The document outlines a multi-step cybersecurity project focused on conducting a comprehensive security analysis, developing a network defense strategy, and managing vulnerabilities for an organization undergoing mergers and acquisitions. Key components include creating a security assessment report (SAR), implementing incident response procedures, and ensuring compliance with industry standards through policy gap analysis. Additionally, it highlights procedures for penetration testing, incident tracking, and continuous improvement in security measures within enterprise networks.

1. CST 630 Project 1Risk, Threat, and
Vulnerability Management
For more classes visit
www.snaptutorial.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis
baseline of the IT systems, which will include a data-flow diagram of
connections and endpoints, and all types of access points, including
wireless. The baseline report will be part of the overall security
assessment report (SAR).
You will get your information from a data-flow diagram and report
from the Microsoft Threat Modeling Tool 2016. The scope should
include network IT security for the whole organization. Click the
following to view the data-flow diagram: [diagram and report]
Include the following areas in this portion of the SAR:
a. Security requirements and goals for the preliminary security
baseline activity.
b. Typical attacks to enterprise networks and their descriptions.
Include Trojans, viruses, worms, denial of service, session
hijacking, and social engineering. Include the impacts these
attacks have on an organization.
c. Network infrastructure and diagram, including configuration
and connections. Describe the security posture with respect to
these components and the security employed: LAN, MAN,
WAN, enterprise. Use these questions to guide you:
a. What are the security risks and concerns?
b. What are ways to get real-time understanding of the
security posture at any time?
c. How regularly should the security of the enterprise
network be tested, and what type of tests should be used?

2. d. What are the processes in play, or to be established to
respond to an incident?
e. Workforce skill is a critical success factor in any security
program, and any security assessment must also review
this component. Lack of a skilled workforce could also be
a security vulnerability. Does the security workforce have
the requisite technical skills and command of the
necessary toolsets to do the job required?
f. Is there an adequate professional development roadmap in
place to maintain and/or improve the skill set as needed?
g. Describe the ways to detect these malicious code and what
tactics bad actors use for evading detection.
d. Public and private access areas, web access points. Include in
the network diagram the delineation of open and closed
networks, where they co-exist. In the open network and closed
network portion, show the connections to the Internet.
e. Physical hardware components. Include routers and switches.
What security weaknesses or vulnerabilities are within these
devices?
f. Operating systems, servers, network management systems.
a. data in transit vulnerabilities
1. endpoint access vulnerabilities
2. external storage vulnerabilities
3. virtual private network vulnerabilities
4. media access control vulnerabilities
5. ethernet vulnerabilities
b. Possible applications. This network will incorporate a BYOD
(bring your own device) policy in the near future. The IT
auditing team and leadership need to understand current mobile
applications and possible future applications and other wireless
integrations. You will use some of this information in Project 2
and also in Project 5.
The overall SAR should detail the security measures needed, or
implementations status of those in progress, to address the identified
vulnerabilities. Include:
a. remediation
b. mitigation

3. c. countermeasure
d. recovery
Through your research, provide the methods used to provide the
protections and defenses.
From the identification of risk factors in the risk model, identify the
appropriate security controls from NIST SP 800-53A and determine
their applicability to the risks identified.
The baseline should make up at least three of the 12 pages of the
overall report.
When you have completed your security analysis baseline, move on to
the next step, in which you will use testing procedures that will help
determine the company's overall network defense strategy.
Step 2: Determine a Network Defense Strategy
You've completed your initial assessment of the company's security
with your baseline analysis. Now it's time to determine the best
defenses for your network.
Start by reading a publication by the National Institute of Standards
and Technology, NIST-SP-800-115 Technical Guide to Information
Security Testing and Assessment, and outline how you would test
violations. Identify how you will assess the effectiveness of these
controls and write test procedures that could be used to test for
effectiveness. Write them in a manner to allow a future information
systems security officer to use them in preparing for an IT security
audit or IT certification and accreditation. Within this portion of the
SAR, explain the different testing types (black box testing, white box
testing).
Include these test plans in the SAR. The strategy should take up at
least two of the 12 pages of the overall report.
Click the following link to learn more about cybersecurity for process
control systems: Cybersecurity for Process Control Systems
After you've completed this step, it's time to define the process of
penetration testing. In the next step, you'll develop rules of
engagement (ROE).

