Computer Security and Information Assurance

Final Project Description

As a newly hired security consultant at the Couple of Amazing Widgets (CAW) firm. The CAW firm puts a lot of stock in your quality of work, so pretty much whatever you recommend, they’re going to implement. You don’t want to let CAW firm down!

As you may have guessed, the CAW produces widgets. They have two main lines of business: 1) the Standard widgets division and 2) the up-n-coming widgets division. The former division “pays the bills” for the company, but the latter division focuses on the widgets that will make CAW competitive in the future. CAW investors are very interested in the company’s long-term profitability, so they know they need to invest in the security of the entire company, not just a single division. CAW knows they need to keep all their widget networks secure, but they are especially concerned about insiders working in their up-n-coming widgets division.

In addition to potential insiders, CAW knows that the Makers of Crazy Widgets (MCW) firm, CAW’s biggest competitor, will stop at nothing to find out what CAW’s up-n-coming division is working on.

CAW has hired you to write a report of recommendations that they can implement in order to mitigate the insider threat concern, the MCW concern, and any other issues that CAW should be considering. Remember, CAW makes widgets, they’re not security experts like you, so there may be things CAW should be concerned about but they don’t even know they should be concerned!

Lastly, it turns out the widget production business is pretty much booming right now. Even though it is a small company (about 20 employees total; 7 of whom work in the up-n-coming division) CAW is willing to spend $1,000,000 the first year on your security recommendations. This amount does not include the cost of your consultancy. After the first year, CAW expects to be able to throw about $500k/year at IT security, but that figure has to pay for any additional folks that are needed to implement the security. People cost CAW about $100k/year.

Note: I appreciate that a million bucks is a little bit arbitrary; CSCI 3640 isn’t “The price is right” and you are not all appraisers of goods and services, I got it. I’m giving you some cap so that you know there is a cap….i.e. I don’t want you to recommend security practices that would cost millions of dollars a year to implement, dwarf the existing CAW workforce, etc.

1) Report should be professional and scholarly, with all references in APA format

2) You need to address at a minimum

a) CAW’s concerns about their insider threat issue in the up-n-coming division

b) the MCW corporate espionage issue

c) any additional issues that CAW hasn’t considered;

3) CAW needs the report to be holistic, but CAW also needs to focus on making widgets, so the report can’t be too long. Something between 1000 and 1500 words should do the trick. This word-count is for your narrative only; references, quotation, title page formatting, etc. don’t count in the 1000-1500 number. Any less than 1000 and CAW will dock your pay….more than 1500, CAW might lose interest.

Rubric

Gradable item

Addressed insider issue

Addressed MCW issue

Addressed additional concerns

Sufficiently used information from the class in the CAW solution

Followed instructions such as page length, APA, clearly expressed viewpoints, etc. Note that I’m a stickler about page length, if your paper is insufficient in length I’ll deduct points here, as well as in the other sections. If you have any questions about this you can ask me, but the best thing to do is just make sure you use the minimum number of words. ;)