NT2580
Project
1
PROJECT DESCRIPTION
Project Introduction:
The components that make up cyberspace are not automatically secure. This includes cabling, physical
networks, operating systems, and software applications that computers use to connect to the Internet. There
is a raging information security war. The goal is to protect systems, applications, and business information.
Therefore, IT is in great need of proper security controls.
For this project, you will create an outline of a multilayered security strategy for a fictitious financial
organization, and then identify security challenges and suggest proper security controls for the company’s
information systems environment. This project provides you an opportunity to apply the competencies gained
in various lessons of this course to identify security challenges and apply strategies of countermeasures for
information systems.
Successful completion of this project will ensure that you are able to do the following:
Understand information systems security (ISS) fundamentals including the definition of terms,
concepts, elements, and goals.
Understand the purpose of a multilayered security strategy.
Incorporate industry standards and practices with a focus on the confidentiality, integrity, availability,
and vulnerabilities of information systems.
Fulfill the role of a security professional implementing proper security controls in a specific business
situation.
This project is assigned to you in Week 1 and is due for submission in two parts: Part 1 is due at the end of
Week 3 and Part 2 is due in Week 6.
Course Objectives Tested: All Course objectives
NT2580
Project
2
PROJECT SUBMISSION PLAN
Project
Part
Description/Requirements of Project Evaluation
Criteria
Project
Part 1
Assessment Preparation Checklist:
1. Complete all weekly lessons before submitting the project.
2. Ensure that you have conducted sufficient research before
finalizing the project for submission.
3. Do not confine your learning experience to the textbook. Refer to
the ITT Tech Virtual Library and the Internet, if necessary.
Title: Multi-Layered Security Plan
You are a network security specialist at Richman Investments, a mid-level
financial investment and consulting firm. The Richman corporate
headquarters is located in Phoenix, Arizona. Currently, there are eight
branch offices in:
Atlanta, Georgia
Chicago, Illinois
Cincinnati, Ohio
Denver, Colorado
Los Angeles, California
Montreal, Canada
New York City, New York
Washington, D.C.
You received an e-mail from your supervisor stating that you need to
create an outline of the general security solutions planned for the safety
of data and information that belongs to the organization. You are told that
every month, the networking division needs to submit a report to the
senior management about the security plan for the month, and your
outline will become a part of that report.
You need to research the elements of a multilayered security plan and to
create a detailed outline. Your outline should indicate one or more
general security solutions for each of the seven domains of a typical IT
infrastructure.
Your instructor will
consider the
following points for
evaluating your
performance in
this assessment:
Have you
included
several
applicable
layers for the
plan?
Have you
described at
least one layer
of security for
each of the
seven
domains?
Have you
conducted
adequate
independent
research for
the report?
Have you
used citations
and noted
professional
resources?
NT2580
Project
3
Project
Part
Description/Requirements of Project Evaluation
Criteria
Submission Requirements:
Submit your outline in the form of a two-page Microsoft Word document,
double-spaced, using APA format. Send the document to your instructor
as an attachment through the Questa Learning Plan.
Due: Week 3
Grading Weight: 10%
Have you
submitted this
part of the
project on
time?
Project
Part 2
Assessment Preparation Checklist:
1. Complete the readings for all weeks before submitting Project
Part 2.
2. Complete all weekly lessons before submitting Project Part 2.
3. Ensure that you have conducted sufficient study before
submitting Project Part 2.
Title: Detailed Proposal
Continuing the Richman Investments scenario explained in Part 1 of this
project, the offices have a total of 5,000 employees, and the office
technology inventory includes desktops, mobile computers, and wireless
devices. There is a mix of computers running Windows XP, Windows
Vista, Windows 7, and Mac OS X. Most of the managers have BlackBerry
devices for instant communication, and all employees are provided cell
phones. A Windows Active Directory forest with domains is set up for
each office, and seven file and print servers are located in the Phoenix
office. The Phoenix office also contains two proxy servers, configured as
an array, that provide Web cache services and Internet access control for
the organization. The majority of applications are Web-based and hosted
from the Phoenix office.
