Best writers. Best papers. Let professionals take care of your academic papers

Order a similar paper and get 15% discount on your first order with us
Use the following coupon "FIRST15"
ORDER NOW

IT 380: Final Project Guidelines and Rubric Overview The final project for this course is the creation of a risk assessment and mitigation strategy…

/in /by

IT 380: Final Project Guidelines and Rubric

Overview

The final project for this course is the creation of a risk assessment and mitigation strategy for a fictional airport that includes four distinct organizations. Based on a provided scenario, you will develop a report for the management team that includes personnel recommendations for IT team members, a comprehensive assessment of IT security risks, and suggested strategies and approaches for minimizing the identified risks.

The project includes two milestones, submitted in Modules Three and Five. The final project is submitted in Module Seven.

Prompt

The Scenario:You have been hired as a consultant to conduct a comprehensive risk assessment and provide a risk assessment and mitigation report for an airport.

The airport has four different organizations:

  1. Airport authority
  2. Four flight service providers (four airlines)
  3. Airport restaurant
  4. Guests

The airport authority maintains a system that handles the flight management controls. This system is made up of a database server, an application server, and a web server.

The four flight service providers have only back-end access to their own dedicated server in the airport authority network and not to any other provider’s back-end systems. Each flight service provider has a system made up of a database server, an application server, and a web server that allows patrons to reserve and purchase tickets.

The restaurant provides food for both airport employees as well as travelers. The restaurant’s systems are used to maintain customer transactions, human resource functions (payroll and benefits information), and vendor ordering.

Guest users have wireless access to a high-speed internet connection, which is also shared among all the users in all organizations.

The wireless access uses a common password. Guest users should not have access to the other organizations within the airport. The users obtain IP addresses automatically. The airport authority has 27 users, and the flight service providers have 85 users. The maximum number of guests is estimated to be 100.

Software updates that address security vulnerabilities are assessed by the airport security team. The team verifies whether the vulnerability is applicable to their environment. If it is, they analyze the circumstances under which vulnerabilities could be exploited and the possible business impact on organizational assets and business continuity.

After the evaluations are complete, the security team works with the configuration management administrator to manage software updates. The administrator reviews the security team’s list of critical security updates and runs a report to see how many computers on the network are potentially vulnerable to the exploit addressed in the security update.

The organization has a content-filtering firewall in place; however, there are currently no filtering rules. There has been some discussion in the past to mitigate this, but the organization is looking for recommendations on how this should be configured.

Critical Elements: Your 8- to 10-page risk assessment and mitigation strategy must include the following critical elements:

  1. Team Information
  2. Identification of all stakeholders.
  3. Job Description. Create a job description for the chief security officer the airport plans to hire. Include desired qualifications and experiences, as well as responsibilities and daily tasks.
  4. Security Certification Recommendations. Recommend certifications for the current IT staff. Provide a brief rational for your recommendations.
  1. Risk Assessment

As part of your risk assessment, based on the provided scenario information, include an analysis of the security risks in the areas listed below.

  1. Security and Business Processes. Summarize the impact of confidentiality, integrity, availability, and privacy on business processes.
  2. Legal, Regulatory, Ethical, and Social Issues. Discuss key ethical, social, and legal issues related to IT security. Identify at least three laws or regulations that pertain to the organization.
  3. Viruses and Malicious Software. Identify how the organization detects, controls, and prevents viruses and other malicious software.
  4. Web Server Security Strategies. Assess the usage of browsers, cryptographic posture, and server and protocol securities such as IPsec, SSL, and VPN.
  5. External Threats. Analyze necessary firewalls, intrusion detection, and intrusion prevention systems.

The results of the risk assessment will guide the development of the company’s risk mitigation strategy.

  1. Mitigation Strategy

As a result of the items identified in the risk assessment, develop a mitigation strategy that addresses the security risks outlined in the risk assessment. As part of your strategy, address the following:

  1. Employee Guidelines. Develop guidelines to share with employees. The guidelines should summarize the proposed approach to confidentiality, integrity, availability, and privacy.
  2. Legal, Regulatory, Ethical, and Social Issues. Provide a detailed explanation of how the IT department will mitigate identified ethical, social, or legal issues. Be sure to address legal or regulatory gaps.
  3. Viruses and Malicious Software. Describe new approaches for the detection, control, and prevention of viruses and other malicious software.
  4. Web Server Security Strategies. Detail necessary changes to the websites, browser settings, and remote access.
  5. External Threats. Develop a comprehensive plan to address risks from external threats.
  1. References

Your paper should include a reference page in APA format with 8 to 10 sources that extend on the information presented in Security Pro. References should include professional journals and publications.

Milestones

Milestone One: Initial Security Planning Report

In task 3-3, you will submit the initial security planning report that provides an initial foundation for your final risk assessment and mitigation strategy. This milestone will be graded with the Milestone One Rubric.

Milestone Two: Draft of Risk Assessment and Mitigation Strategy

In task 5-3, you will submit a risk assessment and mitigation strategy draft that includes the critical elements for the final report. Although there is no rubric specific to the grading of this milestone, points and feedback will reflect the elements included in the Final Project Rubric (below).

Final Project Submission: Risk Assessment and Mitigation Strategy

In task 7-3, you will submit your final risk assessment and mitigation strategy for the provided scenario. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This will be graded with the Final Project Rubric (below).

Final Project Rubric

Format: Written components of projects must follow these formatting guidelines when applicable: double spacing, 12-point Times New Roman font, one-inch margins, and citations in APA format. The report should be 8–10 pages in length, not including cover page and resources.

Instructor feedback: Students can find their feedback in the Grade Center.

