Exec Propasal 5-7 page
Summer 2019 - CMIT 321 Executive Proposal Project
Overview
The purpose of this project is to evaluate the student’s ability to research and evaluate security testing software and present a proposal for review by executive team members. By completing the document, the student will also gain practical knowledge of the security evaluation documentation and proposal writing process. The project will enable the student to identify and understand the required standards in practice, as well as the details that should be covered within a proposal.
***********************************************************
Professors Note
Note . For this project, I am disallowing Nessus for this project. This will bring your similarity report down. Reasoning -nearly every student in the last 3 semesters I have taught, chooses this tool as one of the two. This class has multiple other items that can be researched and expounded upon to reduce the attack surface for this company. I want you guys to learn about other tools other than just the “easy” ones. Do not research Nessus for this project, no points will be earned.
***********************************************************
Project Deliverable
· Using the Case Study presented in this document, to complete an executive proposal.
· Provide a five to seven-page proposal summarizing purpose and benefit of two chosen security software to the executive management team.
· The student will evaluate and test two different security testing software for purposes of testing corporate network security. The purpose of the software is to measure the security posture of the organization by identifying vulnerabilities and help prevent future attacks and deter any real-time unknown threats. This should lessen the attack surface for the corporation.
· This is software, not software suite. Such as McAfee HBSS, or something similar. Do not chose a software suite, chose two different software items to research to reduce the attack surface.
· The proposal should effectively describe the software in a manner that will allow the executive team members to understand the purpose and benefits of the software to approve purchase.
Paper Guidelines
· Remember, Executive Proposal is 25% of your overall grade -start early, ask questions.
· The paper has a title, author, course, and section on the first page. The title is centered, three inches from top of the page. The title must be centered in all caps. The title must identify the assignment and the student's title for their work. The author's name must center on the line below the title. The course and followed by the Professors name. The Table of Contents should be next, followed by the body and then the reference pages.
· Body of the paper (e.g. not the Title Page, TOC, or Reference page) count towards page count .
· The body of the paper must be a full five to seven pages. In the body of the paper:
· Images should be very limited and proper APA format or cited per APA in Appendix
· Short summarization / rehash of issue is fine but looking for content on the tools / analysis for the paper
· Pages of the Body of the paper must be numbered at the bottom
· Text must be in Times or Times New Roman font, 11pt, double space. Points will be deducted for additional spacing/unnecessary spacing (it has been tried, especially the extra carriage returns).
· Evaluate and select two security tools for recommendation that you learned about in the iLabs modules or the EC-Council text books.
· Note: This is not a software suite, but two different security testing software items . E.g. not HBSS, not Kali Linux, etc.
· At seven authoritative/scholarly sources minimum, outside references are required (anonymous authors, Wikipedia, or web pages are not acceptable). Remember what is defined for scholarly sources
· Appropriate citations are required. See the syllabus regarding plagiarism policies.
· It must conform properly to all APA standards. See "Writing Resources" in the online classroom where you'll find help on writing for research projects
· This will be graded on quality of research topic, quality of paper information, use of citations, grammar and sentence structure, and creativity.
· Original Papers are to be submitted to Assignment Folder in word document format, not pdf, etc
· Turnitin papers must ALSO be turned in, and must NOT be greater than 15% similarity . You will be given great length of time to work on this paper, so you can continue to tweak it and work on reducing the similarity amount -higher will result in points lost. (I have had students with 2% similarity reports).
Project Description
The purpose of project is to write an executive proposal for a fictitious company called Ybor Health Centre. The goal of the proposal is to persuade the executive management team to approve purchase of security testing software that can benefit the company’s corporate network security by testing and identifying vulnerabilities before they are exploited by hackers. The proposal must include a detailed description of the software, its purpose and benefits.
Suggested Approach
(HIGHLY RECOMMEND USING SEVERAL FOR EACH TOOL OF THE 1 – 6 APPROACHES BELOW)
1. Research the security testing software tools that you practiced using in the EC-Council iLabs or from the textbook.
2. Determine whether the tools would be beneficial in testing the security of a corporate network.
3. Use the vendor’s website to collect necessary information about the tools to be able to explain its purpose and benefit.
4. Include 3rd party endorsements and case studies about the tools
5. Do some further analysis/research/supporting evidence on Google Scholar or within the UMUC Library about the selected tool
6. Integrate the information from your own experience with the tool into your proposal. This may include results from the iLab exercises or your own test lab.
