Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
Professors grading tool:
Student Name: Date: Project 2: Requires the Following THREE Deliverables 1. Security Assessment Report (including relevant findings from Lab) 2. Risk Assessment Report (compile findings from Project 1 & Project 2) 3. Lab Experience Report with Screenshots Project 2 – Evaluation Criteria 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately. 1. Security Assessment Report Discuss all topics below. Consider using the topic headers as subheaders to organize your report. Purpose and Scope To be able to succintly summarize (e.g. to your organization) the reason for performing this security assesment Based on your scenario (i.e. hypothetical or real), briefly explain why is there a need for this security assessment in your organization (purpose) and explain which components will be assessed (scope). Enterprise Network Diagram To be able to explain a basic network and its main components Propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. Discuss the security benefits of your chosen network design. Threats & Threat Identification To be able to discuss security threats in the context of networks and access control 1. Identify the potential hacking actors of threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. Firewalls and Encryption 1. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 2. Determine the role of firewalls, encryption, and auditing 3. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks. Databases 1. RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. 2. Discuss the value of using access control, database transaction and firewall log files. Passwords 1. Provide an analysis of the strength of passwords used by the employees in your organization. 2. Are weak passwords a security issue for your organization? OPM Case Study To be able to explain the OPM breach and discuss lessons learned 1. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach. 2. Differentiate between the external threats to the system and the insider threats. 3. Identify where these threats can occur in the previously created diagrams. 4. Review the OIG report on the OPM breach (i.e. a historical fact). Use it to justify the need for a security assessment in order to avoid, in your organization, similar situations. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Findings and Recommendations * To be able to clearly state your findings and propose mitigation 1.Include a section where the findings (i.e. your lab findings) and your recommendations are enumerated. This is an important section of your report, since your feedback/report will help the leadership of your organization allocate the necessary resources to ensure the risks you identified will be mitigated. Each finding should have a corresponding recommendation. E.g. Finding 1. It was found that …. Recommendation 1. It is recommended that …. Finding 2…. Recommendation 2…… Security Assessment Report Overall Feedback Strenghts Opportunities 2. Risk Assessment Report Risk and Remediation To be able to explain risk and risk mitigation 1.What is risk and what is remediation? 2. Summarize all the vulnerabilities found in Project 1 and Project 2. List them (e.g. table format) and include: description of each, likelyhood of each event occurring, impact to your organization (e.g. H, M, L), remediation, cost/benefit analysis of remediation for your organization 3. Make sure your RAR includes a compilation of all vulnerabilities/threats identified in the labs for Project 1 and Project 2 (i.e. all OS-related and Network-related vulnerabilities) . 4. Devise a high-level plan of action with intermin milestones (POAM) Risk Assessment Report Feedback Strenghts Opportunities