CSIA 310: Cybersecurity Processes & TechnologiesProject #2: Security Strategy Implementation Recommendations for Sifers-Grayson
Overview:
Now that the After Action Reports have been analyzed, the consultants must develop a plan for improving the security posture at Sifers-Grayson. This will be documented in a Security Strategy Recommendations document. The security strategy will be based upon multiple layers of policies, processes, and technologies that, when implemented, will be used to defend the Information Technology enterprise from both internal and external threats and attacks.
Note: see
https://www.techrepublic.com/blog/it-security/understanding-layered-security-and-defense-in-depth/ for a discussion of the differences between these two security strategies: layered security and defense-in-depth. You will need this information for the
Security Strategies section of your paper.
Two defensive security strategies have been chosen by the senior members of the team.
1. Defense Strategy #1: Build a DMZ for the R&D Center. The DMZ will host servers accessed by the engineers while teleworking and while reaching back to the R&D center from the test range. The DMZ will require the following: (a) business class routers, (b) business class firewalls, and (c) intrusion detection and prevention system.
Demilitarized Zone (DMZ).
For definitions and diagrams see
https://www.us-cert.gov/ics/Control_System_Security_DMZ-Definition.html and
https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/principles-of-computer/9781260474329/ch9.xhtml#lev74 (Scroll down to sub-section on DMZ’s)
2. Defense Strategy #2: Implement Enterprise-wide Protective and Detective Measures to defend against both internal and external attackers. These measures will include (a) controlling access to software documentation and source code, (b) implementing enterprise-wide identity management, and (c) implementing either a Security Information and Event Management (SIEM) tool or a Unified Threat Management (UTM) tool.
Your Task:
You have been assigned to research products which will be used to implement the two Defense Strategies. You will need to research suitable products and then write a report recommending a set of products and services which can be used to implement the selected strategies. Your report will include summary information and explanations about defense in depth and the two selected strategies.
Note: You may need to do additional reading and research to find the information required to support your explanations of defense in depth and the selected defense strategies. Make sure that you cite authoritative sources for this information.
Product Research:
1. Products to Implement Defense Strategy #1 (Build a DMZ for the R&D Center). You must choose one product for each of the following categories (router, firewall, intrusion detection and prevention).
1 ...
1. CSIA 310: Cybersecurity Processes & TechnologiesProject #2:
Security Strategy Implementation Recommendations for Sifers-
Grayson
Overview:
Now that the After Action Reports have been analyzed, the
consultants must develop a plan for improving the security
posture at Sifers-Grayson. This will be documented in a
Security Strategy Recommendations document. The security
strategy will be based upon multiple layers of policies,
processes, and technologies that, when implemented, will be
used to defend the Information Technology enterprise from both
internal and external threats and attacks.
Note: see
https://www.techrepublic.com/blog/i t-
security/understanding-layered-security-and-defense-in-depth/
for a discussion of the differences between these two security
strategies: layered security and defense-in-depth. You will need
this information for the
Security Strategies section of your paper.
Two defensive security strategies have been chosen by the
senior members of the team.
1. Defense Strategy #1: Build a DMZ for the R&D Center. The
DMZ will host servers accessed by the engineers while
teleworking and while reaching back to the R&D center from
the test range. The DMZ will require the following: (a) business
class routers, (b) business class firewalls, and (c) intrusion
detection and prevention system.
Demilitarized Zone (DMZ).
For definitions and diagrams see
https://www.us-
2. cert.gov/ics/Control_System_Security_DMZ-Definition.html
and
https://go.oreilly.com/umgc/https://learning.oreilly.com/library/
view/principles-of-computer/9781260474329/ch9.xhtml#lev74
(Scroll down to sub-section on DMZ’s)
2. Defense Strategy #2: Implement Enterprise-wide Protective
and Detective Measures to defend against both internal and
external attackers. These measures will include (a) controlling
access to software documentation and source code, (b)
implementing enterprise-wide identity management, and (c)
implementing either a Security Information and Event
Management (SIEM) tool or a Unified Threat Management
(UTM) tool.
Your Task:
You have been assigned to research products which will be used
to implement the two Defense Strategies. You will need to
research suitable products and then write a report
recommending a set of products and services which can be used
to implement the selected strategies. Your report will include
summary information and explanations about defense in depth
and the two selected strategies.
