Project: Methodology Development Analysis Assignment Instructions
Overview
This part of the project develops the methodology and begins analysis of the information security solution. The problem statement, project scope, risk analysis, and literature review performed in the Project: Problem Identification Assignment must justify the selection of the elements that require analysis for the final fault-tolerant security solution. For example, if the final solution requires a network security solution, an analysis may begin by evaluating the network architecture diagram in Project: Problem Identification Assignment.
Instructions
Segments of the network must be assessed, such as all local node connections in the LAN (e.g. local processes, local devices, local data storage), as well as other connections to the LAN (e.g. network gateways, WANs, wireless APs, network control resources, network databases, cloud integrations). The environment and architecture must justify the analysis of the coinciding threats. A few of the many network threats you could analyze (but are certainly not limited to) are DDS, session hijacking, parameter modification, server-side includes, addressing errors, message integrity, protocol flaws, reconnaissance, impersonation, wiretapping, malicious active code, connection flooding, man-in-the-middle, spoofing, misdelivery, redirection, and/or other transmission failures. The analysis in the latter example must identify any targets such as confidentiality, integrity, or availability and the coinciding vulnerability such as impersonation, protocol flaw, or misdelivery.
This is just an example given for a network security project and in no way limits the outcomes. The review of literature and detailed analysis of the system or application will determine the primary deliverables. Each requires objective justification for credit.
It is critical to identify the proper targets and vulnerabilities to ensure the final fault tolerant security design includes the appropriate correlated controls. For example, if the target is confidentiality, and the vulnerability is misdelivery, an appropriate control solution to design could be encryption. If the target is availability, and the target is a DNS attack, an appropriate control solution to design could be an intrusion detection system (IDS), access control list, and honeypot.
Current and proper APA formatting is required and must include a title page, proper margins, citations, organization, proper grammar and spelling, and an ending resources page.
At the minimum, this phase of the project must include:
I. Executive summary, introduction, and conclusion
II. Methodology (must be supported by relevant and current research from scholarly, peer-reviewed journals)
a. Approach(es) for the information security analyses and design
i. Organizational security structure
ii. System, computing, network, or application architecture
iii. Security models that will be utilized
b. How the data will be gathered to objectively analyze the solution
i. System evaluation method
c. Limitations of the analysis
i. Security threats and risks inside the scope that need to be addressed
ii. Security threats and risks outside the scope
III. Synthesis review of literature to support analysis decisions
a. Analysis of the proper solution
i. Targets of the attack
ii. Vulnerabilities
iii. Controls
b. Create the appropriate correlated diagrams
c. Detail the results of the analysis
d. NOTE: Required minimum length (8 peer-reviewed sources and at least 7 double-spaced current APA formatted pages) in the grading rubric excludes all systems analysis and design (SAD) diagrams and any other tables and/or graphical elements
IV. Diagram examples in this phase could include but are not limited to:
a. Advanced system and/or network architecture diagrams
b. Use case, activity, class, system sequence, and/or state machine diagrams
c. Fault tree
d. Access control matrix
e. Authentication, traffic, and/or data map
f. Dataflow diagrams (DFD)
g. CPU/Memory/OS buffer, segmenting, address, and/or data bus mappings
h. NOTE: A minimum of 5 diagrams exist that accurately analyze a secure system, network, and/or application solution. Within EACH of the 5 diagrams, a minimum of 10 elements exist that accurately detail analysis of the environment that needs securing (Note, if 10 elements are not necessary in a diagram add diagrams as needed to sufficiently meet this requirement). Each diagram is thoroughly developed based upon existing architecture and/or applications. Each diagram meets the associated technical requirements, programming language, notations, formatting, and modeling rules of the language (e.g. UML), industry standards for the diagram, and/or literature review. Analysis and design diagrams must have an associated industry standard that is widely accepted to be recognized (e.g. UML).
Each diagram must be justified by the literature review. In other words, if the plan secures an object-oriented language such as Java, the Java Virtual Machine must be properly analyzed from the class loader to the applet security manager. Analysis and associated diagrams must parallel the proper notations, formatting, and modeling rules and standards outlined in the prior IT infrastructure and systems analysis and design. These must align with peer-reviewed journal research as well as industry best practices.
Note: Your assignment will be checked for originality via the Turnitin plagiarism tool.
8 peer-reviewed sources exist (can have overlap from Phase 1 if appropriate) and a minimum of 7 double-spaced, current APA-formatted pages, excluding the SAD diagrams, graphics, tables, or any other non-textual components.
