CMIT 321 Executive Proposal Project
The purpose of this project is to evaluate
the student’s ability to research and evaluate security testing software and
present a proposal for review by executive team members. By completing the
document the student will also gain practical knowledge of the security
evaluation documentation and proposal writing process. The project will enable
the student to identify and understand the required standards in practice, as well
as the details that should be covered within a proposal.
Using the Case Study presented
in this document, to complete an executive proposal.
Provide a three to five
page proposal summarizing purpose and benefit of chosen security software to
the executive management team.
The student will evaluate
and test security testing software for purposes of testing corporate network
security. The purpose of the software is to measure the security posture of the
organization by identifying vulnerabilities and help prevent future attacks and
deter any real-time unknown threats.
The proposal should
effectively describe the software in a manner that will allow the executive team
members to understand the purpose and benefits of the software to approve purchase.
Evaluate and select a
security tool for recommendation that you learned about in the iLabs modules or
the EC-Council text books.
The proposal document must
be 3 to 5 pages long, conforming to APA standards. See "Writing Guideline"
in WebTycho where you'll find help on writing for research projects.
three authoritative, outside references are required (anonymous authors or
web pages are not acceptable). These should be listed on the last page titled
Appropriate citations are
required. See the syllabus regarding plagiarism policies.
This will be graded on
quality of research topic, quality of paper information, use of citations,
grammar and sentence structure, and creativity.
The paper is due during
Week 7 of this course.
of project is to write an executive proposal for a fictitious company called Advanced
Research. The goal of the proposal is to persuade the executive management team
to approve purchase of security testing software that can benefit the company’s
corporate network security by testing and identifying vulnerabilities before
they are exploited by hackers. The proposal must include a detailed description
of the software, its purpose and benefits.
- Research a security testing
software tool that you practiced using in the EC-Council iLabs or from the
- Determine whether the tool
would be beneficial in testing the security of a corporate network.
- Use the vendor’s website to
collect necessary information about the tool to be able to explain its
purpose and benefit.
- Include 3rd party
endorsements and case studies about the tool.
- Integrate the information from
your own experience with the tool into your proposal. This may include
results from the iLab exercises or your own test lab.
Advanced Research is a startup medical research and development
company. After five years of extraordinary success in the development of
innovative medical and pharmaceutical products, Advanced Research is on its way
to becoming a major player in the medical research and development industry.
However, due to its success, Advanced Research has also become a major target
of cybercriminals. Advanced Research has been the victim of cybercriminal
attempts to steal intellectual property and sell it to Advanced Research’s
competitors. It is suspected that the corporate network has been infiltrated
from unauthorized sources more than once. In 2011, Advanced Research was
falsely accused of unethical research and development practices. The false
allegations resulted in the defacement of Advanced Research’s public website
and several Denial of Service attacks at different times over a 9 month period
that brought the corporate network to its knees. These attacks had a major
impact on Advanced Research’s ability to conduct business and resulted in
undesirable publicity for the company.
of its security problems, Advanced Research has continued to grow as a company.
and development departments have grown over the years, due to the expansion of
the company, in proportion to the increase in its business making up over 40%
of the human resources. Advanced Research’s innovative research and development
information is paramount to its continued success as a company. Although, no
known attacks have occurred in last 18 months, the security of its network and
intellectual property is still a major concern for the company. Because Advanced
Research is a still fairly young company, management has been hesitant to
budget for expensive security projects. However, this point of view is
beginning to change. Particularly, because one of Advanced Research’s competitors,
a major player in the medical research and development industry for over 40
years, experienced a loss of hundreds of millions of dollars in research data
that was stolen from its corporate network by cyber thieves.
and your role
You are the IT Manager hired in 2012 to manage the physical and
operational security of Advanced Research’s corporate information system.You understand information
security issues better than anyone else in the company. You also know that the
network is vulnerable to outside threats because it has experienced attacks in
the past and because you haven’t had the resources to properly test the corporate
information system to identify the vulnerabilities that might exist and take
action prevent possible attacks. You have a responsibility to bring these
concerns to the attention of the executive team and ask for approval to
purchase the necessary testing software.
Your education and training have introduced you to variety of
security tools for testing computer and network security. The majority of these
tools you either only read about or have practiced using in lab environment.
You have decided to research some of these tools and test them out in your own
lab environment and choose one for recommendation to executive team.
You will need to present information that proves the chosen tool
will be beneficial to the security of corporate information system. To
accomplish this you will need to research the product, if possible, test the
product in a virtual lab environment. If the tool is part of your iLab
exercise, it is recommended that you practice using and testing the tool beyond
the scope of the lab exercise. Based on your research and analysis, you will
include this information in your proposal in way that the executive staff can understand
and allowing them to make an informed decision to approve purchase of the
executive management team of Advanced Research:
proposal should include:
Detailed description of the software
Include reviews, case studies and
Include your own hands-on experience
with the tool and test results
Cost of product. Include additional
costs such as training or hardware software that might be needed in order to
properly deploy manage and maintain the software.
How will the software impact the production
environment? For example, the software may test for Denial of Service attacks.
You need to explain any interruptions the test may have on business operations.
You need to justify the need for such a test. Also explain how to you plan to
minimize or prevent possible production outages.
should test for one or more of the following types of attacks:
Denial of Service (DoS)
Cross Site Scripting (XSS)
Operating System Attacks
Office Network Topology
The Advanced Research main research and development facility is
located in Reston Virginia. You have concerns about the sensitive information
that is stored at this location as well as data that transmitted over the WAN
to Advanced Research’s New York City headquarters location, business partners
and clients. The Reston facility is also where the Advanced Research data
center is located. The data center is where Advanced Research’s public website,
email, databases and corporate intranet are hosted. The environment contains a
mix of Microsoft and *NIX technologies.
45 Windows 2008 Servers
13 Windows 2003 Servers
15 UNIX Servers
2200 Windows XP and 7 Desktops
Web Servers: Apache and IIS
Services: FTP, SMTP, DNS, DHCP, VPN
Database: SQL, Oracle and MySQL
Network: Cisco Routers and Firewalls
Documentation and Formatting
Appropriate APA citations/referenced
sources and formats of characters/content.
Accurate Completion of Software
Accurate Completion of Software Analysis
Provide proposal for purchase
A quality paper will meet or exceed
all of the above requirements