Note: Review the page requirements and formatting instructions for this assignment closely. Graphically depicted solutions, as well as the standardized formatting requirements, do NOT count toward the overall page length.

Imagine you are an Information Systems Security Officer for a medium-sized financial services firm that has operations in four (4) states (Virginia, Florida, Arizona, and California). Due to the highly sensitive data created, stored, and transported by your organization, the CIO is concerned with implementing proper security controls for the LAN-to-WAN domain. Specifically, the CIO is concerned with the following areas:

· Protecting data privacy across the WAN

· Filtering undesirable network traffic from the Internet

· Filtering the traffic to the Internet that does not adhere to the organizational acceptable use policy (AUP) for the Web

· Having a zone that allows access for anonymous users but aggressively controls information exchange with internal resources

· Having an area designed to trap attackers in order to monitor attacker activities

· Allowing a means to monitor network traffic in real time as a means to identify and block unusual activity

· Hiding internal IP addresses

· Allowing operating system and application patch management

The CIO has tasked you with proposing a series of hardware and software controls designed to provide security for the LAN-to-WAN domain. The CIO anticipates receiving both a written report and diagram(s) to support your recommendations.

Write a three to five page paper in which you:

1. Use MS Visio or an open source equivalent to graphically depict a solution for the provided scenario that will:

a. filter undesirable network traffic from the Internet

b. filter Web traffic to the Internet that does not adhere to the organizational AUP for the Web

c. allow for a zone for anonymous users but aggressively controls information exchange with internal resources

d. allow for an area designed to trap attackers in order to monitor attacker activities

e. offer a means to monitor network traffic in real time as a means to identify and block unusual activity

f. hide internal IP addresses

2. Identify the fundamentals of public key infrastructure (PKI).

3. Describe the manner in which your solution will protect the privacy of data transmitted across the WAN.

4. Analyze the requirements necessary to allow for proper operating system and application patch management and describe a solution that would be effective.

5. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Note: The graphically depicted solution is not included in the required page length.

Your assignment must follow these formatting requirements:

· This course requires use of Strayer Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.

· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

· Include charts or diagrams created in Visio or an equivalent such as Dia or OpenOffice. The completed diagrams / charts must be imported into the Word document before the paper is submitted.

The specific course learning outcomes associated with this assignment are:

· Analyze information security systems compliance requirements within the Workstation and LAN Domains.

· Use technology and information resources to research issues in security strategy and policy formation.

· Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

Assignment 4: Designing Compliance within the LAN-to-WAN Domain
Criteria  

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

 

Fair

70-79% C

 

Proficient

80-89% B

 

Exemplary

90-100% A

1. Use MS Visio or an open source equivalent to graphically depict a solution for the provided scenario.

Weight: 30%

Did not submit or incompletely used MS Visio or an open source equivalent to graphically depict a solution for the provided scenario. Insufficiently used MS Visio or an open source equivalent to graphically depict a solution for the provided scenario. Partially used MS Visio or an open source equivalent to graphically depict a solution for the provided scenario. Satisfactorily used MS Visio or an open source equivalent to graphically depict a solution for the provided scenario. Thoroughly used MS Visio or an open source equivalent to graphically depict a solution for the provided scenario.
2. Identify the fundamentals of public key infrastructure (PKI). Weight: 15% Did not submit or incompletelyidentified the fundamentals of public key infrastructure (PKI). Insufficiently identified the fundamentals of public key infrastructure (PKI). Partially identified the fundamentals of public key infrastructure (PKI). Satisfactorily identified the fundamentals of public key infrastructure (PKI). Thoroughly identified the fundamentals of public key infrastructure (PKI).
3. Describe the manner in which your solution will protect the privacy of data transmitted across the WAN.

Weight: 20%

Did not submit or incompletelydescribed the manner in which your solution will protect the privacy of data transmitted across the WAN. Insufficiently described the manner in which your solution will protect the privacy of data transmitted across the WAN. Partially described the manner in which your solution will protect the privacy of data transmitted across the WAN. Satisfactorily described the manner in which your solution will protect the privacy of data transmitted across the WAN. Thoroughly described the manner in which your solution will protect the privacy of data transmitted across the WAN.
4. Analyze the requirements necessary to allow for proper operating system and application patch management and describe a solution that would be effective.

