Intro to Infosec – Semester Team Project Complete Solution

Intro to Infosec – Semester Team Project

This is a group project. Refer your assigned project groups.
“Coming together is a beginning.
Staying together is progress.
Working together is success.”
-- Henry Ford, Founder, Ford Motor Company

Case Study: Security Analysis of an Information System
The goal of this project is to perform the analysis of the information and network security
needs of an organization and to provide meaningful advice and consultation for effective
security by doing the following:

1) Inventorying the critical assets (data, networks, equipment, intellectual property, etc.) – should also consider user base, geographical location, cloud based issues, etc.;
2) Developing a threat model that considers the confidentiality, integrity, and availability of those assets;
3) Researching state-of-the-art security controls1 and showing tradeoffs associated with recommended best practices;
a. You must consider technical, administrative, and operational controls
b. You must also consider any compliance issues (e.g., government, industry) to which this organization might be held accountable
4) Applying a return on Investment (ROI) analysis for effective application of those security controls;
5) Advising the client on successful implementation of those controls;
6) Advising the client on the roll up of costs (up front, fixed, and recurring) for those controls;
7) Presenting all of this data in an attractive and well-written PowerPoint presentation with good use of illustrations, graphics, metrics, multimedia (if applicable), etc.
8) Providing the client with a 10-minute summary briefing of your advice. This will be delivered via a video presentation. This can be uploaded to YouTube or another medium.

Note: this presentation should not just be a reading of the PowerPoint slides! Submit your summary briefing video presentation and PowerPoint report on April 17 via Canvas. While team roles can be assigned, everyone ought to contribute to the research, report generation, and briefing. The time rule will be strictly enforced – i.e., video should be no longer than 10 minutes. I encourage you to get started now, and to make best use of online collaboration tools such as your Group discussion board on Canvas, or Google+ Hangouts, and so forth.

1 Your report should include numerous references to cited research materials. I have assigned the following organizations:
1. Team ACL – Sarasota County Sheriff's Office
2. Team BGP – H. Lee Moffitt Cancer Center & Research Institute
3. Team CVE – Voalte (high-tech company developing modern hospital comm systems)
4. Team DOS – Publix Supermarkets
5. Team ESP – School Board of Sarasota County
6. Team FTP – MacDill Air Force Base
7. Team GPO – Comcast Cablevision
8. Team HFS – Amazon.com Ruskin Fulfillment Center

These organizations are meant to present a wide cross-section of business types and data security needs.

You do not need to use actual data from the organization – other than just researching it and trying to determine what you think their needs would be. However, if you wish to do so, you could contact them directly to ask; although, I would think that most would be reluctant to divulge anything without a non-disclosure pact in place, and without consideration of getting anything in return. Perhaps you could offer to give them a copy of your report!

Intro to Infosec – Semester Team Project Complete Solution

In this case the security objectives expected from the system are identified so that the scope of threat modelling process can be understood. This phase is basically realising the importance of the asset and how it can be saved from theft. System Security is of prime essence these days because entire data; personal or profession...

• Intro to Infosec – Semester Team Project Solution.docx 21 KB