Part 1
In this phase you will work with Quality Web Design as the company you will give recommendations to, refer to
the scenario guide. You will then identify potential security weaknesses.
Security weaknesses – You must choose two from the following three areas:
• hardware
• software
• policy (excluding password policies)
and identify an item that requires improved security. To clarify: you must identify
a) one hardware and one software weakness or,
b) one hardware and one policy weakness or,
c) one software and one policy weakness.
You must define the asset or policy with sufficient detail to justify your assessment. Your assessment must
include:
• the vulnerability associated with the asset or policy
• the possible threats against the asset or policy
• the likelihood that the threat will occur (risk)
• the consequences to mission critical business processes should the threat occur
• how the organization’s competitive edge will be affected should the threat occur
Part 2
In this phase of the project you will include Part 1 and then you will recommend solutions for the security
weaknesses you identified in the phase I.
Definition of the solution – Hardware solutions must include vendor, major specifications with an emphasis on
the security features, location of placement with diagram. Software solutions must include vendor, major
specifications with an emphasis on security features. Policy solutions must include the complete portion of the
policy that addresses the weakness identified. Any outsourced solution must include the above details and the
critical elements of the service level agreement.
Justification – You must address the efficacy of the solution in terms of the identified threats and vulnerabilities,
the cost of the solution including its purchase (if applicable) and its implementation including training and
maintenance.
Impact on business processes – You must discuss any potential positive or negative effects of the solution on
business processes and discuss the need for a trade-off between security and business requirements using
quantitative rather than simply qualitative statements.
Sample Solution