4. Step 3: Plan the Penetration Testing Engagement
Now that you've completed your test plans, it's time to define
your penetration testing process. Include all involved processes,
people, and timeframe. Develop a letter of intent to the organization,
and within the letter, include some formal rules of engagement
(ROE). The process and any documents can be notional or can refer to
actual use cases. If actual use cases are included, cite them using APA
format.
This portion should be about two pages of the overall 12-page report.
After you have outlined the steps of a penetration testing process, in
the next step you will perform penetration testing. During the testing,
you will determine if the security components are updated and if the
latest patches are implemented, and if not, determine where the
security gaps are.
Step 4: Conduct a Network Penetration Test
You've defined the penetration testing process, and in this step, you
will scan the network for vulnerabilities. Though you have some
preliminary information about the network, you will perform a black
box test to assess the current security posture. Black box testing is
performed with little or no information about the network and
organization.
To complete this step, you will use industry tools to carry out
simulated attacks to test the weaknesses of the network. You will do
this within your lab Workspace. The workspace instructions will
provide many of the details, but in the simulation, you will launch a
sandbox type of virtual machine (VM), report your findings and
actual screen captures of the behaviors you see as a result of the tests,
and include these in the SAR.
Your assessments within the lab will be reported in the SAR.
Note: You will use the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the Lab Setup.

5. Click here to access the Project 1 Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace.
After finding the security issues within the network, define which
control families from the NIST 800-53 are violated by these issues.
Explain in the SAR why each is a violation, support your arguments
with a copy of your evidence, and then provide suggestions on
improving the security posture of these violations.
This section should make up at least four of the 12 pages in the
overall report.
After you've completed the penetration testing, move to the next step,
where you will compile a risk management cost benefit analysis.
Step 5: Complete a Risk Management Cost Benefit Analysis
You've completed the penetration testing, and now it's time to
complete your SAR with a risk management cost benefit analysis.
Within this analysis, think about the cost of violations and other areas
if you do not add the controls. Then add in the cost for implementing
your controls.
When you have finished with the cost benefit analysis, which should
be at least one page of your overall report, move to the final step,
which is the completed SAR. As part of the final assignment,
remember that you will need to create a slide presentation as part of
the executive briefing, and submit that along with the SAR.
Step 6: Compile the SAR, Executive Briefing, and Lab Report
You have completed comprehensive testing in preparation for this
audit, provided recommended remediation, and developed a set of
recommendations. Now you are ready to submit your SAR and
executive briefing.
The requirements for Project 1 are as follows:
1. Executive briefing: A three- to five-slide visual presentation for
business executives and board members.
2. Security assessment report (SAR): Your report should be 12
pages minimum, double-spaced with citations in APA format.

6. The page count does not include figures, diagrams, tables or
citations.
3. Lab report: A document sharing your lab experience and
providing screenshots to demonstrate that you performed the
lab. Attach it to the SAR as an artifact.
Submit all three components to the assignment folder.
******************************
CST 630 Project 2 Incident Response
For more classes visit
www.snaptutorial.com
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own
device (BYOD) policy, security attitudes have been lax and all sorts
of devices, authorized and unauthorized, have been found connected
to the company's wireless infrastructure. In this first step, you will
develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153 to provide an executive
summary to answer other security concerns related to BYOD and
wireless. Within your cybersecurity incident report, provide answers
to the threat of unauthorized equipment or rogue access points on the
company wireless network and the methods to find other rogue access
points. Describe how to detect rogue access points and how they can
actually connect to the network. Describe how to identify authorized
access points within your network.
Within your plan, include how the Cyber Kill Chain framework and
approach could be used to improve the incident response times for
networks.

7. Include this at the beginning of your CIR as the basis for all wireless-
and BYOD-related problems within the network. Title the section
"Wireless and BYOD Security Plan."
Click the following link to learn more about security
management: Security Management.
In the next step, you will explore a scenario on suspicious behavior,
and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's
time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious
behavior. You decide to track the employee's movements by using
various tools and techniques. You know the location and time stamps
associated with the employee's mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could
take place in the workplace. How would you protect against both
identity theft and MAC spoofing? Address if it is feasible to
determine if MAC spoofing and identity theft has taken place in the
workplace. Include a whitelist of approved devices for this network.
Examples may include authorized access points, firewalls, and other
similar devices.
Are there any legal issues, problems, or concerns with your actions?
What should be conducted before starting this investigation? Were
your actions authorized, was the notification valid, or are there any
other concerns? Include your responses as part of the CIR with the
title "Tracking Suspicious Behavior."
In the next step, you will explore another workplace scenario, and
your responses will help you formulate a continuous improvement
plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan

