© 2014 Stra and may not Strayer Univ CIS 502 Fac Technica Due Wee Accounti Loan De Custo Servic ayer University. A t be copied, furth versity. culty Version 114 al Paper: Risk k 10 and wort Off Worstations (x25) Worstations (x12) Worstations (x63) ing ept omer ces DMZ Prin (x Prin (x Pr CIS 502 All Rights Reserv her distributed, o 48 (1099 10-17-2 k Assessme th 160 points Trus f-Site Office VPN Gatew VPN Gatewa Orac S ters 7) ters 5) rinters (x3) SUS Server 10Gbps 2 – Assig ed. This docume r otherwise discl 2014) Final nt sted Computin In Global N ay ay Border Intern DNS Distrib cle 9i DB erver 10Gbps 10 Gbps 10 Gbps OC192 10Gbps nments a ent contains Stra osed in whole or g Base Interna nternet Finance, Inc. r (Core) Router al S Exchange 2000 Email bution Routers File Acc La VL Swi 10 Gb 10 Gbps OC1 10G 10 Gbps nd Rubric ayer University C r in part, without al Network rs e and Print Server Intra S cess ayer LAN witch bps 100Mbps 192 bps cs onfidential and P the expressed w Remote Dial UpUsers Worstations (x5) Worstations (x10) Worstations (x49) anet Web Server Printer (x3) Printers (x3) Printers (x5) Workstatio (x7) s RAS Proprietary inform written permission Page 3 PBX PSTN Mgmt Credit Dept Finance s ons mation n of 33 of 50 © 2014 Stra and may not Strayer Univ CIS 502 Fac Above is t this past y invested i However, pace, its o GFI’s netw network o as the ban hired any The truste hosts the overall fin applicatio financial s network a one (1) we the norma $1,000,00 Write a ei 1. D 2. A co or th th 3. E of w 4. E m 5. U se re 6. U do ayer University. A t be copied, furth versity. culty Version 114 the Global Fin year and impl n the network although the overall netwo work has histo outages. GFI h ndwidth dema security pers ed computing company’s m ancial situatio n servers in t systems heav attacks twice t eek as a resu al operating b 00, as well as ght to ten (8- Describe the c Assess risk ba over all the ne rganization an his risk assess he business le a. Defend b. Ascert vulner Recom vulner c. Justify require xamine wheth f these, and d was the most a xplain the wa management a Using Microsof ecure and risk equired page Use at least th o not qualify a CIS 502 All Rights Reserv her distributed, o 48 (1099 10-17-2 Glo nance, Inc. (G emented a nu k and designe e company’s f rk security po orically been has hired thre and by the co sonnel who ca base (TCB) mission critica on. The Orac he company. vily depend on this year, and ult. The recov baseline. GFI lost custome 10) page form company netw ased on the G ecessary deta nd risk postur sment to dete eaders to mak d your assum tain apparent abilities. Such mmend mitiga abilities. y your cryptog ements, data- her your risk discuss the m appropriate. ay in which yo and thus facili ft Visio or its k-mitigating m length. ree (3) quality as.

1. © 2014 Stra
and may not
Strayer Univ
CIS 502 Fac
Technica
Due Wee
Accounti
Loan De
Custo
Servic
ayer University. A
t be copied, furth
versity.
culty Version 114
al Paper: Risk
k 10 and wort
Off
Worstations
(x25)
Worstations
(x12)

2. Worstations
(x63)
ing
ept
omer
ces
DMZ
Prin
(x
Prin
(x
Pr
CIS 502
All Rights Reserv
her distributed, o
48 (1099 10-17-2
k Assessme
th 160 points
Trus
f-Site Office VPN
Gatew

3. VPN
Gatewa
Orac
S
ters
7)
ters
5)
rinters
(x3)
SUS Server
10Gbps
2 – Assig
ed. This docume
r otherwise discl
2014) Final
nt
sted Computin
In
Global
N
ay

4. ay
Border
Intern
DNS
Distrib
cle 9i DB
erver
10Gbps
10 Gbps
10 Gbps
OC192
10Gbps
nments a
ent contains Stra
osed in whole or
g Base Interna
nternet
Finance, Inc.
r (Core) Router
al

5. S
Exchange
2000 Email
bution Routers
File
Acc
La
VL
Swi
10 Gb
10 Gbps
OC1
10G
10 Gbps
nd Rubric
ayer University C
r in part, without
al Network
rs
e and Print Server
Intra
S

6. cess
ayer
LAN
witch
bps
100Mbps
192
bps
cs
onfidential and P
the expressed w
Remote
Dial UpUsers
Worstations
(x5)
Worstations
(x10)
Worstations
(x49)
anet Web
Server
Printer
(x3)

7. Printers
(x3)
Printers
(x5)
Workstatio
(x7)
s
RAS
Proprietary inform
written permission
Page 3
PBX
PSTN
Mgmt
Credit Dept
Finance
s
ons
mation
n of
33 of 50

