Description
Term Paper: Redesigning Security Operations
Due Week 10 and worth 140 points
Imagine you have recently been hired as the Information security director at a start-up health care research firm, where confidential client data is housed in its Data Center. Currently, the company has 100 employees and expects to expand its workforce to 300 in the next three (3) months and the company is moving to a new location in an urban office building across four (4) floors. The security operations and defensive mechanisms have been run in the past by the Networking Department and due to the move, you have a chance to start anew with the company’s security operations to improve its overall security posture.
Write an eight to ten (8-10) page paper in which you:
- Identify what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company.
- Examine each threat you identified in number 1, in which you:
- Explain why this is your perception.
- Identify what is at risk from these threats.
- Determine how you would design the security controls to mitigate the risks involved.
- Determine the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls.
- Create an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. Note: The graphically depicted solution is not included in the required page length.
- Explain in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis.
- Create a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. Note: The graphically depicted solution is not included in the required page length.
- Determine whether or not you would utilize encryption technologies on the network and / or computing equipment. Justify your response.
- Consider the use of a cloud-based solution for storing the company’s data. Determine the benefits and / or risks that would result using this kind of data storage, and decide whether or not you would utilize this storage option. Justify your decision.
- Select a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures.
- Analyze each security tool you selected in number 8, and determine why / how you would use them as part of your security operations.
- Provide an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption. Explain why each plan is needed based on the benefits it provides to the company.
- Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
- Include diagrams created in Visio or one of their equivalents such as Dia. The completed diagrams must be imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this assignment are:
- Describe cryptology and impact on cybercrime response.
- Identify common information-gathering tools and techniques.
- Analyze system vulnerabilities exploited by hackers.
- Design plans that remove Trojans, backdoors, and malware from infected systems.
- Explain the process of network traffic analysis and sniffing, and their appropriate tools.
- Analyze wireless network vulnerabilities exploited by hackers.
- Examine the appropriate methods for performing incident handling.
- Use technology and information resources to research issues in cybercrime techniques and response.
- Write clearly and concisely about topics related to cybercrime techniques and response using proper writing mechanics and technical style conventions.
Points: 140 | Term Paper: Redesigning Security Operations | |||
Criteria | Unacceptable Below 70% F | Fair 70-79% C | Proficient 80-89% B | Exemplary 90-100% A |
1. Identify what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company. Weight: 5% | Did not submit or incompletely identified what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company. | Partially identified what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company. | Satisfactorily identified what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company. | Thoroughly identified what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company. |
2a. Examine each threat you identified in number 1, in which you: Explain why this is your perception. Weight: 5% | Did not submit or incompletely examined each threat you identified in number 1, in which you: Explained why this is your perception. | Partially examined each threat you identified in number 1, in which you: Explained why this is your perception. | Satisfactorily examined each threat you identified in number 1, in which you: Explained why this is your perception. | Thoroughly examined each threat you identified in number 1, in which you: Explained why this is your perception. |
2b. Examine each threat you identified in number 1, in which you: Identify what is at risk from these threats. Weight: 5% | Did not submit or incompletely examined each threat you identified in number 1, in which you: Identified what is at risk from these threats. | Partially examined each threat you identified in number 1, in which you: Identified what is at risk from these threats. | Satisfactorily examined each threat you identified in number 1, in which you: Identified what is at risk from these threats. | Thoroughly examined each threat you identified in number 1, in which you: Identified what is at risk from these threats. |
2c. Examine each threat you identified in number 1, in which you: Determine how you would design the security controls to mitigate the risks involved. Weight: 5% | Did not submit or incompletely examined each threat you identified in number 1, in which you: Determined how you would design the security controls to mitigate the risks involved. | Partially examined each threat you identified in number 1, in which you: Determined how you would design the security controls to mitigate the risks involved. | Satisfactorily examined each threat you identified in number 1, in which you: Determined how you would design the security controls to mitigate the risks involved. | Thoroughly examined each threat you identified in number 1, in which you: Determined how you would design the security controls to mitigate the risks involved. |
3. Determine the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls. Weight: 5% | Did not submit or incompletely determined the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls. | Partially determined the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls. | Satisfactorily determined the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls. | Thoroughly determined the security defense mechanisms that you would utilize in order to secure communications from floor to floor in the office space, including equipment and physical controls. |
