Background:

Organizations of all sizes should be concerned with the security and confidentiality of their electronic data. Cybercrimes affect individuals and companies alike. However, companies typically have more financial and other assets that can be compromised by various cybercrimes. Establishing an organization-wide information security program is a great start to mitigate cyber-related crimes and attacks. This process typically commences with an honest evaluation of the organization’s vulnerabilities and potential threats. For this assignment, you will read a scenario and develop a report as outlined below.

Scenario:

A contractor for the United States Department of Defense builds proprietary communication devices and peripherals, which allow soldiers in active combat to communicate with central command. These devices are used to transmit highly sensitive information regarding military deployments and battle plans. Once delivered, the devices interface with the U.S. military global communications network. In order to comply with the military’s security requirements, the contractor must conduct a security risk analysis of their internal networks and information systems for intrusion detection and cybercrime prevention.

Please note that the contractor is performing a security risk assessment of its own network and system and not of the military network. After all, a breach of security on the contractor’s computer systems could compromise confidential and sensitive military information. You have been asked to head up the project team that will ultimately perform this security assessment and analysis.

Report Sections

1. Overview (1 Page)

• Provide a brief abstract in narrative form of the contents of this report

Investigation Plan (five to seven Pages)

• Describe what techniques you will use to begin the investigation
  • Identify who should be interviewed first
  • Determine what type of log files to review
  • Distinguish what methods should be used to preserve the integrity of the evidence
• Identify at least five potential threats and explain your rationale and any assumptions you made.
• Identify at least five vulnerabilities and explain your rationale and any assumptions you made.
• Identify at least five risks and explain your rationale and any assumptions you made.
• Out of all the potential risks that you have identified, select the three that could be have the largest impact. Justify your reasoning.

Conclusion (one page)

• After conducting your investigation, describe three cyber security best practices that you would recommend

Reference Page (one page)

You may consider referring to these resources for guidance on federal legislation and standards:

• http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf
• http://csrc.nist.gov/publications/PubsFIPS.html
• http://csrc.nist.gov/publications/PubsSPs.html

Your total proposal should be  eight to ten pages long, of business quality, and follow the outline. Additionally, your report should be supported by no fewer than five scholarly sources