information system and information security
Project: Problem Identification Assignment Instructions Overview The objective of the final comprehensive project is to show you are competent in the Information Assurance discipline and prepared for the final capstone systems analysis and design course. You will show competence through the execution of a final information security plan. The objective of the plan is to identify a current and relevant security related problem in computing, study related literature that pertains directly to the problem, analyze an appropriate secure fault tolerant solution, design the secure fault tolerant solution, and develop a continuity and disaster recovery plan for the final solution. The identified problem must be contained in a software, network, or system environment that you have sufficient knowledge of and data access to be able to perform a thorough analysis and design. Instructions Current and proper current APA formatting is required and must include a title page, proper margins, citations, organization, proper grammar and spelling, and an ending resources page. At the minimum, this phase of the project must include: I. Executive summary, introduction, and conclusion a. Executive summary b. Introduction i. Statement of the problem ii. Documentation of the organizational requirements iii. Purpose of the plan iv. Scope of the plan v. Rationale of the plan c. Conclusion II. Review of Related Literature a. Scholarly, peer-reviewed, original research (8 minimum sources and at least 8 double-spaced, current APA-formatted pages) b. Comprehensive investigation of past and current security solutions relevant to the problem c. Summary of the research outcomes d. NOTE: required minimum length in the grading rubric excludes all systems analysis and design (SAD) diagrams and any other tables and/or graphical elements III. Risk Analysis a. Analyze the risk of various plausible solutions in the review of related literature b. Value of the assets c. Potential loss per threat d. Threat analysis e. Overall annual loss per threat f. Reduce, transfer, avoid, or accept the risk IV. Environmental Diagrams (minimum of 2 required) could include, but are not limited to: a. System and/or network architecture diagrams i. If you are designing a secure network or system, at least 1 complete architectural diagram must exist that details all the connections, nodes, and/or pertinent pieces of equipment (e.g. data links, servers, switches, routers, firewalls, IDSs, SANs, databases, etc.) ii. If you are designing a secure application, detailed UML class and/or component diagrams must exist b. Security and business requirement mappings c. Information or data flow diagrams d. SDL Threat Modeling diagrams e. Risk matrix f. Process overview (e.g. see ISO 31000:2009 Process Overview Diagram) g. Shared resource matrix h. Attack and/or malicious mappings (e.g. distributed denial-of-service attack mapping, encrypted message flow) Critical to your success is a comprehensive and proper understanding of the information system and surrounding environment for which the plan will address. Within the scope of the plan, you must notate each domain that will be addressed. It is important to clearly define what is inside the scope and what is outside of the scope of the plan. Read More …
