Nt2580 project part 2

NT2580

Project

1

PROJECT DESCRIPTION

Project Introduction:

The components that make up cyberspace are not automatically secure. This includes cabling, physical

networks, operating systems, and software applications that computers use to connect to the Internet. There

is a raging information security war. The goal is to protect systems, applications, and business information.

Therefore, IT is in great need of proper security controls.

For this project, you will create an outline of a multilayered security strategy for a fictitious financial

organization, and then identify security challenges and suggest proper security controls for the company’s

information systems environment. This project provides you an opportunity to apply the competencies gained

in various lessons of this course to identify security challenges and apply strategies of countermeasures for

information systems.

Successful completion of this project will ensure that you are able to do the following:

Understand information systems security (ISS) fundamentals including the definition of terms,

concepts, elements, and goals.

Understand the purpose of a multilayered security strategy.

Incorporate industry standards and practices with a focus on the confidentiality, integrity, availability,

and vulnerabilities of information systems.

Fulfill the role of a security professional implementing proper security controls in a specific business

situation.

This project is assigned to you in Week 1 and is due for submission in two parts: Part 1 is due at the end of

Week 3 and Part 2 is due in Week 6.

Course Objectives Tested: All Course objectives

NT2580

Project

2

PROJECT SUBMISSION PLAN

Project

Part

Description/Requirements of Project Evaluation

Criteria

Project

Part 1

Assessment Preparation Checklist:

1. Complete all weekly lessons before submitting the project.

2. Ensure that you have conducted sufficient research before

finalizing the project for submission.

3. Do not confine your learning experience to the textbook. Refer to

the ITT Tech Virtual Library and the Internet, if necessary.

Title: Multi-Layered Security Plan

You are a network security specialist at Richman Investments, a mid-level

financial investment and consulting firm. The Richman corporate

headquarters is located in Phoenix, Arizona. Currently, there are eight

branch offices in:

Atlanta, Georgia

Chicago, Illinois

Cincinnati, Ohio

Denver, Colorado

Los Angeles, California

Montreal, Canada

New York City, New York

Washington, D.C.

You received an e-mail from your supervisor stating that you need to

create an outline of the general security solutions planned for the safety

of data and information that belongs to the organization. You are told that

every month, the networking division needs to submit a report to the

senior management about the security plan for the month, and your

outline will become a part of that report.

You need to research the elements of a multilayered security plan and to

create a detailed outline. Your outline should indicate one or more

general security solutions for each of the seven domains of a typical IT

infrastructure.

Your instructor will

consider the

following points for

evaluating your

performance in

this assessment:

Have you

included

several

applicable

layers for the

plan?

Have you

described at

least one layer

of security for

each of the

seven

domains?

Have you

conducted

adequate

independent

research for

the report?

Have you

used citations

and noted

professional

resources?

NT2580

Project

3

Project

Part

Description/Requirements of Project Evaluation

Criteria

Submission Requirements:

Submit your outline in the form of a two-page Microsoft Word document,

double-spaced, using APA format. Send the document to your instructor

as an attachment through the Questa Learning Plan.

Due: Week 3

Grading Weight: 10%

Have you

submitted this

part of the

project on

time?

Project

Part 2

Assessment Preparation Checklist:

1. Complete the readings for all weeks before submitting Project

Part 2.

2. Complete all weekly lessons before submitting Project Part 2.

3. Ensure that you have conducted sufficient study before

submitting Project Part 2.

Title: Detailed Proposal

Continuing the Richman Investments scenario explained in Part 1 of this

project, the offices have a total of 5,000 employees, and the office

technology inventory includes desktops, mobile computers, and wireless

devices. There is a mix of computers running Windows XP, Windows

Vista, Windows 7, and Mac OS X. Most of the managers have BlackBerry

devices for instant communication, and all employees are provided cell

phones. A Windows Active Directory forest with domains is set up for

each office, and seven file and print servers are located in the Phoenix

office. The Phoenix office also contains two proxy servers, configured as

an array, that provide Web cache services and Internet access control for

the organization. The majority of applications are Web-based and hosted

from the Phoenix office.

