to create an independent lab. This independency will allow
the normal business functions and systems to run without the risk of being brought down with
newly developed projects that the lab will be creating. Also, this will allow the freedom for the
1
National Institute of Standards and Technology. (2018, May 3). MEP Centers Aid Manufacturers on
Cybersecurity. Retrieved June 26, 2020, from https://www.nist.gov/news-events/news/2018/05/mep-centers-aid-
manufacturers-cybersecurity
Innovations Lab Proposal Document 5
The lab will be divided by the Sever Room, which will contain the Server Farm along with
all the networking equipment that will create the foundation for the lab. All of the environments
will run off virtual servers and virtual machines. There will be some setups that will be self-
contained environments with no access to the internet, in order to ensure security and a more
contained lab and have a controlled data set. Other setups will have access to the Internet, with all
the necessary firewalls and IDS/IPS devices to secure them. There will be no direct access between
the Innovation Lab and the company’s production networks. Each will have their own separate
The other part of the Innovation lab will be the lab area itself. Where workstations, and
other equipment will be provided, such as laptop, phones without cellular service, and other such
mobile devices. No outside equipment will be allowed in the lab. If there are any devices that
A cybersecurity infrastructure plan and policy will be put in place, following guidelines
Privilege
Layered Security and controls should also be built into the whole infrastructure, which falls
under Defense-in-Depth.
2
https://www.imperva.com/. (2020). What is Defense in Depth | Benefits of Layered Security | Imperva. Retrieved
June 26, 2020, from https://www.imperva.com/learn/application-security/defense-in-depth/
Innovations Lab Proposal Document 7
The following is the proposed plan for Leadership’s approval to proceed with the
Innovation Lab.
For access to the lab, there will be policies and vetting from the various agencies that would
like to participate and use the Innovations lab. Only vetted personnel may be permitted to use and
access the lab. Physical access to the lab will be via company issued access cards. These access
cards will be continuously monitored and will need to be renewed every quarter of a year. The
vetting process will be done again but in a more abridged process. Every entry, for each single
user, per room will need to have a card swipe. Access to the lab will only be permitted while being
accompanied by IT personnel of the company. All entries should be logged and the reason for
General user policy for access to workstations and the various VM environments will be
controlled by a domain controller. Usernames and Passwords will be managed by the IT team of
the company. These accounts will be audited along with the quarter end audits of user’s access
control. Entry and exits logs will be audited as well by the IT Security team. For international
users, workstations and laptops will be provided sent out and manage by the company. All VPN
traffic will be monitored. There will be no access to the Innovations lab if not connected to the
Lastly, above and beyond the security audit done by the internal team, an outside vetted
security consultant will do a Security and Risk Assessment on the Innovations Lab. Not
prescheduled but done randomly at the discretion of the consultant agency. This test will be done
at least bi-annually and no more than once a quarter. This will help keep the IT team alert and will
Considerations:
There are possible threats and vulnerabilities that can come about with opening the
Innovations Lab. With so many different non internal users it will be hard to spot and thwart a
threat. Hopefully, with the proper vetting from agencies and given the least access with the access
Another consideration to be kept in mind is infiltrations of malware or bad code. But the
same goes for any exfiltration of data. The innovations lab is meant to be open and creative but
Innovations Lab Proposal Document 9
within the walls of the lab itself. Staff and anyone involved in the Innovation lab should be extra
As mentioned above, there are some policies that should be considered. Vetting of users
and guest of the lab should be a requirement. There should not be any external devices allowed
into the Lab, such as any laptops, mobile devices, cameras, or usb devices. These external devices
Part of the Security Policy will entail the Incident response team and what actions are to
be done when. This response team will be cross departmental and will also consist of the Security
consultant agency. The security policy will not be the same as the Company’s overall security
policy but the Innovation Lab will have its own drawn up. That way there is no confusion on who
If the systems are setup correctly, the first line of defense will be affirmative action from
the IDS/IPS systems that have been setup. The next line of defense will the engineer assigned to
the task of first response once an alert has been made. The engineer will need to verify that the
alert is not a false positive and proceed with next actions to slow down or stop the threat or incident.
If the engineer is not able to handle or stop the incident it should immediately be escalated until
the incident has been taken care of. A post actions and follow up report should be drawn up within
the next 12 hours and submitted to the Incident Response team. Any conclusions and finding
Innovations Lab Proposal Document 10
should be taken note of. Next actions and new solutions should follow close behind to help avoid
Conclusion
For the Innovations Lab, it is proposed to have a separate discrete setup from all normal
business systems and functions. This way threats and risks will be minimized, with outside users
international or domestic will have. Tools and equipment will be issued by the company for use
by the users. There will be a security policy setup along with an incident response team specifically
for the Innovations Lab. Lastly, to help ensure the security of the lab, there will be a security
consultant that will work with the IT Security team, but also will be conducting risk assessments
randomly.
Innovations Lab Proposal Document 11
References
National Institute of Standards and Technology. (2018, May 3). MEP Centers Aid
https://www.nist.gov/news-events/news/2018/05/mep-centers-aid-manufacturers-
cybersecurity
security/defense-in-depth/