This gives you the freedom of choosing a standard risk management framework.
Ideally you may choose NIST 800-37, ISO 27005 & OCTAVE. The scenario is as follows, you are being asked to complete a
comprehensive security assessment of an organization. The organization can be an existing
company which you are/were working for, or you may create a made-up scenario. In this case,
make sure you clearly introduce essential information about the fictitious company first.
Note the scale of the organization is irrelevant, although your choice of organization will affect your choice of a suitable framework.
You may use any appropriate framework for the security assessment; obvious choices are
NIST 800-37, ISO 27005 & OCTAVE. If the framework is a well-known standard provide key references in your report.
Identify potential members of the company team required to assess and deliver the solution
(Only include job roles, e.g. Network Administrator, Company Director, etc.). Following this,
the potential scope to be assessed should be specified (be it functional or geographical,
etc.). Through your assessment of the organisation, you are to highlight a small number of
key critical assets, including both hardware and software. You should then identify potential threats to these assets. You must then also suggest technologies and architectures that could/should be employed to protect the highlighted assets. Explanations of how they counter them are required and a comparison with other possible solutions will gain extra credit.
You are not being asked for the exact details or configuration of the proposed
solutions, it is enough to specify the technologies. You can also suggest policies and
guidelines for the future implementation within the organization.
For the purposes of the coursework, you should understand that you are being asked to
assess the security (and dependability) requirements for the organisation and outline
preferred solutions. Once your initial report has been submitted, you would head up the
team performing a second more detailed exercise starting with the writing of a full
Information Policy and the design of a secure architecture, which is NOT within the scope of this report.
The report should be divided into three sections. Each section will have different
audiences, therefore it is important to adjust your writing style accordingly.
The first section is to be a single-page executive summary (around 500 words), which is
targeted at the firm’s board of directors, CEO, managers and executives (so you should be
careful about the use of technical terms and colloquialism/slang). This part of the report
should contain the following:
An outline of the key issues
A statement of the recommendations to be adopted
In the second section, a more detailed analysis is required. This can take up to 3-5 pages;
depending on diagrams and figures (Maximum word limit for this section is 2000 words).
This is directed at the technical staff within the firm and/or the technical specialists you will
use for the implementation. In this section, you should state the background to the company and project. The key assets should be highlighted along with your reasons for selection.
Then identify the proposed architecture of your recommendations (a network diagram may
help illustrate your solution, but remember that you don’t need to have done a full detailed
design). You should state any assumptions you make about the organization’s
The third section should be a summary(250 – 500 words) of the proposals and
recommendations for the technical staff, indicating key tasks that need to be performed and hardware that needs to be purchased (don’t list equipment exhaustively, rather state in what order equipment should procured and deployed).
You should complete this within 24 hours and you can select any construction company or a mobile phone operator company...
8 pekerja bebas membida secara purata $119 untuk pekerjaan ini
I have read the guidelines of your work, i believe i can provide you with the best quality of work you are anticipating from this [login to view URL] give me a chance to show you the best i can do at your service