ASSIGNMENTS
• From the devices and systems identified in the GFI Corporate Network Topology, conduct a thorough asset inventory, assign monetary values to each asset (quantitative), and assign a priority value for each asset (qualitative) that could be used to determine which assets are most critical for restoral in the event of a catastrophic event or attack. • Evaluate the perimeter security, make a list of access points internal and external (remote), identify vulnerabilities and make suggestions for improvements to perimeter and network security. • Evaluate the remote access infrastructure, identify vulnerabilities and suggest security improvements to mitigate risks to remote access. • Address the COO’s concern over the mobility security and design a secure mobile computing (smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection. • Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and network security to protect data should be implemented. • Evaluate the authentication protocols and methodologies within the wired, wireless, mobility and remote access environments and suggest improvements to secure authentication for GFI. • Evaluate the web system protocols and vulnerabilities within the Intranet server and suggest secure protocol improvements to improve security for web authentication. • Design a cloud computing environment for the company with a secure means of data protection at rest, in motion and in process. • Assess all known vulnerabilities on each asset in this environment and impacts if compromised. • Using the asset inventory and the assigned values (monetary and priority) conduct a quantitative and qualitative risk assessment of the GFI network. • Recommend risk mitigation procedures commensurate with the asset values from your asset inventory. Feel free to redesign the corporate infrastructure and use any combination of technologies to harden the authentication processes and network security measures. • Provide an Executive Summary. • You are welcome to make assumptions for any unknown facts as long as you support your assumptions. • The Title Page, Table of Contents and References page(s) don’t count in your 15 page minimum!!!
Risk Assessment Paper Rubric
You are given a fictional scenario above describing security issues affecting organizational assets. You will identify the risks associated with the assets, and recommend mitigating procedures. You will prepare a quantitative / qualitative risk assessment to address risk factors on organizational assets. Your final paper will be 15–25 pages long in a Word document (double-spaced with 12 point font) with APA citations for the resources you used in your research and will be graded using the following rubric.
Criteria Non-compliant Minimal Compliant Advanced Inventory assets and prioritize them in the order of mission criticality. Did not inventory or prioritize assets in the order of mission criticality. (0) Inventoried assets but did not prioritize them in the order of mission criticality. (3) Inventoried, prioritized assets, but did not address mission objectives in their asset priority. (6) Inventoried, prioritized assets and addressed mission objectives in their asset priority. (10)
Evaluate enterprise topology and perimeter protection.
Did not evaluate enterprise topology and perimeter protection. (0)
Evaluated enterprise topology but did not include perimeter protection measures. (3)
Evaluated enterprise topology, perimeter protection measures, but did not address mission objectives. (6)
Evaluated enterprise topology, perimeter protection measures, and addressed mission objectives. . (10)
Evaluate remote access to the networks.
Did not evaluate remote access protocols and safeguards to the network. (0)
Evaluated remote access protocols but did not address security safeguards to the network. (3)
Evaluated remote access protocols, security safeguards to the network, but did not address mission objectives. (6)
Evaluated remote access protocols, security safeguards to the network, and addressed mission objectives. (10)
Evaluate authentication protocols and methodologies.
Did not evaluate authentication protocols and methodologies. (0)
Evaluated authentication protocols, methodologies but with insufficient data or inadequate description. (3)
Evaluated authentication protocols, methodologies with supporting data and description, but lacks mission objectives. (6)
Evaluated authentication protocols, methodologies with supporting data, description; and addressed mission objectives. (10)
Assign asset values to organization assets for quantitative / qualitative risk assessment.
Did not assign asset values to organization assets for quantitative / qualitative risk assessment. (0)
Assigned asset values to organization assets for quantitative / qualitative risk assessment but incomplete. (3)
Assigned asset values to organization assets in a complete inventory, but did not address mission objectives. (6)
Assigned asset values to organization assets in a complete inventory, and addressed mission objectives. (10)
Assess vulnerabilities on each asset and impacts if compromised.
Did not assess vulnerabilities on each asset and impacts if compromised. (0)
Assessed vulnerabilities on each asset and impacts if compromised; but incomplete. (3)
Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory but did not address mission objectives. (6)
Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory and addressed mission objectives. (10)
Evaluate web access protocols and vulnerabilities and Cloud Computing
Did not evaluate web access protocols and vulnerabilities and Cloud Computing (0)
Evaluated web access protocols and vulnerabilities or Cloud Computing. (3)
Evaluated web access protocols and vulnerabilities and Cloud Computing but did not address mission objectives. (6)
Evaluated web access protocols and vulnerabilities and Cloud Computing and addressed mission objectives. (10)
Criteria Non-compliant Minimal Compliant Advanced Recommend risk mitigation procedures commensurate with asset values. Did not recommended risk mitigation procedures commensurate with asset values. (0) Recommended risk mitigation procedures commensurate with asset values, but incomplete. (3) Recommended risk mitigation procedures commensurate with asset values of complete inventory, but did not address mission objectives. (6) Recommended risk mitigation procedures commensurate with asset values of complete inventory, and addressed mission objectives. (10)
Formulate 15-25 pages of a quantitative or qualitative risk assessment in APA format.
Did not follow proper quantitative or qualitative risk assessment format, and failed to conform to APA format. (0)
Followed proper quantitative or qualitative risk assessment format but did not conform to APA format. (3)
Followed proper quantitative or qualitative risk assessment format and conformed to APA but insufficient reference list and page count. (6)
Followed proper quantitative or qualitative risk assessment format and conformed to APA in a sufficient reference list and page count. (10)
Executive summary of risk assessment.
Did not include an executive summary. (0)
Included an executive summary but lacks details. (3)
Included an executive summary in details, but did not address the mission objectives. (6)
Included an executive summary in details, and addressed mission objectives. (10)