Note: The selected organization must have a need for network security as part of its operations. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of the organization selection.
The project deliverables are the following:
Submission of the proposed organization to the instructor for approval
Network Security Plan document shell
Use Word
Title Page
Course number and name
Project name
Student name
Date
Table of Contents (TOC)
Auto generated TOC
Separate page
Maximum of 3 levels deep
Before submitting your project, update the fields of the TOC so it is up-to-date.
Section Headings (Create each heading on a new page with TBD as the content, except for sections listed under New Content).
Project Outline
Overview of Network and Existing Security
Provide an overview of the existing network architecture, including the following:
· Description of the network
· The topology
· Protocols allowed
· Connectivity methods
· Network equipment
· Number of routers, switches, and any other network equipment, such as VPN concentrators, proxies, etc.
· A summary of the current security devices in use on the network
Risk Assessment Section
Conduct an inventory of devices within the chosen organization's network using appropriate tools.
Provide a summary of the number of desktops, laptops, network printers, and servers.
· Identify key assets.
· Assets also include records and sensitive information that requires special protection.
Prioritize each asset or group of assets, and assign a value to each.
Create a subsection that will identify and describe the risks within the environment.
· Do not forget natural disasters.
· Include the likelihood that the risk could occur.
Security Architecture Plan
Identify and select appropriate technologies to protect against the risks that were identified, and provide an explanation as to why the technology was chosen.
Describe where you plan to place these technologies within the network and why.
· The plan should cover all layers of the OSI model.
Identify additional software that will be required to monitor the network and protect key assets.
Identify any security controls that need to be implemented to assist in mitigating risks.
Mitigate all of the risks that were identified during the assessment phase.
Security Policies
· Identify what written polices need to be created for your organization.
· For each policy, you will address how you plan to monitor the policy.
· For each policy, you will provide what you feel the appropriate punishment should be for violators. These punishments must be able to be enforceable, not just a threat.
· For each policy, you will identify a timetable for when each policy should be reviewed and updated and who will do the review.
· The second task this week is to prepare for how you would handle an incident. It is best to have a thorough, rehearsed plan to be prepared for a potential incident. This will help to limit the damage and it will help recovery afterward. You will create an Incident Response section of 2-3 pages that includes the actions that need to occur when an incident is in progress.
The following are the second task's deliverables:
Incident Response Section
Identify the process of how your organization will identify an incident.
Identify the process for classifying the incident.
· What are the criteria for each classification within the organization?
Identify what the response will be for each classification identified.
Identify a general plan to recover from the incident.
Identify a process for evaluating the incident response plan after each incident has been mitigated.
Implementation Plan
· Develop a plan to implement the security controls and policies that you identified in previous sections.
· Develop a plan to implement new security devices and modify existing security devices that are required to monitor the network and the polices that were created or updated.
· Describe how these controls, policies, and security devices have addressed the key security areas of confidentiality, integrity, authentication, authorization, and nonrepudiation cryptographic services.
Network Security Plan
· Revise the entire document, and make any necessary changes and improvements.
· Ensure that the final version is sufficiently detailed to allow the organization to confidently move forward with the implementation of the security controls and devices based upon your recommendations.
· Previous instructor feedback should be addressed with appropriate changes.
Network Security Plan
This course has been composed of a series of Individual Project assignments that have contributed to a Key Assignment submission at the end of the course. Each week, you have completed a part of a network security plan. The full Key Assignment should include the following tasks:
Overview of Network and Existing Security
Select an organization as the target for the analysis.
Provide an overview of the organization's existing network architecture.
The overview will include description of the network, the topology, protocols allowed, connectivity methods and network equipment, number of routers, switches, and any other network equipment, such as VPN concentrators, proxies, etc.
Provide a summary of the current security devices currently in use on the network.
List the type of device, the vendor, and give a brief description of how the device is used.
Risk Assessment
Conduct an inventory of the devices within your network. Provide a summary of the number of desktops, laptops, network printers, and servers.
Identify key assets
Assets also include records and sensitive information that requires special protection.
Prioritize each asset or group of assets, and assign a value to each.
Identify and describe the risks within your environment.
Do not forget natural disasters.
Determine the likelihood that the risk could occur.
Identify the tools and methodology that you would use to conduct the risk assessment.
Security Architecture Plan
Based upon the risk assessment and your analysis, create an action plan to mitigate the risks that you have identified.
Identify and select appropriate technologies to protect the network and the organization's information, and explain why you chose each technology.
Describe where you plan to place these technologies in the network, and explain why.
The plan should cover all layers of the OSI model.
Identify additional software that will be required to monitor the network and protect key assets.
Identify security controls that need to be implemented to assist in mitigating risks.
Security Policies
Create the Key Assignment first draft for peer review.
Continue the development of the plan.
Create a fourth section in the plan to list all of the policies you would have for your organization and a brief description of what each policy will contain.
Each policy will address how you plan to monitor the policy and what the appropriate punishments should be for violators.
Provide a timetable for when these policies should be reviewed and updated.
Continue development of the Network Security Plan with an Incident Response Plan of 2-3 pages.
Include the actions that need to occur when an incident is in progress.
Include how your organization will identify and classify incidents, what the response will be, and the plan to recover.
Implementation and Incident Response
Analyze previous submissions, and make changes as necessary to the final paper.
Submit a detailed implementation plan of 4-5 pages that will describe your proposed solution for the implementation of the Network Security Plan for the organization.
This is the last and final section of the Key Assignment and should bring together all aspects of the implementation in one cohesive paper.
Revise the previous sections so that the entire plan flows and has a strong introduction and conclusion.