StudyDaddy Article Writing Respond to below in 150 words Profit MaximizationA manager may contribute to the profit maximization goal of a firm by having a strong background or education in managerial economics. By understandin

Respond to below in 150 words Profit MaximizationA manager may contribute to the profit maximization goal of a firm by having a strong background or education in managerial economics. By understandin

Information Assurance Homework

• Presentation slides/video

• Final report paper

Scenario

Several computers in your company have recently been compromised. It was discovered that

the company network had been under attack for several months. However, these attacks had

not been previously detected. The attackers exploited both network and host vulnerabilities.

The head of your company decides that security needs to be improved. The company

network should be modified to prevent a majority of further attacks. Attacks that cannot be

prevented should be at least detected. However, solutions for tolerating undetected attacks

should also be envisioned. The head of the company tasks you to come up with a plan. A

rough estimate of the maximum cost of this task is: $500K for equipment and software and

at least 1 full-time security administrator (first year salary only included in initial estimate).

However, the head of your company indicates that these numbers could change based on your

proposal. Your goal is to propose the best plan that would provide the best level of security

for adequate cost and resources.

The company already has a network of Linux computers for scientific research and a

network of Windows computers for administrative tasks. Both networks should be made

more secure. Both networks should also be able to securely communicate. Additionally,

the company relies on its web server to advertise and sell some of its products, as well as

providing a customer support portal.

Write a paper of 17-20 pages (double-spaced) on the security solution you would recommend. Be sure to explain why your solution provides the best level of security for the given

scenario and constraints. Assess the cost and the required resources of your solution.

Purpose/objective

View the problem as if you’ve just been designated head of information security for the

organization or you’ve been hired as a consultant to evaluate and propose a solution.

The scenario description has some information, but you will likely need to or will want to

assume additional things to help define the problem. Please discuss and/or clearly state any

assumptions being made.

Comments

Some things you’ll probably need to do:

• Identify, describe, and document the current state of things and start to define the

problem and scope to be addressed. This may include:

– Identifying and/or speculating likely causes or issues relating to the recent compromises.

• Identify/list/describe some or all of the objectives a proposed solution should try to

meet or address. Discuss how the objectives might be prioritized in the context of

the company’s core business operations. (Does it matter if it’s a financial, medical,

engineering, education, etc. type company? If so, you may want to indicate what the

company does and how this may affect priorities.)

• Identify what kinds of things (equipment, personnel, policies, procedures, etc.) may

already be in place or available (and perhaps not being fully utilized) and can be

improved upon. Identify where there may be gaps or aspects that are currently not

being addressed.

• Propose a plan to address and improve security. Discuss how various components will

be implemented and how they are expected to improve the current state of things.

• Discuss if there are ways to measure or gauge if the implemented changes help or improve

security. Also consider if implemented changes may also affect other operational aspects

of the company (either positively or negatively) and whether or not this can be measured

or estimated in some way.

• Discuss if there are alternatives to some of the components in the proposed plan and if

or when the alternatives might be considered or why the alternatives are not a good fit

for the organization and its operations. You can consider alternative components or

alternative implementations of components. For example, you may decide a firewall

or IDS should be part of the proposal, however, there may be different places where a

firewall or IDS might be placed depending on what should be protected or other factors.

• While it is unlikely you would need to discuss or use some of the formal models covered,

there are aspects of them that may be applicable. For example, if a company deals

with sensitive information, you may want to cover how it could be compartmentalized

to minimize the impact from any future compromises. Does the company need to be

concerned about conflicts of interests regarding clients? If so, how can this be handled

internally?

• The cost constraint is included because there will be resource constraints which need to

be weighed against the priorities and objectives of the company. Cost figures do not

need to be exact or precise, but try to make reasonable estimates when possible. If you

have a source or reference for a cost, that’s great. If not, no problem, but just make it

clear that the cost value is something you came up with. This is not a cost estimation

project, so don’t spend much time on trying to come up with detailed or referenced

cost figures.

Think of the proposed budget as a tool that relates to or is influenced by the priorities

and objectives of the organization. It should be useful for answering questions such as:

– Why two firewalls instead of five (or some other component)? (From the budget,

it can be seen how much three additional firewalls might cost and other ways that

money might be spent to provide better improvements.)

– Given an addition of $X, how would you alter your current proposal to get the

most additional improvement?

– Given a reduction of $Y, how would you alter your current proposal to minimize

impact on security?

Slides

Think of the slides as sort of a “storyboard” or outline for the paper (or an overview if you’ve

already started writing or have finished the paper by the time the slides are due). You should

have enough slides for a 10-12 minute presentation and overview of your proposal. Almost all

of the content should be reusable as part of the paper.