Critical Elements Exemplary Proficient Needs Improvement Not Evident Value
Team Information: Identification of All Stockholders Provides an accurate identification of the key stakeholders and explains the vested interest of each stakeholder (5) Provides an accurate identification of the key stakeholders     (4.25) Identifies the key stakeholders but lacks specific details or some stakeholders are misidentified     (2.75) Does not identify stakeholders         (0) 5
Team Information: Job Description Provides a complete and accurate job description for the chief security officer position that is tailored to the specific needs of the company (5) Provides an accurate job description for the chief security officer position that includes all required elements   (4.25) Provides a job description for the chief security officer position, but some elements are missing or lack specificity   (2.75) Does not provide a job description for the chief security officer position     (0) 5
Team Information: Security Certification Recommendations Recommends appropriate security certifications for airport IT staff and provides a thorough explanation for the recommendations, exploring the pros and cons of alternate certifications (6) Recommends appropriate security certifications for airport IT staff and provides an accurate explanation for the recommendations     (5.1) Recommends appropriate security certifications for airport IT staff but does not provide an accurate or complete explanation for the recommendations   (3.3) Does not recommend appropriate security certifications for airport IT staff         (0) 6
Risk Assessment: Security and Business Processes Provides a thorough, detailed assessment of the risks related to security and business processes (8) Provides an accurate assessment of the risks related to security and businesses processes   (6.8) Provides a cursory or incomplete assessment of the risks related to security and business processes (4.4) Does not provide an assessment of the risks related to security and business processes   (0) 8
Risk Assessment: Legal, Regulatory, Ethical, and Social Issues Provides an accurate description of the key legal, regulatory, ethical, and social issues related to IT security and supports ideas by citing specific laws (6) Provides an accurate description of the key legal, regulatory, ethical, and social issues related to IT security   (5.1) Includes the key legal, regulatory, ethical, and social issues related to IT security but lacks specific details   (3.3) Does not include the key legal, regulatory, ethical, and social issues related to IT security     (0) 6
Risk Assessment: Viruses and Malicious Software Provides a thorough, detailed assessment of the risks related to viruses and malicious software (6) Provides an accurate assessment of the risks related to viruses and malicious software   (5.1) Provides a cursory or incomplete assessment of the risks related to viruses and malicious software (3.3) Does not provide an assessment of the risks related to viruses and malicious software   (0) 6
Risk Assessment: Web Server Security Strategies Provides a thorough, detailed assessment of the risks related to web and wireless technologies and protocols (6) Provides an accurate assessment of the risks related to web and wireless technologies and protocols (5.1) Provides a cursory or incomplete assessment of the risks related to web and wireless technologies and protocols (3.3) Does not provide an assessment of the risks related to web and wireless technologies and protocols (0) 6
Risk Assessment: External Threats Provides a thorough, detailed assessment of the risks related to external threats (6) Provides an accurate assessment of the risks related to external threats (5.1) Provides a cursory or incomplete assessment of the risks related to external threats (3.3) Does not provide an assessment of the risks related to external threats (0) 6
Mitigation Strategy: Employee Guidelines Effectively summarizes proposed employee guidelines for all identified issues related to confidentiality, integrity, availability, and privacy   (8) Summarizes proposed employee guidelines for most identified issues related to confidentiality, integrity, availability, and privacy     (6.8) Provides an incomplete or cursory summary of proposed employee guidelines for identified issues related to confidentiality, integrity, availability, and privacy (4.4) Does not provide employee guidelines for issues related to confidentiality, integrity, availability, and privacy     (0) 8
Mitigation Strategy: Legal, Regulatory, Ethical, and Social Issues Recommends a well-developed mitigation strategy that effectively addresses all identified legal, regulatory, ethical, and social issues (8) Recommends a mitigation strategy that effectively addresses most of the identified legal, regulatory, ethical, and social issues (6.8) Recommends an incomplete or cursory mitigation strategy for identified legal, regulatory, ethical, and social issues   (4.4) Does not recommend a mitigation strategy for identified legal, regulatory, ethical, and social issues   (0) 8
Mitigation Strategy: Viruses and Malicious Software Recommends a well-developed mitigation strategy that effectively addresses all identified risks related to viruses and malicious software (8) Recommends a mitigation strategy that effectively addresses most of the identified risks related to viruses and malicious software (6.8) Recommends an incomplete or cursory mitigation strategy for identified risks related to viruses and malicious software   (4.4) Does not recommend a mitigation strategy for identified risks related to viruses and malicious software   (0) 8
Mitigation Strategy: Web Server Security Strategies Recommends a well-developed mitigation strategy that effectively addresses all identified risks related to web and wireless technologies and protocols (8) Recommends a mitigation strategy that effectively addresses most of the identified risks related to web and wireless technologies and protocols   (6.8) Recommends an incomplete or cursory mitigation strategy for identified risks related to web and wireless technologies and protocols   (4.4) Does not recommend a mitigation strategy for identified risks related to web and wireless technologies and protocols     (0) 8
Mitigation Strategy: External Threats Recommends a well-developed mitigation strategy that effectively addresses all identified external threats (8) Recommends a mitigation strategy that effectively addresses most identified external threats (6.8) Recommends an incomplete or cursory mitigation strategy for identified external threats   (4.4) Does not recommend a mitigation strategy for external threats   (0) 8
References Provides varied and appropriate references that meet all project requirements, including APA formatting (6) Provides appropriate references that generally meet project requirements, including APA formatting (5.1) Provides references that are inappropriate or do not adequately meet project requirements (3.3) Does not include references as specified in the project requirements   (0) 6
Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy to read format (6) Submission has no major errors related to citations, grammar, spelling, syntax, or organization       (5.1) Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas (3.3) Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas   (0) 6
Earned Total 100%
 
"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "Newclient"