8. © 2014 Stra
and may not
Strayer Univ
CIS 502 Fac
Above is t
this past y
invested i
However,
pace, its o
GFI’s netw
network o
as the ban
hired any
The truste
hosts the
overall fin
applicatio
financial s
network a
one (1) we
the norma
$1,000,00
Write a ei
1. D
2. A
co
or

9. th
th
3. E
of
w
4. E
m
5. U
se
re
6. U
do
ayer University. A
t be copied, furth
versity.
culty Version 114
the Global Fin
year and impl
n the network
although the
overall netwo
work has histo
outages. GFI h
ndwidth dema
security pers
ed computing

10. company’s m
ancial situatio
n servers in t
systems heav
attacks twice t
eek as a resu
al operating b
00, as well as
ght to ten (8-
Describe the c
Assess risk ba
over all the ne
rganization an
his risk assess
he business le
a. Defend
b. Ascert
vulner
Recom
vulner
c. Justify
require
xamine wheth
f these, and d
was the most a
xplain the wa
management a

11. Using Microsof
ecure and risk
equired page
Use at least th
o not qualify a
CIS 502
All Rights Reserv
her distributed, o
48 (1099 10-17-2
Glo
nance, Inc. (G
emented a nu
k and designe
e company’s f
rk security po
orically been
has hired thre
and by the co
sonnel who ca
base (TCB)
mission critica
on. The Orac
he company.
vily depend on
this year, and
ult. The recov
baseline. GFI

12. lost custome
10) page form
company netw
ased on the G
ecessary deta
nd risk postur
sment to dete
eaders to mak
d your assum
tain apparent
abilities. Such
mmend mitiga
abilities.
y your cryptog
ements, data-
her your risk
discuss the m
appropriate.
ay in which yo
and thus facili
ft Visio or its
k-mitigating m
length.
ree (3) quality
as quality res
2 – Assig
ed. This docume
r otherwise discl
2014) Final

13. obal Finance
GFI) network d
umber of netw
ed it to be fau
inancial statu
osture has not
fairly stable,
ee (3) network
ompany emplo
an take care o
internal netwo
l systems tha
le database a
GFI cannot a
n the network
d its Oracle da
ery process r
estimated the
er confidence.
mal risk asses
work, intercon
GFI, Inc. netwo
ails for your c
re of the curre
ermine what a
ke data-driven
mptions where

14. security vuln
h analysis sho
ation processe
graphy recom
-driven decisi
assessment m
main reasons w
ou would pres
itate security
open source
model. Note: T
y resources in
ources.
nments a
ent contains Stra
osed in whole or
e, Inc. Netwo
diagram. A hy
work devices
lt tolerant and
s has mature
t kept up with
and the comp
k engineers to
oyees and the

15. of the operatio
ork within the
at are vital to t
and email sys
afford system
k stability and
atabase and e
required GFI t
e loss from th
.
ssment propo
nection, and
ork diagram s
client, GFI Inc
ent environme
actions to take
n decisions.
e pertinent info
erabilities, an
ould entertain
es and proced
mendations,
on-making, a
methodology
why you belie
sent your findi
buy-in and co
equivalent, re
The graphica

16. n this assignm
nd Rubric
ayer University C
r in part, without
ork Diagram
ypothetical co
as displayed
d resilient from
ed and its netw
h the company
pany has not
o keep up wit
e clients. How
onal security
e Global Finan
the company’
stems are amo
m or network o
availability. G
email servers
to utilize $25,
ese network
osal in which y
communicati
scenario. Note
c., to understa

17. ent. The com
e; therefore, i
ormation from
nd analyze at
n the possibili
dures for eac
based on sec
and objective
is quantitativ
eve that the m
ings and asse
oncentration.
edraw the CF
ally depicted s
ment. Note: W
cs
onfidential and P
the expressed w
ompany, GFI
in the diagra
m any networ
work has exp
y growth.
experienced
th the network
wever, the com
responsibility

18. nce, Inc. Netw
’s operations
ong the most
outages, as its
GFI has expe
s had been do
,000 to restor
attacks at mo
you:
on environme
e: Your risk a
and the risk fa
pany manage
it must be com
m the scenario
least three (3
ity of faulty ne
ch of the ident
curity concern
opinions.
ve, qualitative
methodology t
essment to th
FI diagram, de
solution is not

19. Wikipedia and
Proprietary inform
written permission
Page 3
has grown ra
am. The comp
rk failures.
panded at a ra
many full sca
k growth, as w
mpany has no
y.
work Diagram
that also affe
t intensively u
s cash flow an
rienced DoS
own for a tota
re its operatio
ore than
ent.
assessment s
actors of the
ement will util
mprehensive
o isn’t availab