4. Create an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. Weight: 15% | Did not submit or incompletely created an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. | Partially created an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. | Satisfactorily created an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. | Thoroughly created an office space diagram detailing the security defense tools, equipment and controls utilized, using a diagramming application such as Visio or Dia. |
5. Explain in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis. Weight: 5% | Did not submit or incompletely explained in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis. | Partially explained in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis. | Satisfactorily explained in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis. | Thoroughly explained in detail the defensive mechanisms that you would implement to secure the corporate wireless network, including encryption, authentication methods, and at least two (2) WLAN security tools you would utilize on a regular basis. |
6. Create a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. Weight: 15% | Did not submit or incompletely created a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. | Partially created a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. | Satisfactorily created a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. | Thoroughly created a wireless network diagram, using a diagramming application such as Visio or Dia based on your explanation in number 5. |
7. Determine whether or not you would utilize encryption technologies on the network and / or computing equipment. Justify your response. Weight: 5% | Did not submit or incompletely determined whether or not you would utilize encryption technologies on the network and / or computing equipment; did not submit or incompletely justified your response. | Partially determined whether or not you would utilize encryption technologies on the network and / or computing equipment; partially justified your response. | Satisfactorily determined whether or not you would utilize encryption technologies on the network and / or computing equipment; satisfactorily justified your response. | Thoroughly determined whether or not you would utilize encryption technologies on the network and / or computing equipment; thoroughly justified your response. |
8. Consider the use of a cloud-based solution for storing the company’s data. Determine the benefits and / or risks that would result using this kind of data storage, and decide whether or not you would utilize this storage option. Justify your decision. Weight: 5% | Did not submit or incompletely considered the use of a cloud-based solution for storing the company’s data; did not submit or incompletely determined the benefits and / or risks that would result using this kind of data storage, and did not submit or incompletely decided whether or not you would utilize this storage option; did not submit or incompletely justified your decision. | Partially considered the use of a cloud-based solution for storing the company’s data; partially determined the benefits and / or risks that would result using this kind of data storage, and partially decided whether or not you would utilize this storage option; partially justified your decision. | Satisfactorily considered the use of a cloud-based solution for storing the company’s data; satisfactorily determined the benefits and / or risks that would result using this kind of data storage, and satisfactorily decided whether or not you would utilize this storage option; satisfactorily justified your decision. | Thoroughly considered the use of a cloud-based solution for storing the company’s data; thoroughly determined the benefits and / or risks that would result using this kind of data storage, and thoroughly decided whether or not you would utilize this storage option; thoroughly justified your decision. |
9. Select a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures. Weight: 5% | Did not submit or incompletely selected a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures. | Partially selected a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures. | Satisfactorily selected a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures. | Thoroughly selected a minimum of five (5) security tools that you would implement on the network as security auditing and / or defense countermeasures. |
10. Analyze each security tool you selected in number 8, and determine why / how you would use them as part of your security operations. Weight: 5% | Did not submit or incompletely analyzed each security tool you selected in number 8; did not submit or incompletely determined why / how you would use them as part of your security operations. | Partially analyzed each security tool you selected in number 8; partially determined why / how you would use them as part of your security operations. | Satisfactorily analyzed each security tool you selected in number 8; satisfactorily determined why / how you would use them as part of your security operations. | Thoroughly analyzed each security tool you selected in number 8; thoroughly determined why / how you would use them as part of your security operations. |
11. Provide an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption. Explain why each plan is needed based on the benefits it provides to the company. Weight: 5% | Did not submit or incompletely provided an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption; did not submit or incompletely explained why each plan is needed based on the benefits it provides to the company. | Partially provided an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption; partially explained why each plan is needed based on the benefits it provides to the company. | Satisfactorily provided an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption; satisfactorily explained why each plan is needed based on the benefits it provides to the company. | Thoroughly provided an overview of the recovery and continuity plans you would develop to ensure the company could survive a temporary or prolonged disruption; thoroughly explained why each plan is needed based on the benefits it provides to the company. |
12. 5 references Weight: 5% | No references provided | Does not meet the required number of references; some or all references poor quality choices. | Meets number of required references; all references high quality choices. | Exceeds number of required references; all references high quality choices. |
13. Clarity, writing mechanics, and formatting requirements Weight: 10% | More than 6 errors present | 5-6 errors present | 3-4 errors present | 0-2 errors present |
Explanation & Answer
Review
Review
