Project Homework: Methodology Development Analysis

Overview

This part of the project develops the methodology and begins analysis of the information security solution. The problem statement, project scope, risk analysis, and literature review performed in the Project: Problem Identification Homework must justify the selection of the elements that require analysis for the final fault-tolerant security solution. For example, if the final solution requires a network security solution, an analysis may begin by evaluating the network architecture diagram in Project: Problem Identification Homework.

Instructions

Segments of the network must be assessed, such as all local node connections in the LAN (e.g. local processes, local devices, local data storage), as well as other connections to the LAN (e.g. network gateways, WANs, wireless APs, network control resources, network databases, cloud integrations). The environment and architecture must justify the analysis of the coinciding threats. A few of the many network threats you could analyze (but are certainly not limited to) are DDS, session hijacking, parameter modification, server-side includes, addressing errors, message integrity, protocol flaws, reconnaissance, impersonation, wiretapping, malicious active code, connection flooding, man-in-the-middle, spoofing, misdelivery, redirection, and/or other transmission failures. The analysis in the latter example must identify any targets such as confidentiality, integrity, or availability and the coinciding vulnerability such as impersonation, protocol flaw, or misdelivery.

This is just an example given for a network security project and in no way limits the outcomes. The review of literature and detailed analysis of the system or application will determine the primary deliverables. Each requires objective justification for credit.

It is critical to identify the proper targets and vulnerabilities to ensure the fault tolerant security design includes the appropriate correlated controls. For example, if the target is confidentiality, and the vulnerability is misdelivery, an appropriate control solution to design could be encryption. If the target is availability, and the target is a DNS attack, an appropriate control solution to design could be an intrusion detection system (IDS), access control list, and honeypot.

At the minimum, this phase of the project must include:

A) Executive summary, introduction, and conclusion

B) Methodology (must be supported by relevant and current research from scholarly, peer-reviewed journals)

1) Approach(es) for the information security analyses and design

a) Organizational security structure
b) System, computing, network, or application architecture
c) Security models that will be utilized

2) How the data will be gathered to objectively analyze the solution

a) System evaluation method

3) Limitations of the analysis

a) Security threats and risks inside the scope that need to be addressed
b) Security threats and risks outside the scope

C) Synthesis review of literature to support analysis decisions

1) Analysis of the proper solution

a) Targets of the attack
b) Vulnerabilities
c) Controls

2) Create the appropriate correlated diagrams

3) Detail the results of the analysis

D. Diagram examples in this phase could include but are not limited to:

1) Advanced system and/or network architecture diagrams

2) Use case, activity, class, system sequence, and/or state machine diagrams

3) Fault tree

4) Access control matrix

5) Authentication, traffic, and/or data map

6) Dataflow diagrams (DFD)

7) CPU/Memory/OS buffer, segmenting, address, and/or data bus mappings

8) NOTE: A minimum of 5 diagrams exist that accurately analyze a secure system, network, and/or application solution. Within EACH of the 5 diagrams, a minimum of 10 elements exist that accurately detail analysis of the environment that needs securing (Note, if 10 elements are not necessary in a diagram add diagrams as needed to sufficiently meet this requirement). Each diagram is thoroughly developed based upon existing architecture and/or applications. Each diagram meets the associated technical requirements, programming language, notations, formatting, and modeling rules of the language (e.g. UML), industry standards for the diagram, and/or literature review. Analysis and design diagrams must have an associated industry standard that is widely accepted to be recognized (e.g. UML).

Each diagram must be justified by the literature review. In other words, if the plan secures an object-oriented language such as Java, the Java Virtual Machine must be properly analyzed from the class loader to the applet security manager. Analysis and associated diagrams must parallel the proper notations, formatting, and modeling rules and standards outlined in the prior IT infrastructure and systems analysis and design. These must align with peer-reviewed journal research as well as industry best practices.

Format your homework according to the following formatting requirements:

(1) The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.

(2) The response also includes a cover page containing the title of the homework, the student's name, the course title, and the date. The cover page is not included in the required page length.

(3) Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.