Student Solution

-->

"Education is the most powerful weapon which you can use to change the world”
– Nelson Mandela

1 University

1 Course

2 Subjects

Week 6 Structured External Assignment

Week 6 Structured External Assignment

Q Project Overview: You have been hired as consultants to design and implement a security initiative for an expanding global eCommerce corporation with two websites and locations in New York and London. There are currently about 300 employees in the company. In the next three months, the corporation will be acquiring another company in a different line of business with plans to offer products for sale online. This new company is in Paris and will have a Research and Development (R&D) and a Sale Dept., with a total of 150 to 200 employees. They will create new products and sell it online. Part of your role would be to recommend the best way for integrating both environments. However, not much information is available about the IT setup for the company being acquired. The other company might even have a mix of different operating environment – it is unclear since the IT staff in that company is not very communicative. Some critical staff members in the other company are not happy with the upcoming merger and have sworn to be as uncooperative as possible. The Network Manager for the other company is a difficult personality. There are plans to fire him but unfortunately, he is the only one who knows the network architecture completely and he is not willing to share. You must find out everything about the new environment and propose specifics on how to seamlessly integrate both Enterprise Level environments. In the initial conversation with executives of the global company, you realize that the company does not have a security policy. After much discussion, they have agreed that you should come up with a detailed security policy customized for the company. In a follow-up meeting with the executives and IT staff of the global corporation, you were also assigned the task of identifying: • Two (2) security audit tools (vulnerability/web scanners). • Two (2) intrusion detection systems. • Two (2) network firewall products that would be suitable for the global company. • Two (2) automated network asset inventory tools to know what exists at the new location and determine what will be integrated into the merged company. • You are to test and describe the features of selected security solutions. • Indicating (a) which you prefer and (b) providing convincing rationale for why you prefer a specific solution in each category. In other words, you are to evaluate two products for each category and recommend one, giving the reasons for your choice. Salient points: The new corporate acquisition will increase the total number of computers under you IT department’s care to about 1,000 computers and network devices. The exact number is not clear: Even the management at the other company is not sure of the number of systems in that network because of the difficulty in finding out the specifics about the company being acquired. From the little information that has been gleaned from the other company, it appears to run a mixture of a peer-to-peer network and the domain model. Part of the decision you would have to make would be how the integrated environments would be networked: You have been given the discretion to come up with the design and budget (subject to approval, of course) for the overall security initiative and covering: • The security policy. • Network audit to determine what devices and data are being protected. • Seamless integration between the merging companies. • Recommendation for IDS system(s). • Recommendations for security audit tools (web/vulnerability scanners). • Recommendation for network firewall device(s). Deliverables for the Project: 1. The Security Policy Document (You can adapt an Acceptable Use Policy document from www.sans.org). 2. Plus, a minimum of eight-page (8) paper in APA format in Microsoft Word, double-spaced describing how you would go about implementing the overall security initiative for the company. • o A 1-page summary of your overall strategy. o A 1-page of network audit to determine what devices and data are being protected. o A 1-page of information security-related recommendations for integrating both corporate enterprise environments. o A 1-page for the Intrusion Detection System (evaluate two different products and recommend one, giving the reasons for your choice). Consider HIDS/NIDS & IDPS. o A 1-page for the web/vulnerability scanners (evaluate two different products and recommend one, giving the reasons for your choice. o A 1-page for the network firewall devices (evaluate two different products and recommend one, giving the reasons for your choice). o A 1-page of your overall conclusions showing demonstrating you grasp of information security best practices and current trends. o A network diagram of all components in a logical layout. o A 1-page of Scholar/Product APA references. 3. A 10-minute PowerPoints or Prezi presentation of your project. Note: Use a Microsoft Visio diagram to show how the deliverables are related. Microsoft Visio is available to you through our College of Technology’s Academic Alliance with Microsoft. If you haven’t taken advantage of this Academic Alliance yet, let your instructor know so you can get access. Additional FYI to be considered • Factor in the cost per item with a total cost for your project. • Consider any barriers to your project. For example: Communication, language, and especially the Network Manager. Explain how you mitigate this problem. • Do a complete Inventory of your Asset (hardware, software, and people) as possible. • Consider the current and future needs of the organization. • How would you Hardened your new system? • Physical and environmental security control systems. • Business Continuity Plan/Disaster Recovery Plan. • Is your new security policy reviewed by legal staff? • Is your new security policy signed by CEO? • Who will conduct your security training? Attachments • SEC 410 SEA Project Overview • APA Paper Template Word document • SEC410 Web and Data Security Assessment Rubric Rubric COT SEC 410 SEA Assignment Rubric OA COT SEC 410 SEA Assignment Rubric OA Criteria Ratings Pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Topic Development OA Topic development and assignment criteria. threshold: 8.0 pts 10 pts Excellent (Extremely well organized and easy to read. Clear, logical and focused with no evidence of "padding". All the assignment criteria were followed.) 