course materials

1. Project: problem identification assignment | BMIS 665 – Information
Operations and Security | Liberty University
Project: Problem Identification AssignmentOverviewThe objective of the final
comprehensive project is to show you are competent in the Information Assurance
discipline and prepared for the final capstone systems analysis and design course. You will
show competence through the execution of a final information security plan. The objective
of the plan is to identify a current and relevant security related problem in computing, study
related literature that pertains directly to the problem, analyze an appropriate secure fault
tolerant solution, design the secure fault tolerant solution, and develop a continuity and
disaster recovery plan for the final solution. The identified problem must be contained in a
software, network, or system environment that you have sufficient knowledge of and data
access to be able to perform a thorough analysis and design.InstructionsCurrent and proper
current APA formatting is required and must include a title page, proper margins, citations,
organization, proper grammar and spelling, and an ending resources page.At the minimum,
this phase of the project must include:I. Executive summary, introduction, and conclusiona.
Executive summaryb. Introductioni. Statement of the problemii. Documentation of the
organizational requirementsiii. Purpose of the planiv. Scope of the planv. Rationale of the
planc. ConclusionII. Review of Related Literaturea. Scholarly, peer-reviewed, original
research (8 minimum sources and at least 8 double-spaced, current APA-formatted pages)b.
Comprehensive investigation of past and current security solutions relevant to the
problemc. Summary of the research outcomesd. NOTE: required minimum length in the
grading rubric excludes all systems analysis and design (SAD) diagrams and any other
tables and/or graphical elementsIII. Risk Analysisa. Analyze the risk of various plausible
solutions in the review of related literatureb. Value of the assetsc. Potential loss per threatd.
Threat analysise. Overall annual loss per threatf. Reduce, transfer, avoid, or accept the
risk IV. Environmental Diagrams (minimum of 2 required) could include, but are not
limited to:a. System and/or network architecture diagramsi. If you are designing a secure
network or system, at least 1 complete architectural diagram must exist that details all the
connections, nodes, and/or pertinent pieces of equipment (e.g. data links, servers, switches,
routers, firewalls, IDSs, SANs, databases, etc.)ii. If you are designing a secure application,
detailed UML class and/or component diagrams must existb. Security and business
requirement mappingsc. Information or data flow diagramsd. SDL Threat Modeling
diagramse. Risk matrixf. Process overview (e.g. see ISO 31000:2009 Process Overview

2. Diagram)g. Shared resource matrixh. Attack and/or malicious mappings (e.g. distributed
denial-of-service attack mapping, encrypted message flow)Critical to your success is a
comprehensive and proper understanding of the information system and surrounding
environment for which the plan will address. Within the scope of the plan, you must notate
each domain that will be addressed. It is important to clearly define what is inside the scope
and what is outside of the scope of the plan.For example, if you choose application security,
you must narrowly define the application and its counterparts within the scope. This could
include mobile code, object-oriented code, database, distributed system, neural network,
and a number of other components. Subsequently, the research in the review of related
literature must focus on the specific types of solutions that will be necessary to be analyzed
and designed. If the specific domain is software development security, and the solution
must secure malicious code, the review of related literature, risk analysis, and diagrams
must have some focus on varying types of malicious code such as logic bombs, Trojan
horses, viruses, time bombs, trapdoors, worms, and rabbits. If the domain is network
security, a number of network architecture diagrams must be present that identify every
possible device within the selected business environment.Choose each element wisely;
assuring that sufficient selection occurs to develop the solution based upon the research in
the review of related literature. Additionally, the comprised components must provide
sufficient depth to allow the minimum length requirements to be met for each phase of the
project, but more importantly to securely design the system and/or application. Within
EACH of the 2 diagrams, there is a minimum of 20 elements exist that accurately detail
analysis of the environment that needs securing. The details will be supported by previous
designs in the review of literature. These serve as a benchmark for your designs. If your
literature review is insufficient, you will be assessed on relevant literature review, given
your choice of design. In other words, be very detailed. If your diagrams are not detailed,
they will be unable to achieve the purpose of a secure design and ultimately, fail the
customer.