Project: Methodology Development Analysis Assignment Instructions

Overview

This part of the project develops the methodology and begins analysis of the information security solution. The problem statement, project scope, risk analysis, and literature review performed in the Project: Problem Identification Assignment must justify the selection of the elements that require analysis for the final fault-tolerant security solution. For example, if the final solution requires a network security solution, an analysis may begin by evaluating the network architecture diagram in Project: Problem Identification Assignment.

Instructions

Segments of the network must be assessed, such as all local node connections in the LAN (e.g. local processes, local devices, local data storage), as well as other connections to the LAN (e.g. network gateways, WANs, wireless APs, network control resources, network databases, cloud integrations). The environment and architecture must justify the analysis of the coinciding threats. A few of the many network threats you could analyze (but are certainly not limited to) are DDS, session hijacking, parameter modification, server-side includes, addressing errors, message integrity, protocol flaws, reconnaissance, impersonation, wiretapping, malicious active code, connection flooding, man-in-the-middle, spoofing, misdelivery, redirection, and/or other transmission failures. The analysis in the latter example must identify any targets such as confidentiality, integrity, or availability and the coinciding vulnerability such as impersonation, protocol flaw, or misdelivery.

This is just an example given for a network security project and in no way limits the outcomes. The review of literature and detailed analysis of the system or application will determine the primary deliverables. Each requires objective justification for credit.

It is critical to identify the proper targets and vulnerabilities to ensure the final fault tolerant security design includes the appropriate correlated controls. For example, if the target is confidentiality, and the vulnerability is misdelivery, an appropriate control solution to design could be encryption. If the target is availability, and the target is a DNS attack, an appropriate control solution to design could be an intrusion detection system (IDS), access control list, and honeypot.

Current and proper APA formatting is required and must include a title page, proper margins, citations, organization, proper grammar and spelling, and an ending resources page.

At the minimum, this phase of the project must include:

I. Executive summary, introduction, and conclusion

II. Methodology (must be supported by relevant and current research from scholarly, peer-reviewed journals)

a. Approach(es) for the information security analyses and design

i. Organizational security structure

ii. System, computing, network, or application architecture

iii. Security models that will be utilized

b. How the data will be gathered to objectively analyze the solution

i. System evaluation method

c. Limitations of the analysis

i. Security threats and risks inside the scope that need to be addressed

ii. Security threats and risks outside the scope

III. Synthesis review of literature to support analysis decisions

a. Analysis of the proper solution

i. Targets of the attack

ii. Vulnerabilities

iii. Controls

b. Create the appropriate correlated diagrams

c. Detail the results of the analysis

d. NOTE: Required minimum length (8 peer-reviewed sources and at least 7 double-spaced current APA formatted pages) in the grading rubric excludes all systems analysis and design (SAD) diagrams and any other tables and/or graphical elements

IV. Diagram examples in this phase could include but are not limited to:

a. Advanced system and/or network architecture diagrams

b. Use case, activity, class, system sequence, and/or state machine diagrams

c. Fault tree

d. Access control matrix

e. Authentication, traffic, and/or data map

f. Dataflow diagrams (DFD)

g. CPU/Memory/OS buffer, segmenting, address, and/or data bus mappings

h. NOTE: A minimum of 5 diagrams exist that accurately analyze a secure system, network, and/or application solution. Within EACH of the 5 diagrams, a minimum of 10 elements exist that accurately detail analysis of the environment that needs securing (Note, if 10 elements are not necessary in a diagram add diagrams as needed to sufficiently meet this requirement). Each diagram is thoroughly developed based upon existing architecture and/or applications. Each diagram meets the associated technical requirements, programming language, notations, formatting, and modeling rules of the language (e.g. UML), industry standards for the diagram, and/or literature review. Analysis and design diagrams must have an associated industry standard that is widely accepted to be recognized (e.g. UML).

