For the assignments in this course, you will not be implementing an operating systems security policy; rather, you will be developing a comprehensive operating systems security policies document. Your first task in this process will be to select an organization or identify a hypothetical organization to use as the basis of your projects. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add contents to each section of the final document to gradually complete the final project delivery. Appropriate research should be conducted to support the development of your document, and assumptions may be made when necessary.
Use MS Word
Title Page
· Course number and name
· Project name
· Student name
· Date
Table of Contents
· Use auto generated TOC
· Separate page
· Maximum of 3 levels deep
· Be sure to update fields of TOC so it is up-to-date before submitting project
Section Headings (Create each heading on a new page with TBD as the content except for the sections listed under New Content below.)
· Project Outline
· Operating System Security Tools
· Security Threat Detection
· Secure Communications
· Virus Protection
· Security Management
New Content
Project Outline and Requirements
· Give a brief description of the organization (can be hypothetical) where the operating systems security policies will be implemented. Include company size, location(s), and other pertinent information.
· Identify the systems in the organization (i.e., the type and number of computer systems and operating systems used, along with a top-level view of the infrastructure). A network diagram would be useful for this purpose, but the diagram should be pasted into your Word document.
· Your project must assume that the organization has UNIX, open source, and Windows operating systems in its computing environment, so be sure to include all 3 categories in the systems overview.
· Identify and describe any outside connections to the internal systems.
· Summarize the benefits the company would realize through the implementation of operating systems security policies.
· Material can be taken from the approved proposal submitted to the instructor.
· Be sure that this project is approved by the instructor.
Operating System Security Tools
· Based on the systems overview, identify and describe at least 3 security tools for each OS category (UNIX, open source, and Windows) that can be used at the operating system level to protect the systems, users, and data from security threats.
· The tools can be part of the OS or third-party tools. Some examples would include firewalls, account management, and port access management.
New Content: Security Threat Detection
Security Tool Analysis
· Review and identify at least 3 tools that would be effectively used in the detection and prevention of operating system security threats in the organization's systems.
· Include the types of threats that the tools identify.
· Discuss the total threat coverage for the operating systems provided by these tools.
· Given that implementation of security tools requires significant investment, management will likely be reluctant to approve them unless the investment can be justified. As part of your analysis, describe why these tools are necessary for the company and how the investment can be justified to management.
Built-in Security Analysis
· Summarize the strengths and weaknesses of the built-in security of each of the 3 major OS categories (UNIX, open source, and Windows).
· Discuss how the weaknesses can be strengthened using the tools identified in the Security Tool Analysis section.
New Content: Secure Communications
Communications Summary
· Summarize each of the major types of computer communications used by the organization's systems.
· These communications should include computer-to-computer communications and user-to-computer communications.
· Provide a review of the potential security issues related to the internal and external communications.
· Discuss how company communications policies can play an important role in the reduction of communication security risks. Include specific examples and real-world case studies to support your discussion.
Tools and Techniques
· Identify and describe at least 3 tools or techniques that can be used to reduce the communications security threats for any of the OS categories (UNIX, open source, and Windows).
· For each tool or technology, specify a typical use case to demonstrate how the tool or technology can be used.
New Content: Virus Protection
Tools
· Describe the major systems in the organization that may be susceptible to virus threats.
· These systems should include all 3 operating systems categories (Unix, open source, and Windows) from the initial project requirements.
· For each system category, provide an analysis and recommendation of appropriate virus protection tools.
· Your analysis should include requirements and a comparison of features, cost, and any other relevant factors for at least 3 alternatives for each operating system; a final recommendation for an appropriate tool; and justification for your selection.
Policies
· Discuss how viruses, adware, spyware, and malware would impact your organization.
· Prepare at least 5 policies that will help reduce the threat of viruses, adware, spyware, and malware within the organization.
· The policies should include detailed steps to be followed.
· Provide details of how each policy will be effective in the reduction of these threats.
New Content:
Security Management
· Develop a security incident response policy for the organization.
· Provide an evaluation and recommendation for tools and processes to help analyze and track security threats and incident responses for all
3 operating systems categories (UNIX, open source, and Windows).
· Provide an evaluation and recommendation for forensics tools and policies to use in response to security incidents for all 3 operating systems categories (UNIX, open source, and Windows).
Security Cost/Benefit Analysis
· Provide a cost/benefit analysis for the tools and processes recommended throughout the Operating Systems Security Policies document versus the cost to the organization of security incidents.
· Add a long-term cost/benefit analysis that includes expected changes in the organization that might affect the costs and benefits of the recommended tools and processes.
Operating Systems Security Policies document, final draft
· Review the entire document for any changes and improvements that you would like to make.
· Ensure that this final version of the plan is sufficiently detailed to allow the organization to confidently move forward with the implementation of the operating system security plan based on your recommendations.
· Any previous instructor feedback should be addressed with appropriate changes.