Discuss how various components will be implemented, Management Information Sys

+44 141 628 6080
[email protected]

Discuss how various components will be implemented

Information Assurance Assignment

• Presentation slides/video
• Final report paper

Scenario

Several computers in your company have recently been compromised. It was discovered that the company network had been under attack for several months. However, these attacks had not been previously detected. The attackers exploited both network and host vulnerabilities.

The head of your company decides that security needs to be improved. The company network should be modified to prevent a majority of further attacks. Attacks that cannot be prevented should be at least detected. However, solutions for tolerating undetected attacks should also be envisioned. The head of the company tasks you to come up with a plan. A rough estimate of the maximum cost of this task is: $500K for equipment and software and at least 1 full-time security administrator (first year salary only included in initial estimate). However, the head of your company indicates that these numbers could change based on your proposal. Your goal is to propose the best plan that would provide the best level of security for adequate cost and resources.

The company already has a network of Linux computers for scientific research and a network of Windows computers for administrative tasks. Both networks should be made more secure. Both networks should also be able to securely communicate. Additionally, the company relies on its web server to advertise and sell some of its products, as well as providing a customer support portal.

Write a paper of 17-20 pages (double-spaced) on the security solution you would recommend. Be sure to explain why your solution provides the best level of security for the given scenario and constraints. Assess the cost and the required resources of your solution.

Purpose/objective

View the problem as if you've just been designated head of information security for the organization or you've been hired as a consultant to evaluate and propose a solution.

1. The scenario description has some information, but you will likely need to or will want to assume additional things to help define the problem. Please discuss and/or clearly state any assumptions being made.

Comments

Some things you'll probably need to do:

• Identify, describe, and document the current state of things and start to define the problem and scope to be addressed. This may include:

- Identifying and/or speculating likely causes or issues relating to the recent compromises.

• Identify/list/describe some or all of the objectives a proposed solution should try to meet or address. Discuss how the objectives might be prioritized in the context of the company's core business operations. (Does it matter if it's a financial, medical, engineering, education, etc. type company? If so, you may want to indicate what the company does and how this may affect priorities.)

• Identify what kinds of things (equipment, personnel, policies, procedures, etc.) may already be in place or available (and perhaps not being fully utilized) and can be improved upon. Identify where there may be gaps or aspects that are currently not being addressed.

• Propose a plan to address and improve security. Discuss how various components will be implemented and how they are expected to improve the current state of things.

• Discuss if there are ways to measure or gauge if the implemented changes help or improve security. Also consider if implemented changes may also affect other operational aspects of the company (either positively or negatively) and whether or not this can be measured or estimated in some way.

• Discuss if there are alternatives to some of the components in the proposed plan and if or when the alternatives might be considered or why the alternatives are not a good fit for the organization and its operations. You can consider alternative components or alternative implementations of components. For example, you may decide a firewall or IDS should be part of the proposal, however, there may be different places where a firewall or IDS might be placed depending on what should be protected or other factors.

• While it is unlikely you would need to discuss or use some of the formal models covered, there are aspects of them that may be applicable. For example, if a company deals with sensitive information, you may want to cover how it could be compartmentalized to minimize the impact from any future compromises. Does the company need to be concerned about conflicts of interests regarding clients? If so, how can this be handled internally?

• The cost constraint is included because there will be resource constraints which need to be weighed against the priorities and objectives of the company. Cost figures do not need to be exact or precise, but try to make reasonable estimates when possible. If you have a source or reference for a cost, that's great. If not, no problem, but just make it clear that the cost value is something you came up with. This is not a cost estimation project, so don't spend much time on trying to come up with detailed or referenced cost figures.

Think of the proposed budget as a tool that relates to or is influenced by the priorities and objectives of the organization. It should be useful for answering questions such as:

- Why two firewalls instead of five (or some other component)? (From the budget, it can be seen how much three additional firewalls might cost and other ways that money might be spent to provide better improvements.)

- Given an addition of $X, how would you alter your current proposal to get the most additional improvement?

