Course Project: Security Assessment and Recommendations
This course does involve a lot of technical information and theory, but what really matters is how this knowledge can be used to identify and remediate real-world security issues. What you learn in this course should be directly applicable to your work environment. The course project that you will complete is designed to further this goal. In the first part of the project, you will choose an organization from one of two given scenarios (below) and identify potential security weaknesses, and in the second part of the project, you will recommend solutions. The first part of the project is due in Week 3, and the second part of the project, along with the first part (presumably revised based on instructor feedback) is due in Week 7. This project constitutes a significant portion of your overall grade. This is an individual assignment and may not be completed in teams.
Phase I – Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company
In this phase, you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. The scenarios are in Doc Sharing in the Course Project select area. You will then identify potential security weaknesses.
Security weaknesses – You must choose two from the following three areas (hardware, software, and policy – excluding password policies) and identify an item that requires improved security.
To define the asset or policy with sufficient detail to justify your assessment, your assessment must include:
- the vulnerability associated with the asset or policy
- the possible threats against the asset or policy
- the likelihood that the threat will occur (risk)
- the consequences to mission critical business processes should the threat occur
- how the organization’s competitive edge will be affected should the threat occur
To clarify an item that requires improved security, you must identify one of these items:
- one hardware and one software weakness
- one hardware and one policy weakness
- one software and one policy weakness
Other required elements include:
- Cover sheet
- In-text citations and Reference section
- Minimum length 3 pages, maximum length 5 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length.
Phase II: the Course Project (comprised of Phase I and II) – Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company
In this phase of the project you will include Part I (presumably improved as needed based upon Week 3 feedback) and then you will recommend solutions for the security weaknesses you identified in the Phase I.
Definition of the solution – Hardware solutions must include vendor, major specifications with an emphasis on the security features, and location of placement with diagram. Software solutions must include vendor and major specifications, with an emphasis on security features. Policy solutions must include the complete portion of the policy that addresses the weakness identified. Any outsourced solution must include the above details and the critical elements of the service level agreement.
Justification – You must address the efficacy of the solution in terms of the identified threats and vulnerabilities; the cost of the solution, including its purchase (if applicable); and its implementation, including training and maintenance.
Impact on business processes – You must discuss any potential positive or negative effects of the solution on business processes and discuss the need for a trade-off between security and business requirements using quantitative rather than simply qualitative statements.
Other required elements include:
- Cover sheet
- In-text citations and Reference section
- 5 reference minimum
- Minimum length of solutions: 6 pages, maximum length 10 pages (not counting cover sheet, diagram(s), references). Do not exceed the maximum length.
The course project will consist of two deliverables:
Phase I (Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company); and Phase II: the Course Project (comprised of Phases I and II – Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company).
The grading standards for each deliverable are as follows:
Phase I (Identify potential weaknesses from either the Aircraft Solutions or Quality Web Design Company)
|Security Weaknesses||80||Identifies two plausible and significant weaknesses from required list (hardware, software, policy). Includes realistic vulnerability(s) associated with the asset or policy, plausible and likely threats against the asset or policy, an estimation of the likelihood that the threat will occur (risk), the consequences to mission critical business processes should the threat occur, and how the organization’s competitive edge will be affected should the threat occur.|
|Presentation||20||Writing quality and flow demonstrates a graduate-level writing competency and does not contain misspellings, poor grammar, incorrect punctuation, and questionable sentence structure (syntax errors).|
|Total||100||A quality paper will meet or exceed all of the above requirements.|
Phase II – the Course Project (comprised of Phase I and II) – Recommend solutions to the potential weaknesses from either the Aircraft Solutions or Quality Web Design Company
|Security Weaknesses||60||Identifies two plausible and significant weaknesses from required list (hardware, software, policy). Includes realistic vulnerability(s) associated with the asset or policy, plausible and likely threats against the asset or policy, an estimation of likelihood that the threat will occur (risk), the consequences to mission critical business processes should the threat occur, and how the organization’s competitive edge will be affected should the threat occur|
|Definition of Solution||30||Includes vendor and major specifications, and identifies the relevant security features as related to the weakness identified. If hardware, includes location of placement with diagram. Policy solutions include the complete portion of the policy that effectively address the weakness identified. Any outsourced solution must include the above details and the critical elements of the service level agreement.|
|Justification||30||Demonstrates the efficacy of the solution in terms of the identified threats and vulnerabilities. Includes complete costs, including purchase, implementation, training, and maintenance as needed.|
|Impact on Business Processes||25||Addresses plausible, potential positive, or negative effects on business processes. Discusses trade-off between security and business requirements using quantitative statements.|
|Presentation||25||Writing quality and flow demonstrates a graduate-level writing competency and does not contain misspellings, poor grammar, incorrect punctuation, and questionable sentence structure (syntax errors).|
|Total||170||A quality paper will meet or exceed all of the above requirements.|
Course projects cause many students anxiety. Some anxiety is probably healthy; it means you want to do a good job. But too much anxiety usually interferes with performance. There is writing assistance available in the Tutor Source link under Course Home and here are some tips you may want to consider as you plan and create your course project.
- Read the Course Project Requirements and the Course Project Sample Template (in Doc Sharing) early. Here’s why: if you have in mind the required specifications of the assignment as you start the weekly assignments and other activities, you’ll be able to recognize when you come across information that you might want to use in your project.
- Keep a separate project notebook. Don’t worry about keeping it highly organized and documented; just jot down ideas as they come to you. You’ll be surprised how much anxiety you prevent by simply having ideas ready when you sit down to write.