Note: You may need to do additional reading and research to
find the information required to support your explanations of
defense in depth and the selected defense strategies. Make sure
that you cite authoritative sources for this information.
Product Research:
1. Products to Implement Defense Strategy #1 (Build a DMZ for
the R&D Center). You must choose one product for each of the
following categories (router, firewall, intrusion detection and
prevention).
1. Business Class Router with WAP and VPN capability (choose
one of the following brands)
3. 0. Linksys
0. CISCO
0. NetGear
0. Other (must get instructor’s approval first)
1. Business Class Firewall (Network Based) (choose one of the
following brands)
1. SonicWall
1. Fortinet
1. Watchguard
1. CISCO
1. Other (must get instructor’s approval first)
1. Intrusion Detection and Prevention System (network based –
not cloud)
2. McAfee
2. Trend Micro
2. Entrust
2. Cisco
2. Other (must get instructor’s approval first)
2. Products to Implement Defense Strategy #2 (Implement
enterprise-wide protection, detection, and prevention
capabilities). These tools or applications will be installed or
used on Sifers-Grayson servers (cloud hosting NOT allowed).
Select one tool in each of the categories listed below. Your
product recommendations must include all of the listed
categories.
a. Application Lifecycle Management (ALM) Tool
b. Identity & Access Management (IAM) Tool
c. Security Information and Event Management (SIEM) OR
Unified Threat Management (UTM)
d. Forensic Image Capture Utility (e.g. FTK Imager, Belkasoft,
Paladin/Sumuri, SIFT)
Note: Make sure that you are using appropriate resources to find
information to support your analysis and product
recommendations. Vendor websites, industry or trade
4. publication websites, and government websites are usually
acceptable sources of information about the defensive strategies
and products you will write about in this assignment.
Write:
1. An
Introduction section which presents the security
strategies being recommended in your report. You should
explain what how these strategies will improve the overall
security posture of Sifers-Grayson.
2. A
Security Strategies section in which you present an
analysis of the defensive security strategies and then provide an
explanation as to how each of the two selected defensive
strategies will improve the security posture for Sifers-Grayson.
Include a comparison of the two primary types of strategies –
layered security and defense in depth. Then, explain how the
selected security strategies use one or both of these approaches.
Use information from Project #1 and the Red Team’s
penetration tests to support your justification for implementing
the selected security strategies.
3. A
Product Evaluations section in which you present and
discuss the technologies and products which will be used to
implement each strategy. You must have a separate sub-section
for each defense in depth strategy. Under each sub-section, you
will name and describe the individual products (i.e. describe
firewalls and then describe your chosen firewall product). Your
presentation of each product should be in the form of a
recommendation to purchase / implement.
4. A Summary Implementation Recommendations section in
which you summarize your product recommendations for
products and technologies to be used in implementation the two
5. defensive security strategies. Be sure to explain the benefits of
implementing the two strategies (e.g. protection, detection,
prevention of incidents caused by attacks).
Submit for Grading
Submit your paper in MS Word format (.docx or .doc file) using
the
Project #2 assignment in your assignment folder.
(Attach the file.)
Additional Information
1. You should NOT use any student written papers as sources
for your research for this paper. Doing so may violate the
university’s Academic Integrity policy and result in an
Academic Dishonesty Allegation and referral to the Office of
Academic Integrity and Accountability for investigation and
adjudication.
2. You will need between 5-8 pages to cover all of the required
content. There is no penalty for writing more than 8 pages but,
clarity and conciseness are valued. If your paper is shorter than
5 pages, you may not have sufficient content to meet the
assignment requirements (see the rubric).
3. As you write your strategy paper, make sure that you address
security issues using standard cybersecurity terminology (e.g.
protection, detection, prevention, “governance,” confidentiality,
integrity, availability, nonrepudiation, assurance, etc.). See the
NICCS Glossary
https://niccs.cisa.gov/cybersecurity-career-
resources/glossary if you need a refresher on acceptable terms
and definitions.
4. You must include a cover page with the assignment title, your
name, and the due date. Your reference list must be on a
separate page at the end of your file.
5. You are expected to write grammatically correct English in