Aircraft solutions course project

Course Project: Security Assessment and Recommendations

Overview | Guidelines | Grading Rubrics | Best Practices

Overview

This course does involve a lot of technical information and theory, but what really matters is how this knowledge can be used to identify and remediate real-world security issues. What you learn in this course should be directly applicable to your work environment. The course project that you will complete is designed to further this goal. In the first part of the project, you will choose an organization from one of two given scenarios (below) and identify potential security weaknesses, and in the second part of the project, you will recommend solutions. The first part of the project is due in Week 3, and the second part of the project, along with the first part (presumably revised based on instructor feedback) is due in Week 6. This project constitutes a significant portion of your overall grade. This is an individual assignment and may not be completed in teams.

Guidelines

Phase I – Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company

In this phase, you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. The scenarios are in Doc Sharing in the Course Project select area. You will then identify potential security weaknesses.

Security weaknesses – You must choose two from the following three areas (hardware, software, and policy – excluding password policies) and identify an item that requires improved security.

To define the asset or policy with sufficient detail to justify your assessment, your assessment must include:

· the vulnerability associated with the asset or policy

· the possible threats against the asset or policy

· the likelihood that the threat will occur (risk)

· the consequences to mission critical business processes should the threat occur

· how the organization’s competitive edge will be affected should the threat occur

To clarify an item that requires improved security, you must identify one of these items:

· one hardware and one software weakness

· one hardware and one policy weakness

· one software and one policy weakness

Other required elements include:

· Cover sheet

· APA-style

· In-text citations and Reference section

· Minimum length 3 pages, maximum length 5 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length.

Phase II: the Course Project (comprised of Phase I and II) – Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company

In this phase of the project you will include Part I (presumably improved as needed based upon Week 3 feedback) and then you will recommend solutions for the security weaknesses you identified in the Phase I.

Definition of the solution – Hardware solutions must include vendor, major specifications with an emphasis on the security features, and location of placement with diagram. Software solutions must include vendor and major specifications, with an emphasis on security features. Policy solutions must include the complete portion of the policy that addresses the weakness identified. Any outsourced solution must include the above details and the critical elements of the service level agreement.

Justification – You must address the efficacy of the solution in terms of the identified threats and vulnerabilities; the cost of the solution, including its purchase (if applicable); and its implementation, including training and maintenance.

Impact on business processes – You must discuss any potential positive or negative effects of the solution on business processes and discuss the need for a trade-off between security and business requirements using quantitative rather than simply qualitative statements.

Other required elements include:

· Cover sheet

· APA-style

· In-text citations and Reference section

· 5 reference minimum

· Minimum length of solutions: 6 pages, maximum length 10 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length.

Grading Rubrics

The course project will consist of two deliverables:

Phase I (Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company); and Phase II: the Course Project (comprised of Phases I and II - Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company).

The grading standards for each deliverable are as follows:

Phase I (Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company)

Category

Points

Description

Security Weaknesses

 80

Identifies two plausible and significant weaknesses from required list (hardware, software, policy). Includes realistic vulnerability(s) associated with the asset or policy, plausible and likely threats against the asset or policy, an estimation of the likelihood that the threat will occur (risk), the consequences to mission critical business processes should the threat occur, and how the organization’s competitive edge will be affected should the threat occur.

Presentation

 20

Writing quality and flow demonstrates a graduate-level writing competency and does not contain misspellings, poor grammar, incorrect punctuation, and questionable sentence structure (syntax errors).

Total

100

A quality paper will meet or exceed all of the above requirements.

Phase II – the Course Project (comprised of Phase I and II) – Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company

Category

Points

Description

Security Weaknesses

 60

Identifies two plausible and significant weaknesses from required list (hardware, software, policy). Includes realistic vulnerability(s) associated with the asset or policy, plausible and likely threats against the asset or policy, an estimation of likelihood that the threat will occur (risk), the consequences to mission critical business processes should the threat occur, and how the organization’s competitive edge will be affected should the threat occur

Definition of Solution

 30

Includes vendor and major specifications, and identifies the relevant security features as related to the weakness identified. If hardware, includes location of placement with diagram. Policy solutions include the complete portion of the policy that effectively address the weakness identified. Any outsourced solution must include the above details and the critical elements of the service level agreement.

Justification

 30

Demonstrates the efficacy of the solution in terms of the identified threats and vulnerabilities. Includes complete costs, including purchase, implementation, training, and maintenance as needed.

Impact on Business Processes

 25

Addresses plausible, potential positive, or negative effects on business processes. Discusses trade-off between security and business requirements using quantitative statements.

Presentation

 25

Writing quality and flow demonstrates a graduate-level writing competency and does not contain misspellings, poor grammar, incorrect punctuation, and questionable sentence structure (syntax errors).

Total

 170

A quality paper will meet or exceed all of the above requirements.