- Use the “mull” method. This means spend a few days mulling over the assignment. Don’t force yourself to think about it, but, if you’ve read over the project requirements and have your project notebook with you as you do your regular class activities and your regular daily activities, your brain will work on the assignment all by itself. As it does so, more ideas will come to you and all you have to do is jot them down.
- Don’t try to write the paper from the beginning to the end correctly the first time. If you do, you’ll probably forget all kinds of things and your sentence structure and word choice, not to mention spelling and grammar, will likely not be as good as it should be. Don’t edit as you write. Just write. That way the ideas can come out with less effort. Edit later.
- Use your text to help you get ideas. For example, when considering vulnerabilities, check the index at the back of the text for the word “vulnerabilities” and browse through those pages. When you’re designing the network, look through the chapter on security in networks.
- Use available sources such as the DeVry Library, our course Lectures, discussions, other books, journals, the Internet, and so forth.
- Keep a digital notebook. When you find an interesting article (or even an article that looks as if it could be useful), copy it and paste it into your document along with the address (URL), date, author, and so forth. You can read through these later and keep what seems useful and discard the rest.
- Make a schedule and keep to it. For example, you may set aside an hour to research topics. Use the suggestion in #7, pasting down articles and parts of articles to read later. Set aside another hour or two later to read through the material you collected. If it’s of no use, delete it so that your digital notebook becomes more refined and useful. If you start work early and schedule smallish times to do your work, you’ll find that, a) you learn a lot more, b) you have much less anxiety, and c) you end up with a better grade. Try it!
- Ask questions. The Q & A forum in the threaded discussions in the course shell is an excellent place to ask questions. This isn’t cheating; this is working together to increase everyone’s knowledge. You’re not asking someone to write your paper, you’re asking for ideas (or answering other students’ questions). Contact your instructor with questions. Your instructor is the expert on what is expected, so use this resource.
- Read about APA-style citations by clicking the link, APA Guidelines for Citing Sources, near the bottom of the Course Syllabus. You will save a lot of time by addressing these style issues as you write your paper rather than trying to do this at the end.
- Once you’ve written your rough draft, start the editing process:
- Look over the Course Project Requirements, particularly the Grading Standards, and make sure that you’ve addressed every element that is required.
- Remove any unnecessary sentences or phrases. This project is not supposed to be long (remember that there is a 12-page maximum for the final project – not counting the cover page, graphics, references, etc.), it’s supposed to be good. Any extra wording should be deleted. For example, “All of these weaknesses happen on a regular base and in order to make sure that they do not occur, the company needs to step in and make modification that will not only correct existing issues but prevent future ones as well,” could be written effectively as, “These vulnerabilities are ongoing and action needs to be taken.”
- The key to good technical or business (and some would say creative) writing is being clear and effective. Don’t try to make the paper sound “educated.” For example, instead of writing “This document is set forth to identify and address potential security issues…,” just say what you need to say. Much better would have been, “This report addresses security issues….” This type of clear writing is a lot easier on the writer and on the reader.
- When you use an acronym for the first time, spell it out. For example, “…the use of a VPN (virtual private network) is common among….” After that, just use the acronym.
- Whenever you use pronouns like “it” or “they” that refer to something mentioned earlier, be sure that it is clear to what or to whom “it” or “they” refer. For example, “The company has implemented a firewall at corporate headquarters and a packet filtering router at the branch office. It has functioned well since then.” In this case, the “It” could refer to the company, the firewall, the headquarters, the branch office, or the packet filtering router. Clearer would be, “The company has implemented a firewall at corporate headquarters and a packet filtering router at the branch office. Network perimeter security has functioned well since then.”
- Read your work out loud. You may find lots of little mistakes and sentence structure errors this way.
- Use spell check and grammatical correction features of your word processing software, but don’t rely on them. Correctly spelled words will two often be red as bean write when they are whey off.
- Proofread when you are not tired and when you have had some time away from your work on the paper. Your goal should be to catch ALL mistakes or omissions. Professional or academic papers that contain errors send a message to the reader that a) you are not a reliable source of information or b) you don’t care about the reader. Neither of these may be true but, that’s the message you send when you send errors.
- Be sure that all ideas that you got from outside sources are accompanied by an in-text citation (not a footnote) and that the in-text citation refers to an item in the References section. Be sure to use APA-style.
- As much as possible, avoid direct quotations. Only use direct quotations when necessary. For example, “…as Bill Gates once famously said, ‘No one will ever need more than 640K of memory’….” Since the writer is stating a specific (and silly) idea expressed by a well-known person, this little direct quotation is appropriate. But longer “cut-and-paste” sections are almost always unnecessary in this project, and most instructors don’t feel comfortable giving you a grade for a paper that was, to any significant extent, written by someone else. Usually a paper that contains more than 15-20% direct quotations is considered unacceptable. Some instructors think even this is way too high. When in doubt, contact the instructor. In any case, if you use a lot of direct quotations, expect to receive a poor grade and, if you use ANY direct quotation, be sure to use quotation marks and an in-text citation. If you don’t, you risk disciplinary action for violation of the academic integrity policy. See the course syllabus for more details.
Of all these tips, probably the most important are: start early and ask questions. Your instructor is committed to helping you get the most out of the course. If you start early, you’ll be able to ask questions that will save you time and effort. If you wait until the last minute, you’ll be stressed and won’t have time to incorporate feedback from your instructor.
GOOD LUCK AND GOOD WRITING!