Weight: 20%

Did not submit or incompletelyanalyzed the requirements necessary to allow for proper operating system and application patch management and did not submit or incompletelydescribed a solution that would be effective. Insufficiently analyzed the requirements necessary to allow for proper operating system and application patch management and insufficiently described a solution that would be effective. Partially analyzed the requirements necessary to allow for proper operating system and application patch management and partially described a solution that would be effective. Satisfactorily analyzed the requirements necessary to allow for proper operating system and application patch management and satisfactorily described a solution that would be effective. Thoroughly analyzed the requirements necessary to allow for proper operating system and application patch management and thoroughly described a solution that would be effective.
5. Three references

Weight: 5%

No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than eight errors present Seven to eight errors present Five to six errors present Three to four errors present Zero to two errors present

9 discussions: around 200 words each one

1

“Security Challenges” 

· Distributed applications and cloud computing have become a viable option within the LAN-to-WAN Domain. Discuss the primary challenges related to maintaining the security of both applications and data in such an environment.

· Describe the controls that are needed to ensure the security of distributed applications and data. Identify the auditing approach that you believe is best suited to this arrangement. Provide a rationale for your response.

2

“Remote Access” 

· Remote access via Virtual Private Networks (VPN’s) to corporate resources for the purposes of e-commerce, telework and remote administration is becoming commonplace. From an auditing perspective, suggest two or more controls that should be in place to prevent the loss or theft of confidential information.

· Give your opinion on what you believe are the essential elements of an acceptable use policy for remote access. Elaborate on each item and justify its importance.

3

“Data Center Management” 

· Imagine you are an IT security specialist of a large organization which is opening a new data center. Recommend a minimum of three controls, other than door locks, you would utilize to secure the new data center physically. Support your recommendations.

· Recommend a process to govern obtaining, testing, and distributing patches for operating systems and applications within the new data center. Provide your rationale.

4

DR…What Is It Good for?”  Please respond to the following:

· From the first and second e-Activities, Consider the following scenario: Your employer, a small-business owner, has indicated she believes that rather than planning to recover from a disaster, it makes more sense to simply open a new business and start anew. As a security professional and proponent of disaster recovery, formulate a list of your top five concerns with this statement and explain each. Be sure to indicate how and why you believe these concerns are relevant for a small business. Justify your response.

· Suppose you received pushback from your Board of Directors while trying to explain the necessity of a disaster recovery plan (e.g., due to costs, administrative overheard, etc.). Outline the main points and with a rationale for each that can be used to persuade the Board of Directors into believing that a plan really is necessary.

5

Preparing for Different Disasters”  Please respond to the following:

· Select two disaster scenarios (e.g., large-scale power outage, flood, earthquake, etc.) to compare and contrast, and explain how an implemented DR plan would differentiate when preparing for and dealing with these disasters.

· Explain how the report structure and organization could help the overall recovery efforts in a disaster, and determine whether or not you believe the organization of large plans is a key consideration for plan creators and management. Provide a rationale for your answer.

6

IRS Disaster Recovery Plan (DRP)”  Please respond to the following:

· From the first e-Activity, select one portion of the IRS disaster recovery plan that you found interesting. Explain why this portion was interesting to you, and determine whether or not you believe this portion is critical to the overall contingency planning efforts of the agency. Provide a rationale to support your answer.

· Determine whether or not you believe the IRS DRP would be comparable to that of large enterprises in the private sector (e.g., ConocoPhillips, General Motors, etc.), and explain whether or not you consider this to be the case.

7

Hurricane Sandy DR Adaptation”  Please respond to the following:

· From the second e-Activity, determine whether or not you believe the ability to dynamically adapt to the extreme conditions was crucial for disaster response personnel when faced with the challenges caused by Hurricane Sandy. Use examples to support your answer.

· Explain how dynamic disaster plans can be created and tested. Determine whether or not you think these plans have the ability to be truly dynamic and assist personnel when amidst a disaster situation.

8

BCP versus DRP Revisited”  Please respond to the following:

· Expanding on what you’ve learned since Week 2 when a similar question was posed, explain in your own words the difference between business continuity planning and disaster recovery planning, and where you believe these two processes differ and overlap.

· Take a position on whether BC or DR can survive without the other. Use a real-world example to support your position.

9

BCP by FEMA”  Please respond to the following:

· From the e-Activity, determine what you believe is the most critical component of BCP from FEMA’s implementation / suggestions for the BCP process. Justify your answer.

· Determine whether or not you believe the BCP process would be successful without proper BIA processes being conducted. Explain why or why not. 

Assignment 1: Designing Compliance within the LAN-to-WAN Domain