Overview: Now that the After Action Reports have been analyzed, the consultants

By
Responsive Centered Red Button

Need Help with this Question or something similar to this? We got you! Just fill out the order form (follow the link below), and your paper will be assigned to an expert to help you ASAP.

Order Form

Overview:
Now that the After Action Reports have been analyzed, the
consultants must develop a plan for improving the security posture at
Sifers-Grayson. This will be documented in a Security Strategy Recommendations document.
The security strategy will be based upon multiple layers of policies,
processes, and technologies that, when implemented, will be used to defend the
Information Technology enterprise from both internal and external threats and
attacks.
Note: see https://www.techrepublic.com/blog/it-security/understanding-layered-security-and-defense-in-depth/
for a discussion of the differences between these two security strategies:
layered security and defense-in-depth. You will need this information for the Security
Strategies section of your paper.
Two defensive security strategies have been chosen by the
senior members of the team.
1. Defense Strategy #1: Build a DMZ for the R&D
Center. The DMZ will host servers accessed by the engineers while teleworking
and while reaching back to the R&D center from the test range. The DMZ will
require the following: (a) business class routers, (b) business class
firewalls, and (c) intrusion detection and prevention system.
Demilitarized Zone (DMZ). For
definitions and diagrams see https://www.us-cert.gov/ics/Control_System_Security_DMZ-Definition.html and https://fedvte.usalearning.gov/courses/Security+_v401/course/videos/pdf/Security+_v401_D02_S04_T04_STEP.pdf
2.
Defense Strategy #2:
Implement Enterprise-wide Protective and Detective Measures to defend against
both internal and external attackers. These measures will include (a)
controlling access to software documentation and source code, (b) implementing
enterprise-wide identity management, and (c) implementing either a Security
Information and Event Management (SIEM) tool or a Unified Threat Management
(UTM) tool.
Your Task:
You have been assigned to research products which will be
used to implement the two Defense Strategies. You will need to research
suitable products and then write a report recommending a set of products and
services which can be used to implement the selected strategies. Your report
will include summary information and explanations about defense in depth and
the two selected strategies.
Note: You may need to do additional
reading and research to find the information required to support your
explanations of defense in depth and the selected defense strategies. Make sure
that you cite authoritative sources for this information.
Product Research:
1. Products to Implement Defense
Strategy #1 (Build a DMZ for the R&D Center). You must choose one product
for each of the following categories (router, firewall, intrusion detection and
prevention).
(a)
Business
Class Router with WAP and VPN capability (choose one of the following brands)
a.
Linksys
b.
CISCO
c.
NetGear
d.
Other
(must get instructor’s approval first)
(b)
Business
Class Firewall (Network Based) (choose one of the following brands)
a.
SonicWall
b.
Fortinet
c.
Watchguard
d.
CISCO
e.
Other
(must get instructor’s approval first)
(c)
Intrusion
Detection and Prevention System (network based – not cloud)
a.
McAfee
b.
Trend
Micro
c.
Entrust
d.
Cisco
e.
Other
(must get instructor’s approval first)
2. Products
to Implement Defense Strategy #2 (Implement enterprise-wide protection,
detection, and prevention capabilities). These tools or applications will be
installed or used on Sifers-Grayson servers (cloud hosting NOT allowed). Select
one tool in each of the categories listed below. Your product recommendations
must include all of the listed categories.
a.
Application
Lifecycle Management (ALM) Tool
b.
Identity
& Access Management (IAM) Tool
c.
Security
Information and Event Management (SIEM) OR Unified Threat Management (UTM)
d.
Forensic
Image Capture Utility (e.g. FTK Imager, Belkasoft, Paladin/Sumuri, SIFT)
Note: Make sure that you are using
appropriate resources to find information to support your analysis and product
recommendations. Vendor websites, industry or trade publication websites, and
government websites are usually acceptable sources of information about the
defensive strategies and products you will write about in this assignment.
Write:
1.
An Introduction section which presents the
security strategies being recommended in your report. You should explain what
how these strategies will improve the overall security posture of
Sifers-Grayson.
2.
A Security Strategies section in which
you present an analysis of the defensive security strategies and then provide
an explanation as to how each of the two selected defensive strategies will
improve the security posture for Sifers-Grayson. Include a comparison of the
two primary types of strategies – layered security and defense in depth. Then,
explain how the selected security strategies use one or both of these
approaches. Use information from Project #1 and the Red Team’s penetration
tests to support your justification for implementing the selected security
strategies.
3.
A Product Evaluations section in which
you present and discuss the technologies and products which will be used to
implement each strategy. You must have a separate sub-section for each defense
in depth strategy. Under each sub-section, you will name and describe the
individual products (i.e. describe firewalls and then describe your chosen
firewall product). Your presentation of each product should be in the form of a
recommendation to purchase / implement.
4.
A Summary Implementation Recommendations section
in which you summarize your product recommendations for products and
technologies to be used in implementation the two defensive security strategies.
Be sure to explain the benefits of implementing the two strategies (e.g.
protection, detection, prevention of incidents caused by attacks).
Submit for Grading
Submit your paper
in MS Word format (.docx or .doc file) using the Project #2 assignment in your assignment folder. (Attach the file.)
Additional Information
1.
You should NOT use any student written papers as
sources for your research for this paper. Doing so may violate the university’s
Academic Integrity policy and result in an Academic Dishonesty Allegation and
referral to the Office of Academic Integrity and Accountability for
investigation and adjudication.
2.
You will need between 5-8 pages to cover all of
the required content. There is no penalty for writing more than 8 pages but,
clarity and conciseness are valued. If your paper is shorter than 5 pages, you
may not have sufficient content to meet the assignment requirements (see the
rubric).
3.
As you write your strategy paper, make sure that
you address security issues using standard cybersecurity terminology (e.g.
protection, detection, prevention, “governance,” confidentiality, integrity,
availability, nonrepudiation, assurance, etc.).
See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if
you need a refresher on acceptable terms and definitions.
4.
You must include a cover page with the
assignment title, your name, and the due date. Your reference list must be on a
separate page at the end of your file.
5.
You are expected to write grammatically correct
English in every assignment that you submit for grading. Do not turn in any
work without (a) using spell check, (b) using grammar check, (c) verifying that
your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
6.
You are expected to credit your sources using
in-text citations and reference list entries. Both your citations and your
reference list entries must follow a consistent citation style (APA, MLA,
etc.).
7.
Consult the grading rubric for specific content
and formatting requirements for this assignment.

How to create Testimonial Carousel using Bootstrap5

Clients' Reviews about Our Services