The Phoenix office has an Internet connection to all the remote offices,
and the redundancy is extremely important to the company. There are
several sensitive applications that all offices use. The management from
each office shares application information that is hosted at the corporate
office for accounting and reporting purposes.
Your instructor will
consider the
following points for
evaluating your
performance in
this assessment:
Have you
documented
the
vulnerabilities,
methods, and
controls
effectively?
Have you
provided
proper
rationale for
your solution
choices?
Have you
conducted
adequate
independent
research for
the report?
NT2580
Project
4
Project
Part
Description/Requirements of Project Evaluation
Criteria
All employees have Internet access. There is no policy on the use of
removable media. Recently several of the branch offices have
encountered issues with malware.
Richman hosts an intranet for employees to access information about the
company and to enroll in company benefits programs. Richman also
hosts an extranet for its business partners.
Due to many recent technology and process improvements within
Richman, the corporate security policy is out of date, and each branch
office policy differs.
Tasks
You must submit a proposal to Richman’s senior management addressing
two of the points based on the following premises:
1. Richman has 5,000 employees throughout the main office and
several branch offices, therefore you must research solutions and
detail the appropriate access controls, including policies,
standards, and procedures that define who the users are, what
they can do, which resources they can access, and which
operations they can perform on a system.
2. Most of the managers have BlackBerry devices for instant
communications and all employees are provided cell phones,
therefore you must research and detail the cryptography methods
to protect organizational information using techniques that ensure
the information’s integrity, confidentiality, authenticity, and
nonrepudiation, and the recovery of encrypted information in its
original form.
3. There is a mix of computers running Windows 2000, Windows
XP, Windows Vista, Windows 7, and Mac OS X, therefore you
must research and devise a plan to thwart malicious code and
Have you
used citations
and noted
professional
resources?
Have you
submitted this
part of the
project on
time?
NT2580
Project
5
Project
Part
Description/Requirements of Project Evaluation
Criteria
activity by implementing countermeasures and prevention
techniques for dealing with viruses, worms, logic bombs, Trojan
horses, and other related forms of intentionally created deviant
code.
4. All employees have Internet access to browse the Web, there is
no policy on the use of removable media, and several of the
branch offices have encountered issues with malware recently,
therefore you must research and formulate a plan to implement
monitoring and analysis. You must determine system
implementation and access in accordance with defined IT criteria
as well as how to collect information for identification of and
response to security breaches or events.
5. Richman hosts an intranet for employees to access information
about the company and enroll in company benefits programs, and
that Richman also hosts an extranet for its business partners,
therefore you must research and devise a method to secure
networks and communications. This should include the network
structure, transmission methods and techniques, transport
formats, and security measures used to operate both private and
public communication networks.
6. The Phoenix office contains two proxy servers configured as an
array, which provide Web cache services and Internet access
control for Richman, and the majority of applications are Web-
based and hosted from the Phoenix office, therefore you must
assess risk, response, and recovery. Conduct a review of the
implementation processes essential to the identification,
measurement, and control of loss associated with uncertain
events.
7. The corporate security policy is out of date and each branch
office policy differs, therefore you must research and define
security operations and administration, including the identification
of information assets and documentation of policies, standards,
NT2580
Project
6
Project
Part
Description/Requirements of Project Evaluation
Criteria
procedures, and guidelines that ensure confidentiality, integrity,
and availability.
Write the proposal as detailed in the instructions above. Create a
professional, well-developed proposal with proper documentation,
grammar, spelling, and punctuation. In addition, document the
vulnerabilities, methods, and controls effectively.
Submission Requirements:
Submit your proposal in the form of a six- to eight-page Microsoft Word
document, double-spaced, using APA format. Send the document to your
instructor as an attachment through the Questa Learning Plan.
Due: Week 6
Grading Weight: 10%
End of Project Description