IP 1 (4-5 pages)
Network Concepts (W 1)
Throughout this course, you will be working on several aspects of network security that will result in a complete Network Security Plan Document for an organization of your choosing. Providing security to the organization and protecting valuable corporate assets requires careful planning. The alternative could be disastrous for any organization. A properly designed network security plan provides a methodology for evaluating and protecting the organization’s assets.
You will select an organization and apply your research to the analysis and development of a Network Security Plan document that would be appropriate for the organization and the needs it has for security. Additional information and the deliverables for each Individual Project will be provided in the assignment descriptions each week
The first step will be to select an organization as the target for your Network Security Plan document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:
- Nontrivial: The selected organization should be large enough to allow reasonable exercise of the development of a network security plan.
- Domain Knowledge: You should be familiar enough with the organization to allow focus on the project tasks without significant time required for domain education.
- Accessibility: You should have access to the people and other information related to the organization because this will be an important part of the process.
- Note: The selected organization may already have a security plan in place and may still be used as the basis for the projects in this course.
- Note: The selected organization must have a need for network security as part of its operations. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of the organization selection.
Select an existing organization, or identify a hypothetical organization that fits these requirements.
- Overview of Network and Existing Security (Week 1)
- Select an organization as the target for the analysis and plan that will be created.
- Provide an overview of the existing network architecture, including the following:
- Description of the network
- The topology
- Protocols allowed
- Connectivity methods
- Network equipment
- Number of routers, switches, and any other network equipment, such as VPN concentrators, proxies, etc.
- A summary of the current security devices in use on the network
- List the type of device, the vendor, and provide a brief description of how the device is used.
IP 2 (6 pages)
Risk Analysis of the Network (W2)
When it comes to IT security, you must do more than follow the examples of other companies, regardless of how successful they are. No two organizations will encounter exactly the same problems. The best approach to providing the best level of security is to conduct a risk assessment of your organization, identify what your assets are, what your threats are, and what the probability of the threats occurring may be. This analysis will allow you to create the network defense plan that is uniquely tailored to your organization and situation.
- Conduct an inventory of devices within the chosen organization’s network using appropriate tools.
- Provide a summary of the number of desktops, laptops, network printers, and servers.
- Identify key assets.
- Assets also include records and sensitive information that requires special protection.
- Prioritize each asset or group of assets, and assign a value to each.
- Create a subsection that will identify and describe the risks within the environment.
- Do not forget natural disasters.
- Include the likelihood that the risk could occur.
- Provide a list of the tools and methodology that you used to conduct the risk assessment.
IP 3 (4+ pages)
Once the risks in an organization have been identified, you must devise a plan that will provide the best possible protection without significantly impacting daily operations.
For this assignment you will write the Security Architecture section of 4–5 pages of the Network Security Plan document, which will provide an action plan to mitigate the risks identified during the Risk Assessment and their analysis. Appropriate research should be conducted to support the development of your document, and assumptions may be made when necessary.
Security Architecture Section
- Identify and select appropriate technologies to protect against the risks that were identified, and provide an explanation as to why the technology was chosen.
- Describe where you plan to place these technologies within the network and why.
- The plan should cover all layers of the OSI model.
- Identify additional software that will be required to monitor the network and protect key assets.
- Identify any security controls that need to be implemented to assist in mitigating risks.
- Mitigate all of the risks that were identified during the assessment phase.
IP 4 (5 pages)
The Network Security Policy (w4)
For this assignment, you will create 2 additional sections for the Network Security Plan document.
First, you will create a 2–3-page section in the plan to list all of the policies that you would have for your organization and a brief description of what each policy will contain. After the risks have been identified within an organization, you must devise a plan that will provide the best possible protection without significantly impacting daily operations. Then, you must write and implement written policies that will inform everyone within the organization what can and cannot be done while they are connected to the Internet. Written polices need to adhere to the following guidelines:
- No more than 2 pages
- Clearly identified rules
- Clearly identified punishments if rules are not followed.
- A way to monitor the network for violations of the policy.
The following are the first task’s deliverables:
- Update previous sections based upon your peers’ and instructor’s feedback
- Update the table of contents.
- Update date on the cover page.
Security Policies Section
- Identify what written polices need to be created for your organization.
- For each policy, you will address how you plan to monitor the policy.
- For each policy, you will provide what you feel the appropriate punishment should be for violators. These punishments must be able to be enforceable, not just a threat.
- For each policy, you will identify a timetable for when each policy should be reviewed and updated and who will do the review.
The second task this week is to prepare for how you would handle an incident. It is best to have a thorough, rehearsed plan to be prepared for a potential incident. This will help to limit the damage and it will help recovery afterward. You will create an Incident Response section of 2–3 pages that includes the actions that need to occur when an incident is in progress.
The following are the second task’s deliverables:
Incident Response Section
- Identify the process of how your organization will identify an incident.
- Identify the process for classifying the incident.
- What are the criteria for each classification within the organization?
- Identify what the response will be for each classification identified.
- Identify a general plan to recover from the incident.
- Identify a process for evaluating the incident response plan after each incident has been mitigated.
IP 5 (4-5 pages)
The Security Plan (W5)
This part is about developing the network security plan is to define how the plan that you have developed will be implemented within the organization. Implementing security controls and adding security devices can be a complex process that will affect every aspect of the organization. A detailed plan that phases in controls and new devices—and has a backup plan for any problems—will greatly increase the success rate of implementing a network security plan.
- For this assignment, you will add a detailed implementation plan of 4–5 pages, which will describe your proposed solution for the implementation of a network security plan in your organization.
deliverables are the following:
- Implementation Plan
- Develop a plan to implement the security controls and policies that you identified in previous sections.
- Develop a plan to implement new security devices and modify existing security devices that are required to monitor the network and the polices that were created or updated.
- Describe how these controls, policies, and security devices have addressed the key security areas of confidentiality, integrity, authentication, authorization, and nonrepudiation cryptographic services.
- Network Security Plan
- Revise the entire document, and make any necessary changes and improvements.
- Ensure that the final version is sufficiently detailed to allow the organization to confidently move forward with the implementation of the security controls and devices based upon your recommendations.