Through analysis of reference materials regarding a notional organization, the student will develop the following products:
Written assessment of the current security posture of the organization. State in general terms where Omega has strengths and where they have weaknesses.
Develop a listing of threats (five), prioritized by their relative likelihood and potential frequency of occurrence. By definition, a threat is the occurrence of any event that causes an undesirable impact on the organization. Threats can be either man-made or natural. Is the disgruntled employee a threat? How likely is it that we Omega will be faced with an insider attempting to do bad things on their networks? Can you estimate how frequently that insider threat might manifest itself? What about the script kiddy? How likely is it that Omega will be probed by script kiddy? How frequently is this likely to occur?
Develop a listing of vulnerabilities (10) in the current security posture of Omega Research. A vulnerability is defined as the absence or weakness of a safeguard to reduce the risk associated with a specific threat.
Prioritize the vulnerabilities based on the potential impact on Omega Research if the vulnerability is exploited (threat is realized). (The FBI yearly report is helpful)
Considering the vulnerabilities associated with the current security posture of Omega, develop a single, optimal network security plan of action that reduces the vulnerabilities to an acceptable level (subjective). This plan will include:
Proposed changes to the perimeter architecture of all four sites. Include written description of recommended changes, why you are recommending these changes, and a logical network diagram of your solution for each site.
As necessary to compliment your perimeter design, proposed changes to the internal network/security architecture for each of the four sites. Include written description of recommended changes, why you are recommending these changes, and include those changes in your site diagrams.
As necessary to compliment your perimeter design, proposed changes to network/security management tools and/or procedures.
The 3 highest priority security policies that must be developed and published now to support your network security plan of action. Include the essence of these policies by using a customized template. Include a paragraph that summarizes the changes to the template.
Your recommendations on securely implementing the Omega Research web site and knowledge portal. Focused on location of networked resources within security zones within the enterprise and guidelines to prevent common web-based and SQL-based attacks.
Any additional recommendations you might have for Omega senior management to improve their bottom line.