8.7 pts Good (Well organized, clear and Precise presentation of ideas. Most of the assignment criteria were followed.) 7.8 pts Satisfactory (Somewhat well organized and focused. Moderate use of assignment criteria. Demonstrates some understanding of assignment.) 6.9 pts Emerging (Minimal organization. Lacks clarity and exhibits imprecise use of language. Minimal use of assignment criteria. Demonstrates little understanding of assignment.) 0 pts Unsatisfactory (Paper lacks organization clarity and focus. Assignment criteria not followed.) 10 pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Technical Knowledge OA Demonstrate technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field. threshold: 20.0 pts 25 pts Excellent (Demonstrate advanced technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field) 21.75 pts Good (Demonstrate above average technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field.) 19.5 pts Satisfactory (Demonstrate acceptable technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field.) 17.25 pts Emerging (Demonstrates minimal technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field.) 0 pts Unsatisfactory (Does not demonstrate technical knowledge in Information Assurance necessary to prepare for an entry level position in the Computer and Network Security field.) 25 pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Analysis Analyze requirements for Information Security projects using best practices and current methodologies. threshold: 20.0 pts 25 pts Excellent (Provides advanced analysis of the requirements for Information Security projects using best practices and current methodologies.) 21.75 pts Good (Provides above average analysis of the requirements for Information Security projects using best practices and current methodologies.) 19.5 pts Satisfactory (Provides acceptable analysis of the requirements for Information Security projects using best practices and current methodologies.) 17.25 pts Emerging (Provides minimal analysis of the requirements for Information Security projects using best practices and current methodologies.) 0 pts Unsatisfactory (Does not analyze requirements for Information Security projects using best practices and current methodologies.) 25 pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Process OA Employ the process used to analyze, design, implement, test and deliver Information Assurance projects. threshold: 8.0 pts 10 pts Excellent (Employ at an advanced level the process used to analyze, design, implement, test and deliver Information Assurance projects.) 8.7 pts Good (Employ beyond average the process used to analyze, design, implement, test and deliver Information Assurance projects.) 7.8 pts Satisfactory (Employ an acceptable level of the process used to analyze, design, implement, test and deliver Information Assurance projects.) 6.9 pts Emerging (Employs few of the process used to analyze, design, implement, test and deliver Information Assurance projects.) 0 pts Unsatisfactory (Does not employ the process used to analyze, design, implement, test and deliver Information Assurance projects.) 10 pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Best Practices OA Demonstrate knowledge of best practices used to manage Computer and Network Security projects threshold: 20.0 pts 25 pts Excellent (Demonstrates advanced knowledge of best practices used to manage Computer and Network Security projects) 21.75 pts Good (Demonstrate above average knowledge of best practices used to manage Computer and Network Security projects) 19.5 pts Satisfactory (Demonstrates acceptable knowledge of best practices used to manage Computer and Network Security projects) 17.25 pts Emerging (Demonstrate minimal knowledge of best practices used to manage Computer and Network Security projects) 0 pts Unsatisfactory (Does not demonstrate knowledge of best practices used to manage Computer and Network Security projects) 25 pts This criterion is linked to a Learning OutcomeCOT SEC 410 SEA - Sources OA Presents appropriate analysis and content from good sources. threshold: 4.0 pts 5 pts Excellent (In-depth analysis. Exceptional amount of data presented. Exceptional critical thinking skills.) 4.35 pts Good (Ample amount of data used in presentation of analysis. Clear evidence of critical thinking provided) 3.9 pts Satisfactory (Moderate amount of data presented as a foundation for analysis. Adequate analysis.) 3.45 pts Emerging (Use minimal data and examples. Limited analysis) 0 pts Unsatisfactory (Weak analysis. No use of data to support analysis) 5 pts Total Points: 100 PreviousNext

View Related Questions

Solution Preview

The guiding doctrine for this proposal will be based on the CIA triad of Confidentiality, Integrity and Availability. This strategy will also incorporate proven methods like defense in depth and the layered security approach. Layered security is an old yet proven approach to defense in general and throughout history has been applied from warfare to modern day cyber security. Define network perimeter Network administrators should know the full layout of their entire network including every node (Buecker et al., 2008). This will help establish the perimeter boundaries. Being that networks are dynamic in nature; this process should be repeated multiple times a year to ensure the highest-level of accuracy.