You can structure it as collection of figures, diagrams, tables, etc. where the paper ends

up being a narrative to explain the different elements and to tie them together. Or you can

structure it as an outline with bullet points for key items (which will become paragraphs or

sections of the paper). Or it can be some combination of both.

***NEW SPRING 2019*** Presentations should be submitted as a video or recording

of some sort along with the slides. Presentations exceeding 12 minutes will lose points.

In-class students should be available to answer questions and respond to feedback when their

presentation is played for the class.

Final thoughts

The above items should not be interpreted as a template or checklist for the project paper.

It is just a list of things that can be considered or included. However, if you are not sure

where to start, you can use it as a guide.

This is a design project. There is no single best design that your proposal will be compared

against. It is important to identify what the design needs to address (for the given scenario

and assumptions you make and describe) and then to provide support and context for how

your design and design decisions address these things.

Additional scenario ideas

The original scenario is for an engineering type company. Alternate scenarios could be for

things such as:

• Healthcare (such as a hospital) – where regulatory requirements, such as HIPAA in

the US, might apply. You could consider a range of desktops and workstations used

for various adminstrative roles, patient record and billing systems, and various medical

equipment and devices that may be networked in some way or otherwise connect with

some of the computing infrastructure. Ransomware is a realistic example providing

initial motivation for an assessment of current security practices and proposal for an

improvement plan.

• Financial (such as a community bank) – where regulatory requirements, such as the

Gramm-Leach-Bliley Act in the US, might apply. You could consider things such as

workstations and equipment used by tellers, bank managers, loan officers, etc., ATM

systems, systems storing account information and customer records, servers and web

sites for online and mobile banking and other systems. There are several types and

variants of malware that target banking systems and accounts. Recent incidents could

provide motivation for an assessment of current security practices and proposal for an

improvement plan.

• Industrial setting (such as a power plant) – someplace where things like Industrial

Control Systems (ICS) may be prevalent. These may be on isolated networks but

there may be components or parts of the system that allow for remote access (using

something like a VPN, ...or not). Some of the systems involved may be limited in terms

of processing power or other resources and this may provide constraints on the options

available to secure some of the devices at the endpoints (on the devices themselves).

Also, monitoring the integrity of the system and being able to respond quickly may be

of critical importance as well. Some of these environments rely on some less common

or less well known types of communications (such as Zigbee for wireless) which may

impose some limitations or constraints in terms of security options.

If your scenario includes an area where either voluntary industry requirements or mandatory regulatory requirements apply, you can research and include aspects of these requirements.

You do not need to have an in-depth focus on the requirements, but the idea is to include

different aspects relevant to the organization that should be considered. Different aspects

to consider may involve technology, regulations, and core business functions. Your proposal should not focus solely on technical aspects, but should try to take into account the

environment in which it will be applied.

Rubic

-----------------

(A) What are the assets the company wants to protect and why?

Simply listing a computer as an asset and saying it needs to be

protected needs to have more context (in how it may impact the

business). Is a computer (or other resource) important because

of what is stored on it, how it is used, what it has access to,

etc.? For example, a desktop computer may not have any important

information stored on it, but if it gets infected with malware,

the disruption to clean or reimage it may impact worker productivity.

Along with identifying assets, may also want to consider how a

particular company or organization may prioritize their assets.

(B) What are some of the threats the company wants to protect

against? Some types of threats may be more specific to the

function or industry a company or organization is involved in.

External threats may be more of a focus, but for some industries,

internal threats may also deserve some attention.

(C) What are some of the current gaps or weaknesses? If you

are proposing something that should improve or increase security,

it is important to include or mention some assessment of the

current state. If you are making the assumption that there is

currently no security measures in place, that's fine, but you

should explicitly state this, otherwise it's not clear how what

is being proposed is any different than what may already be in

place. Perhaps the organization already has an expensive IDS/IPS

but lacks resources to monitor or tune it (and the high-rate of

false positives just causes it to be ignored or disabled).

(D) Link components of proposed solutions to the identified

assets that need to be protected (from the perspective of the

company or organization) as well as considering their relative

priorities, if applicable. Can also include mention or discussion

of how components relate to particular threats and how those threats

relate to assets. Indicate how plan protects assets (either directly

or indirectly).

(E) Please try to include some type of cost or budget estimate

component. It's more of a planning tool, so accuracy is not

a high priority, but it should be usable to illustrate trade-offs

if priorities shift or if budget constraints change.

(F) For budget/cost estimates, keep in mind that many software

products require licenses per install. So if in your scenario

you have 40 Windows computers that you want to include AV software

for, if you are using an individual license cost for reference, you

need to multiply it by the total number of computers it will be

installed on, or you need to make sure that your price reference

is for some kind of volume or blanket type license that allows

the software to be installed on multiple devices for a single

license.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!