- Given a reduction of $Y, how would you alter your current proposal to minimize impact on security?

Slides

Think of the slides as sort of a "storyboard" or outline for the paper (or an overview if you've already started writing or have finished the paper by the time the slides are due). You should have enough slides for a 10-12 minute presentation and overview of your proposal. Almost all of the content should be reusable as part of the paper.

You can structure it as collection of figures, diagrams, tables, etc. where the paper ends up being a narrative to explain the different elements and to tie them together. Or you can structure it as an outline with bullet points for key items (which will become paragraphs or sections of the paper). Or it can be some combination of both.

Presentations should be submitted as a video or recording of some sort along with the slides. Presentations exceeding 12 minutes will lose points.

In-class students should be available to answer questions and respond to feedback when their presentation is played for the class.

Thoughts

The above items should not be interpreted as a template or checklist for the project paper. It is just a list of things that can be considered or included. However, if you are not sure where to start, you can use it as a guide.

This is a design project. There is no single best design that your proposal will be compared against. It is important to identify what the design needs to address (for the given scenario and assumptions you make and describe) and then to provide support and context for how your design and design decisions address these things.

Additional scenario ideas

The original scenario is for an engineering type company. Alternate scenarios could be for things such as:

• Healthcare (such as a hospital) - where regulatory requirements, such as HIPAA in the US, might apply. You could consider a range of desktops and workstations used for various adminstrative roles, patient record and billing systems, and various medical equipment and devices that may be networked in some way or otherwise connect with some of the computing infrastructure. Ransomware is a realistic example providing initial motivation for an assessment of current security practices and proposal for an improvement plan.

• Financial (such as a community bank) - where regulatory requirements, such as the Gramm-Leach-Bliley Act in the US, might apply. You could consider things such as workstations and equipment used by tellers, bank managers, loan officers, etc., ATM systems, systems storing account information and customer records, servers and websites for online and mobile banking and other systems. There are several types and variants of malware that target banking systems and accounts. Recent incidents could provide motivation for an assessment of current security practices and proposal for an improvement plan.

• Industrial setting (such as a power plant) - someplace where things like Industrial Control Systems (ICS) may be prevalent. These may be on isolated networks but there may be components or parts of the system that allow for remote access (using something like a VPN, ...or not). Some of the systems involved may be limited in terms of processing power or other resources and this may provide constraints on the options available to secure some of the devices at the endpoints (on the devices themselves).

Also, monitoring the integrity of the system and being able to respond quickly may be of critical importance as well. Some of these environments rely on some less common or less well known types of communications (such as Zigbee for wireless) which may impose some limitations or constraints in terms of security options.

If your scenario includes an area where either voluntary industry requirements or mandatory regulatory requirements apply, you can research and include aspects of these requirements.

You do not need to have an in-depth focus on the requirements, but the idea is to include different aspects relevant to the organization that should be considered. Different aspects to consider may involve technology, regulations, and core business functions. Your proposal should not focus solely on technical aspects, but should try to take into account the environment in which it will be applied.

Format your assignment according to the following formatting requirements:

1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.

2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.

3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.

Request for Solution File

Ask an Expert for Answer!!

Management Information Sys: Discuss how various components will be implemented

Reference No:- TGS02988571

Have a Question? (oR Write a Review)

Recent Questions Asked Management Information Sys

Q : Analyze how you see yourself fitting into the iom future

Q : Discuss what activities involved in disaster recovery plan

Q : Why is the given effort necessary

Q : What additional considerations and challenges are involved

Q : Discuss how various components will be implemented

Q : Critique the practice of offering rewards

Q : Discuss the five principles for delivering value

Q : Describe the specific steps that you must perform

Q : How the transition to an electronic health record has impact

How would you define altruism

What are the key truths god intends to communicate

What are your thoughts on the health message

Illustrate what corduan says about witnessing to buddhists

Compare the different understandings of chaos

Explain ropkes thought

Providing care that respects others spiritual and religious