The Phoenix office has an Internet connection to all the remote offices,

and the redundancy is extremely important to the company. There are

several sensitive applications that all offices use. The management from

each office shares application information that is hosted at the corporate

office for accounting and reporting purposes.

Your instructor will

consider the

following points for

evaluating your

performance in

this assessment:

Have you

documented

the

vulnerabilities,

methods, and

controls

effectively?

Have you

provided

proper

rationale for

your solution

choices?

Have you

conducted

adequate

independent

research for

the report?

NT2580

Project

4

Project

Part

Description/Requirements of Project Evaluation

Criteria

All employees have Internet access. There is no policy on the use of

removable media. Recently several of the branch offices have

encountered issues with malware.

Richman hosts an intranet for employees to access information about the

company and to enroll in company benefits programs. Richman also

hosts an extranet for its business partners.

Due to many recent technology and process improvements within

Richman, the corporate security policy is out of date, and each branch

office policy differs.

Tasks

You must submit a proposal to Richman’s senior management addressing

two of the points based on the following premises:

1. Richman has 5,000 employees throughout the main office and

several branch offices, therefore you must research solutions and

detail the appropriate access controls, including policies,

standards, and procedures that define who the users are, what

they can do, which resources they can access, and which

operations they can perform on a system.

2. Most of the managers have BlackBerry devices for instant

communications and all employees are provided cell phones,

therefore you must research and detail the cryptography methods

to protect organizational information using techniques that ensure

the information’s integrity, confidentiality, authenticity, and

nonrepudiation, and the recovery of encrypted information in its

original form.

3. There is a mix of computers running Windows 2000, Windows

XP, Windows Vista, Windows 7, and Mac OS X, therefore you

must research and devise a plan to thwart malicious code and

Have you

used citations

and noted

professional

resources?

Have you

submitted this

part of the

project on

time?

NT2580

Project

5

Project

Part

Description/Requirements of Project Evaluation

Criteria

activity by implementing countermeasures and prevention

techniques for dealing with viruses, worms, logic bombs, Trojan

horses, and other related forms of intentionally created deviant

code.

4. All employees have Internet access to browse the Web, there is

no policy on the use of removable media, and several of the

branch offices have encountered issues with malware recently,

therefore you must research and formulate a plan to implement

monitoring and analysis. You must determine system

implementation and access in accordance with defined IT criteria

as well as how to collect information for identification of and

response to security breaches or events.

5. Richman hosts an intranet for employees to access information

about the company and enroll in company benefits programs, and

that Richman also hosts an extranet for its business partners,

therefore you must research and devise a method to secure

networks and communications. This should include the network

structure, transmission methods and techniques, transport

formats, and security measures used to operate both private and

public communication networks.

6. The Phoenix office contains two proxy servers configured as an

array, which provide Web cache services and Internet access

control for Richman, and the majority of applications are Web-

based and hosted from the Phoenix office, therefore you must

assess risk, response, and recovery. Conduct a review of the

implementation processes essential to the identification,

measurement, and control of loss associated with uncertain

events.

7. The corporate security policy is out of date and each branch

office policy differs, therefore you must research and define

security operations and administration, including the identification

of information assets and documentation of policies, standards,

NT2580

Project

6

Project

Part

Description/Requirements of Project Evaluation

Criteria

procedures, and guidelines that ensure confidentiality, integrity,

and availability.

Write the proposal as detailed in the instructions above. Create a

professional, well-developed proposal with proper documentation,

grammar, spelling, and punctuation. In addition, document the

vulnerabilities, methods, and controls effectively.

Submission Requirements:

Submit your proposal in the form of a six- to eight-page Microsoft Word

document, double-spaced, using APA format. Send the document to your

instructor as an attachment through the Questa Learning Plan.

Due: Week 6

Grading Weight: 10%

End of Project Description