Phase II: the Course Project recommend solutions to the potential weaknesses from the Aircraft Solutions

[Please Note: This is only a suggestion of how you might want to put together your project. This format is not required. Please consult the Course Project Requirements document in Doc Sharing for specific requirements and grading standards.]

The Title of My Project

My Name

Submitted to: My Teacher

SE571 Principles of Information Security and Privacy

Keller Graduate School of Management

Submitted: August 19, 2013

Table of Contents

Executive Summary 3

The executive summary can’t really be completed until the course project is completed. This is because the section should summarize BRIEFLY the entire paper. There should be one or two sentences about the purpose of the report, a one to two-sentence description of the company and then a quick summary of the two vulnerabilities and the two solutions that you have identified. 3

Company Overview 3

Two Security Vulnerabilities 1

Software Vulnerability 1

Recommended Solutions 1

Telecommunications Closet Security Recommendation 2

Impact on Business Processes 3

Budget 3

References 5

[Please be sure to study and comply with the format for the required in-text and reference APA-style citations] 5

Executive Summary 1

Company Overview 1

Security Vulnerabilities 3

A Hardware Example Title 3

A Software Example Title 4

Recommended Solutions 5

A Hardware Example Solution 6

A Software Example Solution 8

Impact on Business Processes 9

Budget 10

Summary 11

References 12

Executive Summary

Company Overview

Here you should identify which of the two company scenarios you are using and briefly summarize the organizations products or services, and business processes.

Two Security Vulnerabilities

Software Vulnerability

Remember, you need to choose only two vulnerabilities from the three categories: hardware, software and policy. It is recommended that you make them limited in scope and very specific. Also, before starting on this section, be sure you have a very clear idea of the definition of the following terms: threat, vulnerability, risk, and consequences. A vulnerability is a weakness such as an unpatched Web server, but it need not be a “weakness” per se. It can simply be an asset exposed to risk unnecessarily. A Web server, no matter how secure, is still exposed to risk. However, what you are going to define is a situation where you will, later in the paper, make a recommendation for a security control that will mitigate risk.

Be sure that, in this section, you clearly define the asset(s) involved, the vulnerability specific to your company’s situation and implementation, the threat(s), risks, and consequences.

Recommended Solutions

You may want to make some general statements about how you went about the process of making recommendations and/or other general information about the solutions section. If not, simply go to the solutions. Do not summarize anything previously stated. Although this is the second part of the project, the project is a single document and the reader does not need to read a summary of what they just read above.

Also, do not use the first-person (e.g. “I recommend that….”). Professional reports generally leave out these types of pronouns or, if necessary, use “we.” Remember, you are trying to give your paper professional credibility and an objective tone.

Telecommunications Closet Security Recommendation

Here a VERY brief summary of the vulnerability is appropriate but usually, it doesn’t need to be even a complete sentence. For example, “Because of the risk of physical intrusion presented by the absence of locks on the telecommunication closet doors, it is recommended that……” This section should focus on defining the specific product or service recommended, the reason that it is better than other plausible solutions, if applicable, and evidence of the efficacy of the solution. This evidence needs to be supported by research. Statements like, “Anti-virus software is effective at protecting workstations,” is, in a business environment, of no use. Managers need to justify their budgets and they will get hammered if they say, “The consultant says it’s a good product.”

Impact on Business Processes

Usually, security controls have some impact on business processes. For example, recommending that users be forced to change their passwords every week is going to cause a lot of frustration for users. They will lose productivity while they’re contacting IT to have their forgotten passwords reset. But, if it HAS to be, then explain what the impact will be on business processes and how the “pain” of the solution is justified by the reduction in risk. Also, remember that the focus of this paper (and all IT work) is optimizing the organization’s ability to meet its goals. While you may need to address how IT itself is impacted by these solutions (changes is staffing, procedures, training, etc.) the focus should be on how users will be impacted.

Budget

Product	Features	Cost
Acme Device	28.v	$1,255
CiloTronic	1.5 Gbps	$14,589
Acme Device	28.v	$1,255
CiloTronic	1.5 Gbps	$14,589
Acme Device	28.v	$1,255
CiloTronic	1.5 Gbps	$14,589
Acme Device	28.v	$1,255

While a budget table is not required, it’s usually the easiest and clearest way to show this information. Be sure that you are using the most reliable figures available and that your list is complete. Do not make up figures unless you have no alternative and then, make a notation that the figure is a rough estimation. Still, most of your figures must be real costs obtained thorough your research. While rough estimates may be appropriate for a preliminary feasibility study, in a report with specific recommendations, as are required in this project, guesses at costs, like guesses at efficacy, are of no use. Your client will be grilled by upper management and, if you don’t give your client the ammunition needed to justify the budget request, you have just lost a client. Naturally, if you are a manager gathering the information for such a report to your superiors, you also need to be very worried if you don’t present them with valid specifics.

Summary

Like the Executive Summary, this section should not be long. It should not include arguments about the necessity for implementing the recommendations – your descriptions of the threats, vulnerabilities, consequences and solutions in the body of the report should already have been convincing. While, generally speaking, a summary should not include a lot of new information, it is appropriate to note smaller issues such as time to implement. This section should remind the reader of the key issues raised and how acting on them constitutes a prudent approach.

References

[Please be sure to study and comply with the format for the required in-text and reference APA-style citations]

Bigna, S., Vernon, R. F., & Smith, M. L. (2001). Plagiarism and the web, Journal of Social Work Education. 37 (1), 193-196.

Cheverie, J.F. (2002). The changing economics of information, technological development, and copyright protection: what are the consequences for the public domain? The Journal of Academic Librarianship, 28 (5), 325-331.

Epstein, R. A. (2002). The dubious constitutionality of the copyright term extension act. Loyola of Los Angeles Law Review, 36 (1), 123-158.

Samuels, E. (2002). The public domain revisited. Loyola of Los Angeles Law Review, 36 (1), 389-436.

U.S. Copyright Office. (1998). Summary of the digital millennium copyright act of 1998. Retrieved on August 16, 2003 from http://www.loc.gov/copyright/legislation/dmca.pdf

U.S. Patent and Trademark Office (1998) Final report to the commissioner on the conclusion of the conference on fair use. Retrieved from August 16, 2003 from http://www.uspto.gov/web/offices/dcom/olia/confu/confurep.pdf