The final step in developing the network security plan is to define how the plan that you have developed will be implemented within the organization. Implementing security controls and adding security devices can be a complex process that will affect every aspect of the organization.
A detailed plan that phases in controls and new devices-and has a backup plan for any problems-will greatly increase the success rate of implementing a network security plan.
• For this assignment, you will add a detailed implementation plan of 4-5 pages, which will describe your proposed solution for the implementation of a network security plan in your organization.
• Finally, you will refine the Network Security Plan document to produce the final draft version. Updates may be based upon peer and instructor feedback.
The project deliverables are the following:
• Update the Network Security Plan with a new date.
• Update the previously completed sections based upon your peers' and instructor's feedback.
• Implementation Plan
o Develop a plan to implement the security controls and policies that you identified in previous sections.
o Develop a plan to implement new security devices and modify existing security devices that are required to monitor the network and the polices that were created or updated.
o Describe how these controls, policies, and security devices have addressed the key security areas of confidentiality, integrity, authentication, authorization, and nonrepudiation cryptographic services.
• Network Security Plan
o Revise the entire document, and make any necessary changes and improvements.
o Ensure that the final version is sufficiently detailed to allow the organization to confidently move forward with the implementation of the security controls and devices based upon your recommendations.
o Previous instructor feedback should be addressed with appropriate changes.
• Update your table of contents before submission.
Network Security Plan
This course has been composed of a series of Individual Project assignments that have contributed to a Key Assignment submission at the end of the course. Each week, you have completed a part of a network security plan. The full Key Assignment should include the following tasks:
• Overview of Network and Existing Security (Week 1)
o Select an organization as the target for the analysis.
o Provide an overview of the organization's existing network architecture.
? The overview will include description of the network, the topology, protocols allowed, connectivity methods and network equipment, number of routers, switches, and any other network equipment, such as VPN concentrators, proxies, etc.
o Provide a summary of the current security devices currently in use on the network.
List the type of device, the vendor, and give a brief description of how the device is used.
• Risk Assessment
o Conduct an inventory of the devices within your network. Provide a summary of the number of desktops, laptops, network printers, and servers.
Identify key assets
Assets also include records and sensitive information that requires special protection.
Prioritize each asset or group of assets, and assign a value to each.
o Identify and describe the risks within your environment.
o Do not forget natural disasters.
o Determine the likelihood that the risk could occur.
o Identify the tools and methodology that you would use to conduct the risk assessment.
• Security Architecture Plan (Week 3)
o Based upon the risk assessment and your analysis, create an action plan to mitigate the risks that you have identified.
o Identify and select appropriate technologies to protect the network and the organization's information, and explain why you chose each technology.
Describe where you plan to place these technologies in the network, and explain why.
The plan should cover all layers of the OSI model.
o Identify additional software that will be required to monitor the network and protect key assets.
Identify security controls that need to be implemented to assist in mitigating risks.
• Security Policies (Week 4)
o Create the Key Assignment first draft for peer review.
o Continue the development of the plan.
Create a fourth section in the plan to list all of the policies you would have for your organization and a brief description of what each policy will contain.
Each policy will address how you plan to monitor the policy and what the appropriate punishments should be for violators.
Provide a timetable for when these policies should be reviewed and updated.
o Continue development of the Network Security Plan with an Incident Response Plan of 2-3 pages.
Include the actions that need to occur when an incident is in progress.
Include how your organization will identify and classify incidents, what the response will be, and the plan to recover.
• Implementation and Incident Response (Week 5)
o Analyze previous submissions, and make changes as necessary to the final paper.
Submit a detailed implementation plan of 4-5 pages that will describe your proposed solution for the implementation of the Network Security Plan for the organization.
This is the last and final section of the Key Assignment and should bring together all aspects of the implementation in one cohesive paper.
Revise the previous sections so that the entire plan flows and has a strong introduction and conclusion.
o Submit the final Key Assignment.
The final step in the planning phase is to review the plan to ensure that the Information Security Assurance Implementation Plan adequately addresses the requirements and that it is sufficiently detailed to allow the organization to move forward with the implementation phase based on your plan. This is also a good time to identify a model to ensure the development of secure Web-based and platform-based applications. In addition, you should identify methods to assess compliance with your plan.
For this assignment, you will add 3-4 pages describing a security-driven life cycle development model to prevent security holes for Web-based and platform-based applications, as well as methods to assess compliance with your plan and to assure the security of the organization's information. Finally, you will further refine the Information Security Assurance Implementation Plan to produce the final draft version. Updates may be based on peer and instructor feedback.
The project deliverables for Week 5 are as follows:
• Update the Information Security Assurance Implementation Plan title page with the new date.
• Update the previously completed sections based on the instructor's feedback.
• Assessment and Assurance
o Describe a security-driven life cycle development model to prevent security holes in applications for the organization.
o Describe methods that will be used to assess compliance with the implementation plan and policies outlined in your plan and to assure the security of the organization's information.
• Information Security Assurance Implementation Plan final draft
o Review the entire document for any changes and improvements that you would like to make.
o Ensure that this final version of the plan is sufficiently detailed to allow the organization to move forward with the implementation phase based on your plan.
o Any previous instructor feedback should be addressed with appropriate changes.
• Be sure to update your table of contents before submission.