Best writers. Best papers. Let professionals take care of your academic papers

Order a similar paper and get 15% discount on your first order with us
Use the following coupon "FIRST15"
ORDER NOW

Assurance Homework

/in /by

Information Assurance Homework

• Presentation slides/video – Monday, May 6, 2019, 4pm

• Final report paper – Friday, May 17, 2019, 4pm

Scenario

Several computers in your company have recently been compromised. It was discovered that

the company network had been under attack for several months. However, these attacks had

not been previously detected. The attackers exploited both network and host vulnerabilities.

The head of your company decides that security needs to be improved. The company

network should be modified to prevent a majority of further attacks. Attacks that cannot be

prevented should be at least detected. However, solutions for tolerating undetected attacks

should also be envisioned. The head of the company tasks you to come up with a plan. A

rough estimate of the maximum cost of this task is: $500K for equipment and software and

at least 1 full-time security administrator (first year salary only included in initial estimate).

However, the head of your company indicates that these numbers could change based on your

proposal. Your goal is to propose the best plan that would provide the best level of security

for adequate cost and resources.

The company already has a network of Linux computers for scientific research and a

network of Windows computers for administrative tasks. Both networks should be made

more secure. Both networks should also be able to securely communicate. Additionally,

the company relies on its web server to advertise and sell some of its products, as well as

providing a customer support portal.

Write a paper of 17-20 pages (double-spaced) on the security solution you would recommend. Be sure to explain why your solution provides the best level of security for the given

scenario and constraints. Assess the cost and the required resources of your solution.

Purpose/objective

View the problem as if you’ve just been designated head of information security for the

organization or you’ve been hired as a consultant to evaluate and propose a solution.

1

The scenario description has some information, but you will likely need to or will want to

assume additional things to help define the problem. Please discuss and/or clearly state any

assumptions being made.

Comments

Some things you’ll probably need to do:

• Identify, describe, and document the current state of things and start to define the

problem and scope to be addressed. This may include:

– Identifying and/or speculating likely causes or issues relating to the recent compromises.

• Identify/list/describe some or all of the objectives a proposed solution should try to

meet or address. Discuss how the objectives might be prioritized in the context of

the company’s core business operations. (Does it matter if it’s a financial, medical,

engineering, education, etc. type company? If so, you may want to indicate what the

company does and how this may affect priorities.)

• Identify what kinds of things (equipment, personnel, policies, procedures, etc.) may

already be in place or available (and perhaps not being fully utilized) and can be

improved upon. Identify where there may be gaps or aspects that are currently not

being addressed.

• Propose a plan to address and improve security. Discuss how various components will

be implemented and how they are expected to improve the current state of things.

• Discuss if there are ways to measure or gauge if the implemented changes help or improve

security. Also consider if implemented changes may also affect other operational aspects

of the company (either positively or negatively) and whether or not this can be measured

or estimated in some way.

• Discuss if there are alternatives to some of the components in the proposed plan and if

or when the alternatives might be considered or why the alternatives are not a good fit

for the organization and its operations. You can consider alternative components or

alternative implementations of components. For example, you may decide a firewall

or IDS should be part of the proposal, however, there may be different places where a

firewall or IDS might be placed depending on what should be protected or other factors.

• While it is unlikely you would need to discuss or use some of the formal models covered,

there are aspects of them that may be applicable. For example, if a company deals

with sensitive information, you may want to cover how it could be compartmentalized

to minimize the impact from any future compromises. Does the company need to be

concerned about conflicts of interests regarding clients? If so, how can this be handled

internally?

• The cost constraint is included because there will be resource constraints which need to

be weighed against the priorities and objectives of the company. Cost figures do not

need to be exact or precise, but try to make reasonable estimates when possible. If you

have a source or reference for a cost, that’s great. If not, no problem, but just make it

clear that the cost value is something you came up with. This is not a cost estimation

project, so don’t spend much time on trying to come up with detailed or referenced

cost figures.