Each diagram must be justified by the literature review. In other words, if the plan secures an object-oriented language such as Java, the Java Virtual Machine must be properly analyzed from the class loader to the applet security manager. Analysis and associated diagrams must parallel the proper notations, formatting, and modeling rules and standards outlined in the prior IT infrastructure and systems analysis and design. These must align with peer-reviewed journal research as well as industry best practices.

Note: Your assignment will be checked for originality via the Turnitin plagiarism tool.

8 peer-reviewed sources exist (can have overlap from Phase 1 if appropriate) and a minimum of 7 double-spaced, current APA-formatted pages, excluding the SAD diagrams, graphics, tables, or any other non-textual components.

 Do research on one-or-two large software systems that were implemented successfully and on one-or-two large software systems that failed in their implementation. Write at least a 3-page Word document, double-spaced, detailing each system.

 Your paper should include a number of topic sections. Using the concept of A.D.D.I.E., create a section to discuss the A.-Analysis that went into the system, a section to discuss the D.-Design of the system, a section to discuss the D.-Development of the system, a section to discuss the I.- Implementation of the system (successful or failed) and a section to discuss the E.-Evaluation of the system (successful or failed). Provide the following: 

1. An Introduction paragraph describing the assignment and a short description of the systems selected. 2. A section that describes the first Software System (with an appropriate section Heading) and a description of that Software System to include: 

a. What is its purpose? 

b. What operations it performs? 

c. What are its inputs (resources, interfaces, when used)? 

d. What are its outputs (interfaces, data)? 

e. The system’s complexity/cost/feasibility. 

f. Any constraints or risks found during the research. 

3. Sections with details for each component of A.D.D.I.E. (with an appropriate section Heading) to include: 

a. Success or failures identified. 

b. Issues or findings identified. 

c. Recommendations or lessons learned. 

Your paper should then conclude with a Findings section the compares the two systems. Provide the following: 

1. What made one system successful but make the other system fail. 

2. What could have been done to make the failed system more successful. 

3. What could have been done to make the successful system even more successful. 

You must include at least 3 scholarly references with citations.  

The organizational analysis will utilize a minimum of five external, peer-reviewed academic sources and contain the following sections:

Organizational Ethical Analysis

This is your introduction. Write 100-150 word introductions to ethical analysis here. 

What is the organization and how would you describe it?

Write 200-250 words minimum with 2-3 paragraphs. Describe your chosen organization, what type of product or service the organization offers. When it was formed and how the organization was started.  

Who are the leaders of the organization? Write 200-250 words minimum with 2-3 paragraphs. Describe leadership at your chosen organization. Address the leadership board or executives at the organization. Discuss the organizational structure and any information regarding change in leadership.  An organizational chart if available can be shown in this section. But you have to analysis the leadership and do not just list bulletins. 

Is the organization successful? Write 200-250 words minimum with 2-3 paragraphs. Describe and discuss if the organization is successful or not successful. Why makes this organization successful or not successful. Critical analysis and thinking from your own perceptive of the organization and its success or failure should be addressed in this section. 

How do you determine whether an organization is ethical or not? Write 200-250 words minimum with 2-3 paragraphs. From your own perspective and point of view discuss how to determine if the organization is ethical or not ethical. Discuss any unethical occurrences such as fraud and failure of leadership here. Use what you have learned so far in class to address how to determine if organization is ethical or not ethical. 

Based on your assessment and research, is the organization ethical? Write 200-250 words minimum with 2-3 paragraphs. Write your assessment if the chosen organization is ethical or not ethical? Use your research and analysis to answer this question. Why do you think that the actions outlined are considered as ethical or not ethical?  

What would you change about the organization to make it better, without sacrificing ethical standards?

Write 200-250 words minimum with 2-3 paragraphs. Address any organizational or leadership changes that you would recommend making the organization ethical or not ethical. Do you think that an ethics department or ethics manager might be needed to oversee ethics at the organization?  Address any and all changes that you think are needed to standardize ethics and enforce ethics at the organization.

Conclusion

Write 100-150 words minimum to summarize your paper and close this organizational ethical analysis.

Analyze the advantages and disadvantages of digital signatures.

500 words with APA format needed along with references.