Security Testing Software Solution Executive Proposal
CMIT 321 Executive Proposal Project
The purpose of this project is to evaluate the studentâ€™s ability to research and evaluate security testing software and present a proposal for review by executive team members. By completing the document the student will also gain practical knowledge of the security evaluation documentation and proposal writing process. The project will enable the student to identify and understand the required standards in practice, as well as the details that should be covered within a proposal.
Â· Using the Case Study presented in this document, to complete an executive proposal.
Â· Provide a three to five page proposal summarizing purpose and benefit of chosen security software (OWASP) to the executive management team.
Â· The student will evaluate and test security testing software for purposes of testing corporate network security. The purpose of the software is to measure the security posture of the organization by identifying vulnerabilities and help prevent future attacks and deter any real-time unknown threats.
Â· The proposal should effectively describe the software in a manner that will allow the executive team members to understand the purpose and benefits of the software to approve purchase.
Â· Evaluate and select a security tool for recommendation that you learned about in the iLabs modules or the EC-Council text books.
Â· The proposal document must be 3 to 5 pages long, conforming to APA standards. See â€œWriting Guidelineâ€ in WebTycho where youâ€™ll find help on writing for research projects.
Â· At least three authoritative, outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled â€œReferences.â€
Â· Appropriate citations are required. See the syllabus regarding plagiarism policies.
Â· This will be graded on quality of research topic, quality of paper information, use of citations, grammar and sentence structure, and creativity.
Â· The paper is due during Week 7 of this course.
The purpose of project is to write an executive proposal for a fictitious company called Information Assurance Research. The goal of the proposal is to persuade the executive management team to approve purchase of security testing software that can benefit the companyâ€™s corporate network security by testing and identifying vulnerabilities before they are exploited by hackers. The proposal must include a detailed description of the software, its purpose and benefits.
Research a security testing software tool that you practiced using in the EC-Council iLabs or from the textbook.
Determine whether the tool would be beneficial in testing the security of a corporate network.
Use the vendorâ€™s website to collect necessary information about the tool to be able to explain its purpose and benefit.
Include 3rd party endorsements and case studies about the tool.
Integrate the information from your own experience with the tool into your proposal. This may include results from the iLab exercises or your own test lab.
Information Assurance Corporation
Information Assurance is a startup medical research and development company. After five years of extraordinary success in the development of innovative medical and pharmaceutical products, Information Assurance is on its way to becoming a major player in the medical research and development industry. However, due to its success, Information Assurance has also become a major target of cybercriminals. Information Assurance has been the victim of cybercriminal attempts to steal intellectual property and sell it to Information Assuranceâ€™s competitors. It is suspected that the corporate network has been infiltrated from unauthorized sources more than once. In 2011, Information Assurance was falsely accused of unethical research and development practices. The false allegations resulted in the defacement of Information Assuranceâ€™s public website and several Denial of Service attacks at different times over a 9 month period that brought the corporate network to its knees. These attacks had a major impact on Information Assuranceâ€™s ability to conduct business and resulted in undesirable publicity for the company.
Regardless of its security problems, Information Assurance has continued to grow as a company. Its research and development departments have grown over the years, due to the expansion of the company, in proportion to the increase in its business making up over 40% of the human resources. Information Assuranceâ€™s innovative research and development information is paramount to its continued success as a company. Although, no known attacks have occurred in last 18 months, the security of its network and intellectual property is still a major concern for the company. Because Information Assurance is a still fairly young company, management has been hesitant to budget for expensive security projects. However, this point of view is beginning to change. Particularly, because one of Information Assuranceâ€™s competitors, a major player in the medical research and development industry for over 40 years, experienced a loss of hundreds of millions of dollars in research data that was stolen from its corporate network by cyber thieves.
Background and your role
You are the IT Manager hired in 2012 to manage the physical and operational security of Information Assuranceâ€™s corporate information system.You understand information security issues better than anyone else in the company. You also know that the network is vulnerable to outside threats because it has experienced attacks in the past and because you havenâ€™t had the resources to properly test the corporate information system to identify the vulnerabilities that might exist and take action prevent possible attacks. You have a responsibility to bring these concerns to the attention of the executive team and ask for approval to purchase the necessary testing software.
Your education and training have introduced you to variety of security tools for testing computer and network security. The majority of these tools you either only read about or have practiced using in lab environment. You have decided to research some of these tools and test them out in your own lab environment and choose one for recommendation to executive team.
You will need to present information that proves the chosen tool will be beneficial to the security of corporate information system. To accomplish this you will need to research the product, if possible, test the product in a virtual lab environment. If the tool is part of your iLab exercise, it is recommended that you practice using and testing the tool beyond the scope of the lab exercise. Based on your research and analysis, you will include this information in your proposal in way that the executive staff can understand and allowing them to make an informed decision to approve purchase of the product.
The executive management team of Information Assurance:
The proposal should include:
Â· Detailed description of the software and benefits.
Â· Include reviews, case studies and customer recommendations
Â· Include your own hands-on experience with the tool and test results
Â· Cost of product. Include additional costs such as training or hardware software that might be needed in order to properly deploy manage and maintain the software.
Â· How will the software impact the production environment? For example, the software may test for Denial of Service attacks. You need to explain any interruptions the test may have on business operations. You need to justify the need for such a test. Also explain how to you plan to minimize or prevent possible production outages.
The software should test for one or more of the following types of attacks:
Â· Denial of Service (DoS)
Â· Cross Site Scripting (XSS)
Â· Authentication Bypass
Â· Directory Traversal
Â· Session Management
Â· SQL injection
Â· Database Attacks
Â· Password Attacks
Â· Firewall/Router Attacks
Â· Operating System Attacks
Corporate Office Network Topology
The Information Assurance main research and development facility is located in Reston Virginia. You have concerns about the sensitive information that is stored at this location as well as data that transmitted over the WAN to Information Assuranceâ€™s New York City headquarters location, business partners and clients. The Reston facility is also where the Information Assurance data center is located. The data center is where Information Assuranceâ€™s public website, email, databases and corporate intranet are hosted. The environment contains a mix of Microsoft and *NIX technologies.
Â· 45 Windows 2008 Servers
Â· 13 Windows 2003 Servers
Â· 15 UNIX Servers
Â· 2200 Windows XP and 7 Desktops
Â· Web Servers: Apache and IIS
Â· Services: FTP, SMTP, DNS, DHCP, VPN
Â· Database: SQL, Oracle and MySQL
Â· Network: Cisco Routers and Firewalls
Documentation and Formatting
Appropriate APA citations/referenced sources and formats of characters/content.
Accurate Completion of Software Research
Accurate Completion of Software Analysis
Provide proposal for purchase
A quality paper will meet or exceed all of the above requirements.
Our Service Charter
Excellent Quality / 100% Plagiarism-FreeWe employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers.
Free RevisionsWe keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed.
Confidentiality / 100% No DisclosureWe make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service.
Money Back GuaranteeIf the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit.
24/7 Customer SupportWe have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.