Final Project - Security Plan / Assessment to Include
• Policies - sample or areas that they should include or address
• Procedures
• What standards do you suggest following
• Suggested Incident Response Plan
• Testing - penetration tests - internal and external
• Training / awareness
• What should the client do to prepare for the audit
Final Project - Security Plan to Include
• Testing portion - Similar to an Ethical Hacking Plan - Someone asks you to test the system (inside and outside). What would you propose?
• Make it a business proposal and lay out all of the steps, naming exact tools and procedures
• Comment on what you could expect to find
• Lots of details - no simple overview, you have to have enough content to prove what you suggest will work or be of benefit
Final Project
• Goal is to tell me what I don't know
• I don't want you to tell me the easy stuff, I need to fix that beforehand
• Tell me how to prepare before you come in
• Run the Microsoft analysis tools, patch everything, make sure policies are up to date
• Request authorization
• You need a letter protecting you so you can explore my system
• If you don't have the letter - you go to jail.
• Say that you will not do any destructive tests
Final Project Format
• Professional
• Any business format that you choose
• Executive Overview
• Table of Contents
• Sections
Final Project - Business Security Plan
• Research and build what you would put into a detailed security plan for an organization:
• It needs to be written as a business proposal.
• Can be done in teams of 2
• At least a 15 page paper - of content....
• Or 20 for group of 2
Business Security Plan
• Research and build what you would put into a detailed security plan for an organization:
• Policies - samples or areas that they should include
• Procedures -
• What standards do you suggest following
• Testing - penetration testing - Ethical hacking
• Internal and external
• Training - what training would you offer employees (details)
Ethical Hacking Part
• The plan needs to show exact steps and procedures on how you would test security on a company.
• Internal threats
• External threats
• Detailed procedures, what you expect to find
Final Project
• Develop a Business security plan for a company (real or fictitious). It needs to include:
• Overall plan - General policies / procedures
• Ethical hacking - what tools, what do you expect as results or what are you looking for?
• The business owner has to understand why you are testing for certain things
• How would he know that he is getting what he is paying for.
• Security Awareness Plan - how to train employees
• What materials would you put on a reference list for each section?
• Can be a group of 2