A large Information Technology company is currently undergoing planning to develop a research innovation lab. This lab will bring in industry, government, and academic leaders from across the world to develop transformative products and solutions. This lab will be on-site at the IT Company, and the internal IT department has been placed in charge of outlining an information technology architecture and then implementing an information technology infrastructure for the space. As we move forward in our thinking, security is a major concern. As this facility is on-site, it potentially increases our risk tremendously, as now we have several untrusted individuals from a variety of domestic and international organizations potentially having access to our physical and digital assets. Our leadership has indicated that we must mitigate this risk as much as possible, but still have a fully functioning lab where individuals have the tools and capabilities they need and do not feel restricted in their creativity or in a way that would diminish the vision for the lab.The CIO is very concerned about supporting this lab, as our team will need to provide access and support to users on systems, provide network connectivity, provide access to storage, and various other requests that will be part of individual innovation projects, and we do not want to put other business systems or services at risk.Your assignment as the new security leader is to:
Design a strategy and architecture that will allow the goals of our leadership to be reached in building the lab, while mitigating risk to the remainder of the facility.
Develop an IT plan for the lab that could be presented to leadership for approval.
Consider possible threats posed by the launching of the innovation lab, possible vulnerabilities to the lab and the core business, the type of policies we need to consider (both for the lab, and amendments to current organizational policies), what type, what mechanisms we might think about to meet the policy requirements, and assurance we can provide that the mechanisms will be effective in meeting requirements. Also, please consider how we should respond to an incident in the lab, and what we should have in place to mitigate the impact to the overall business.
Describe any other considerations you think relevant, and make any assumptions necessary (though please be ready to explain these). Please do not consider financial considerations at this time. Submit any questions about the project or innovation lab requirements through the discussion board.