Company Description
Ybor Health Centre
Ybor Health Centre is a startup medical research and development company. After five years of extraordinary success in the development of innovative medical and pharmaceutical products, Ybor Health Centre is on its way to becoming a major player in the medical research and development industry. However, due to its success, Ybor Health Centre has also become a major target of cybercriminals. Ybor Health Centre has been the victim of cybercriminal attempts to steal intellectual property and sell it to Ybor Health Centre’ competitors. It is suspected that the corporate network has been infiltrated from unauthorized sources more than once. In 2014, Ybor Health Centre was falsely accused of unethical research and development practices. The false allegations resulted in the defacement of Ybor Health Centre’ public website and several Denial of Service attacks at different times over a 9-month period that brought the corporate network to its knees. These attacks had a major impact on Ybor Health Centre’ ability to conduct business and resulted in undesirable publicity for the company.
Regardless of its security problems, Ybor Health Centre has continued to grow as a company. Its research and development departments have grown over the years, due to the expansion of the company, in proportion to the increase in its business making up over 40% of the human resources. Ybor Health Centre’ innovative research and development information is paramount to its continued success as a company. Although, no known attacks have occurred in last 18 months, the security of its network and intellectual property is still a major concern for the company. Because Ybor Health Centre is a still fairly young company, management has been hesitant to budget for expensive security projects. However, this point of view is beginning to change. Particularly, because one of Ybor Health Centres’ competitors, a major player in the medical research and development industry for over 40 years, experienced a loss of hundreds of millions of dollars in research data that was stolen from its corporate network by cyber thieves.
Background and your role
You are the IT Manager hired in 2018 to manage the physical and operational security of Ybor Health Centre’ corporate information system. You understand information security issues better than anyone else in the company. You also know that the network is vulnerable to outside threats because it has experienced attacks in the past and because you haven’t had the resources to properly test the corporate information system to identify the vulnerabilities that might exist and take action prevent possible attacks. You have a responsibility to bring these concerns to the attention of the executive team and ask for approval to purchase the necessary testing software.
Your education and training have introduced you to variety of security tools for testing computer and network security. The majority of these tools you either only read about or have practiced using in lab environment. You have decided to research some of these tools and test them out in your own lab environment and choose two for recommendation to executive team (not suite of tools, individual tools).
You will need to present information that proves the chosen tools will be beneficial to the security of corporate information system. To accomplish this, you will need to research the products, if possible, test the products in a virtual lab environment. If the tools are part of your iLab exercise, it is recommended that you practice using and testing the tools beyond the scope of the lab exercise. Based on your research and analysis, you will include this information in your proposal in way that the executive staff can understand and allowing them to make an informed decision to approve purchase of the product.
The executive management team of Ybor Health Centre:
The proposal should include:
· Detailed description of the software and benefits.
· Include reviews, case studies and customer recommendations
· Include your own hands-on experience with the tool and test results
· Cost of product. Include additional costs such as training or hardware software that might be needed in order to properly deploy manage and maintain the software.
· How will the software impact the production environment? For example, the software may test for Denial of Service attacks. You need to explain any interruptions the test may have on business operations. You need to justify the need for such a test. Also explain how to you plan to minimize or prevent possible production outages.
The software should test for one or more of the following types of attacks:
· Denial of Service (DoS)
· Cross Site Scripting (XSS)
· Authentication Bypass
· Directory Traversal
· Session Management
· SQL injection
· Database Attacks
· Password Attacks
· Firewall/Router Attacks
· Operating System Attacks
Corporate Office Network Topology
The Ybor Health Centre main research and development facility is located in South Tampa Research Facility. You have concerns about the sensitive information that is stored at this location as well as data that transmitted over the WAN to Ybor Health Centre’ Clearwater Beach headquarters location, business partners and clients. The South Tampa Research Facility is also where the Ybor Health Centre data center is located. The data center is where Ybor Health Centre’ public website, email, databases and corporate intranet are hosted. The environment contains a mix of Microsoft and *NIX technologies.
· 45 Windows 2016 Servers
· 13 Windows 2012 Servers
· 15 UNIX Servers
· 2200 Windows 10 Desktops
· Web Servers: Apache and IIS
· Services: FTP, SMTP, DNS, DHCP, VPN
· Database: SQL, Oracle and MySQL
· Network: Cisco Routers and Firewalls
Grading Rubrics
|
Final Deliverable |
|||
|
Category |
Points |
% |
Description |
|
Software Research |
35 |
35% |
Accurate Completion of Software Research |
|
Software Analysis |
35 |
35% |
Accurate Completion of Software Analysis, Provide proposal for purchase, costs |
|
Organization / Citing |
20 |
20% |
Appropriate APA citations/referenced sources and formats of characters/content. |
|
Writing |
10 |
10% |
Writing style, grammar, spelling, punctuation, errors. |
CEO
Morgan Freeman
Vice President
Julie Benz
CFO
Martha Higareda
CCO
Ingrid Bergman
CIO
R. McLaurin Williams
Exec. Assistant
James B. M. Purefoy
20190702