Think of the proposed budget as a tool that relates to or is influenced by the priorities

and objectives of the organization. It should be useful for answering questions such as:

– Why two firewalls instead of five (or some other component)? (From the budget,

it can be seen how much three additional firewalls might cost and other ways that

money might be spent to provide better improvements.)

– Given an addition of $X, how would you alter your current proposal to get the

most additional improvement?

– Given a reduction of $Y, how would you alter your current proposal to minimize

impact on security?

Slides

Think of the slides as sort of a “storyboard” or outline for the paper (or an overview if you’ve

already started writing or have finished the paper by the time the slides are due). You should

have enough slides for a 10-12 minute presentation and overview of your proposal. Almost all

of the content should be reusable as part of the paper.

You can structure it as collection of figures, diagrams, tables, etc. where the paper ends

up being a narrative to explain the different elements and to tie them together. Or you can

structure it as an outline with bullet points for key items (which will become paragraphs or

sections of the paper). Or it can be some combination of both.

***NEW SPRING 2019*** Presentations should be submitted as a video or recording

of some sort along with the slides. Presentations exceeding 12 minutes will lose points.

In-class students should be available to answer questions and respond to feedback when their

presentation is played for the class.

Final thoughts

The above items should not be interpreted as a template or checklist for the project paper.

It is just a list of things that can be considered or included. However, if you are not sure

where to start, you can use it as a guide.

This is a design project. There is no single best design that your proposal will be compared

against. It is important to identify what the design needs to address (for the given scenario

and assumptions you make and describe) and then to provide support and context for how

your design and design decisions address these things.

Additional scenario ideas

The original scenario is for an engineering type company. Alternate scenarios could be for

things such as:

• Healthcare (such as a hospital) – where regulatory requirements, such as HIPAA in

the US, might apply. You could consider a range of desktops and workstations used

for various adminstrative roles, patient record and billing systems, and various medical

equipment and devices that may be networked in some way or otherwise connect with

some of the computing infrastructure. Ransomware is a realistic example providing

initial motivation for an assessment of current security practices and proposal for an

improvement plan.

• Financial (such as a community bank) – where regulatory requirements, such as the

Gramm-Leach-Bliley Act in the US, might apply. You could consider things such as

workstations and equipment used by tellers, bank managers, loan officers, etc., ATM

systems, systems storing account information and customer records, servers and web

sites for online and mobile banking and other systems. There are several types and

variants of malware that target banking systems and accounts. Recent incidents could

provide motivation for an assessment of current security practices and proposal for an

improvement plan.

• Industrial setting (such as a power plant) – someplace where things like Industrial

Control Systems (ICS) may be prevalent. These may be on isolated networks but

there may be components or parts of the system that allow for remote access (using

something like a VPN, …or not). Some of the systems involved may be limited in terms

of processing power or other resources and this may provide constraints on the options

available to secure some of the devices at the endpoints (on the devices themselves).

Also, monitoring the integrity of the system and being able to respond quickly may be

of critical importance as well. Some of these environments rely on some less common

or less well known types of communications (such as Zigbee for wireless) which may

impose some limitations or constraints in terms of security options.

If your scenario includes an area where either voluntary industry requirements or mandatory regulatory requirements apply, you can research and include aspects of these requirements.

You do not need to have an in-depth focus on the requirements, but the idea is to include

different aspects relevant to the organization that should be considered. Different aspects

to consider may involve technology, regulations, and core business functions. Your proposal should not focus solely on technical aspects, but should try to take into account the

environment in which it will be applied.

 

“Is this question part of your assignment? We Can Help!”

Assurance Homework was first posted on August 31, 2019 at 11:59 am.
©2019 "Classroom Essays". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at Academicheroes.com

Source link

 

“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

Assurance Homework was first posted on August 31, 2019 at 11:59 am.
©2019 "Academicheroes.com". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at admin@Academicheroes.com.com

 
Looking for a Similar Assignment? Order now and Get 10% Discount! Use Coupon Code "Newclient"