Compensating Controls for Insecure SCADA Protocols

A.  Describe the security problem under investigation.

1.   Explain the importance of the security problem, including background  information and the environment in which the problem exists.

2.   Provide documentation related to the security problem demonstrating  the need for a solution, referencing applicable white papers or  articles.

3.  Summarize each  root cause of the problem in the identified environment where the  security problem is situated, including supporting evidence, if  applicable.

B.  Summarize each internal and external project stakeholder role by including each of the following:

•   individual stakeholder implementation involvement and associated individual needs

•   how the security problem affects the stakeholder

•   stakeholder influence on the projects’ objectives and outcomes

C.   Describe the historical data used to support decision-making  throughout the project (e.g., vulnerability scans, penetration testing,  testing or validation scenarios, audit results, etc.).

D.  Provide a detailed explanation of the project requirements to implement the solution.

1.  Describe the industry-standard methodologies guiding the solution’s design and development.

2.  Describe the project launch, including all phases  of the rollout, the criteria used to determine the conclusion of  implementation, and the project management methodology for  implementation.

3.  Describe the likelihood of all implementation risks and their impact on the project.

E.  Describe the training approach, including the audience, delivery, content, and duration.

F.  Describe the required resources necessary to execute each project phase, and provide sources for all costs.

G.  Describe all final project deliverables associated with the design and development of the technology solution.

1.  Estimate the projected timeline, including each of the following:

•   each milestone and its duration

•   start and end dates

•   resources assigned to each task

H.  Detail the project evaluation approach that will be used to assess the project, addressing the following:

1.  Describe the formative and summative test plans for the solution, including all required procedures and tools.

2.   Describe the minimal acceptance criteria and key performance  indicators for project acceptance as they align with your formative and  summative test plans.

3.  Justify the test cases and scenarios in the environment of the security problem being addressed.

4.  Explain how you will analyze your results.

I.  Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.