20. 3) such
etwork design
tified
ns and
, or a combin
that you utilize
he company’s
epicted as a
t included in t
d similar Web
mation
n of
34 of 50
apidly
pany
apid
ale
well
ot
m
ect the
used
nd
l of

21. ns to
should
lize
for
ble.
n.
ation
ed
the
sites
© 2014 Stra
and may not
Strayer Univ
CIS 502 Fac
Your assig
B
si
pr
In
na
th

22. In
co
su
The speci
E
pr
A
E
D
fr
E
an
at
U
W
m
Grading fo
language
Poin
Cr
1. Describe
network, in
and comm
environme
Weight: 15
2a. Defend
assumption

23. pertinent in
from the sc
available.
Weight: 5%
2b. Ascerta
security vu
ayer University. A
t be copied, furth
versity.
culty Version 114
gnment must
e typed, doub
ides; citations
rofessor for a
nclude a cove
ame, the cou
he required as
nclude charts
ompleted diag
ubmitted.
ific course lea
valuate an or
rovide securit
Analyze the m
xplain access
Describe the d
om a manage

24. valuate and e
nd technologi
ttacks.
Use technolog
Write clearly a
mechanics and
or this assign
and writing s
nts: 160
riteria
e the company
nterconnection,
unication
nt.
5%
d your
ns where
nformation
cenario isn’t
%
ain apparent
lnerabilities,
CIS 502
All Rights Reserv
her distributed, o

25. 48 (1099 10-17-2
follow these
ble spaced, u
s and referenc
any additional
er page contai
rse title, and t
ssignment pa
or diagrams
grams / chart
arning outcom
rganization’s s
ty countermea
ethods of ma
s control meth
details and the
ement perspe
explain from a
ies organizati
y and informa
nd concisely
d technical sty
ment will be b
skills, using th
Unacce
Below 7
y Did not sub
incomplete

26. described t
company n
interconnec
and commu
environmen
Did not sub
incompletel
defended y
assumption
pertinent
information
scenario isn
available.
Did not sub
incompletel
2 – Assig
ed. This docume
r otherwise discl
2014) Final
formatting re
sing Times N
ces must follo
instructions.
ining the title
the date. The
ge length.
created in Vis
s must be imp

27. mes associate
security polic
asures.
naging, contr
hods and atta
e importance
ective.
a managemen
ions can emp
ation resource
about the the
yle conventio
based on ans
e following ru
Te
ptable
70% F
bmit or
ly
he
etwork,
ction,
unication
nt.
Par
the
net
inte
com
env

28. bmit or
ly
our
ns where
from the
n’t
Par
you
wh
info
sce
ava
bmit or
ly
Par
app
nments a
ent contains Stra
osed in whole or
quirements:
New Roman fo
ow APA or sc
of the assign
e cover page a
sio or an open
ported into th

29. ed with this as
ies and risk m
rolling, and m
acks.
of application
nt perspective
ploy to mitigat
es to research
eories of secu
ns.
swer quality, l
ubric.
echnical Pap
Fair
70-79% C
rtially described
e company
twork,
erconnection, a
mmunication
vironment.
rtially defended
ur assumptions
ere pertinent
ormation from t
enario isn’t
ailable.

30. rtially ascertain
parent security
nd Rubric
ayer University C
r in part, without
ont (size 12),
chool-specific
nment, the stu
and the refere
n source alter
he Word docu
ssignment are
management
mitigating secu
n security mo
e the industry
te risks and th
h issues in se
urity managem
ogic / organiz
per: Risk Ass
Pro

31. 80-
d
and
Satisfacto
described
company
interconn
communi
environm
d
s
the
Satisfacto
defended
assumpti
pertinent
from the
isn’t avail
ned
y
Satisfacto
ascertain
cs
onfidential and P
the expressed w

32. with one-inch
format. Chec
udent’s name,
ence page ar
rnative such a
ment before t
e:
procedures, a
urity risks and
dels and thei
y-standard eq
hwart both int
ecurity manag
ment using pr
zation of the p
sessment
oficient
-89% B
orily
d the
y network,
nection, and
ication
ment.

33. T
d
c
in
c
e
orily
d your
ons where
information
scenario
lable.
T
y
w
in
s
a
orily
ned
T
a
Proprietary inform
written permission
Page 3
h margins on
ck with your
, the professo

34. re not include
as Dia. The
the paper is
and its ability
d vulnerabilitie
r implementa
uipment, tool
ternal and ext
gement.
roper writing
paper, and
Exempla
90-100%
Thoroughly
described the
company netwo
nterconnection
communication
environment.
Thoroughly def
your assumptio
where pertinent
nformation from
scenario isn’t
available.

35. Thoroughly
ascertained app
mation
n of
35 of 50
all
or’s
d in
to
es.
tion
ls,
ternal
ary
% A
ork,
n, and
n
fended
ons
t
m the
parent