William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Thursday, November 17, 2011

Post 051- CYBR 515


Week Twelve Assignments

Theme for the Week - Validating a Secure Design

Learning Objectives:

• Describe how PCI Data Security Standards are used to enhance payment card data security.

• Design a certification and evaluation plan for a secure network.

• Propose solutions to network security vulnerabilities that are exposed during an audit.

Readings:

https://www.pcisecuritystandards.org/security_standards/index.php

https://www.pcisecuritystandards.org/security_standards/documents.php

https://www.pcisecuritystandards.org/documents/pci_dss_saq_instr_guide_v2.0.pdf

http://www.sans.org/score/


This week:

Now that you've created a design for a secure network, how do you know that it meets acceptable standards and practices for security? After all, both threats and the technology to meet them are constantly evolving. You need a way of ensuring that your network provides an acceptable level of risk. Fortunately, there are several organizations and methodologies that are in place to help you. Our reading assignments for this week expose you to some of the more important ones, and they, in turn, will point you to others by way of reference. If you take the time to examine these documents, you will be provided with a considerable amount of insight into how networks are certified, managed, and audited.

Some things to remember. Our networks are not static, and many of the technologies we implement can undo or circumvent security that we painstakingly put in place. Wireless is a good example. We need to consider the impact of all changes that we make and stay up to date on the latest tools and methodologies for identifying and eliminating vulnerabilities.

As part of our reading, we reference the Payment Card Industry’s Data Security Standards (PCI DSS) and their Documents Library. We also examine their Self-Assessment Questionnaire. These two documents explain the requirements for security to support payment processing. In addition, we'll review documents from the SANS. They have a Security Consensus Operational Readiness Evaluation (SCORE) that has benchmarks, scoring tools, checklists. and step-by-step guides. You can use these tools to evaluate an IT architecture. Please begin your lessons.

Week 12 Discussion

This week's reading involved both Security Consensus Operational Readiness Evaluation (SCORE) and Payment Card Industry (PCI) Data Security Standard 2.0. In your post this week, mention one important concept you have learned regarding these two assessment methodologies.

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 12_2 (Attach to this assignment)

This assignment involves an evaluation of a secure design. Using the materials from your reading assignment, perform a security evaluation on the fictitious organization in the case study attached to this assignment. Use SCORE or PCI assessment methodology from your reading for your evaluation. Please use this week's discussion forum to post any questions or comments you have about this assignment. Save your findings in a word document named CYBR515 Assignment 12_2 , and attach it to this assignment.

Assignment 12-3 MIlestone 5 (Attach to this assignment)

Your project deliverable for this milestone is a brief PowerPoint presentation that could be presented to senior management explaining your recommendations. In your presentation, provide an overview of the present system, including any security vulnerabilities that you found. Outline the main points/diagrams/recommendations. Use the Notes section of the PowerPoint slides to explain any details about the slide. Review your semester project document for additional information on this assignment.

Please include CYBR515 Assignment 12-3 and your name in the file name for your PowerPoint presentation and attach it to the appropriate assignment for grading.

No comments:

Post a Comment