8. Now that you've completed the section on tracking suspicious
behavior for your CIR, you are confronted with another situation in
the workplace.
You receive a memo for continuous improvement in the wireless
network of your company, and you are asked to provide a report on
the wireless network used in your company. You have been
monitoring the activities on the WPA2. Provide for your leadership a
description of wired equivalent privacy and also Wi-Fi protected
access networks, for education purposes. Include the pros and cons of
each type of wireless network, as well as WPA2.
Since WPA2 uses encryption to provide secure communications,
define the scheme for using preshared keys for encryption. Is
this FIPS 140-2 compliant, and if not, what is necessary to attain this?
Include this for leadership. Include a list of other wireless protocols,
such as Bluetooth, and provide a comparative analysis of four
protocols including the pros, cons, and suitability for your company.
Include your responses as part of the CIR with the title "Continuous
Improvement Plan."
In the next step, you will look at yet another workplace scenario, and
you will use that incident to show management how remote
configuration management works.
Step 4: Develop Remote Configuration Management
You've completed the continuous improvement plan portion of the
CIR. Now, it's time to show how your company has
implemented remote configuration management.
Start your incident report with a description of remote configuration
management and how it is used in maintaining the security posture of
your company's network. Then, consider the following scenario:
An undocumented device is found on the company network. You
have determined that the owner of the device should be removed from
the network. Implement this and explain how you would remove the
employee's device. How would you show proof that the device was
removed?
Include your responses as part of the CIR with the title "Remote
Configuration Management."

9. In the next step, you will illustrate how you investigate possible
employee misconduct.
Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you would
investigate possible employee misconduct. You have been given a
report that an employee has recorded logins during unofficial duty
hours. The employee has set up access through an ad-hoc wireless
network. Provide a definition of ad hoc wireless networks and identify
the threats and vulnerabilities to a company. How could this network
contribute to the company infrastructure and how would you protect
against those threats? Use notional information or actual case data and
discuss.
Address self-configuring dynamic networks on open
access architecture and the threats and vulnerabilities associated with
them, as well as the possible protections that should be implemented.
From your position as an incident manager, how would you detect an
employee connecting to a self-configuring network or an ad hoc
network? Provide this information in the report. How would signal
hiding be a countermeasure for wireless networks? What are the
countermeasures for signal hiding? How is the service set identifier
(SSID) used by cybersecurity professionals on wireless networks?
Are these always broadcast, and if not, why not? How would you
validate that the user is working outside of business hours?
Include your responses as part of the CIR with the title "Employee
Misconduct."
In the next step, you will use lab tools to analyze wireless traffic.
Step 6: Analyze Wireless Traffic
You've completed several steps that you will use to present your CIR.
In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to precaptured files of wireless traffic on the
company network. This is another way to monitor employee behavior
and detect any malicious behavior, intentional or even unintentional.

10. Note: You will use the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the Lab Setup.
Click here to access the Project 2 Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace.
Include your responses from the lab as part of the CIR with the title
"Wireless Traffic Analysis."
Step 7: Prepare the Cybersecurity Incident Report, Executive
Briefing, and Executive Summary
You've completed all of the individual steps for your cybersecurity
incident report. It's time to combine the reports you completed in the
previous steps into a single CIR.
The assignments for this project are as follows:
1. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
2. Executive summary: This is a one-page summary at the
beginning of your CIR.
3. Cybersecurity Incident Report (CIR): Your report should be a
minimum 12-page double-spaced Word document with citations
in APA format. The page count does not include figures,
diagrams, tables or citations.
Submit all three documents to the assignment folder.
Deliverables: Cybersecurity Incident Report (CIR), Slides to Support
Executive Briefing
Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9
******************************
CST 630 Project 3 Enterprise Network Security
For more classes visit

11. www.snaptutorial.com
Project 3
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity
for mergers and acquisitions, keep in mind that the networks of
companies going through an M&A can be subject to cyberattack. As
you work through this step and the others, keep these questions in
mind:
 Are companies going through an M&A prone to more attacks or
more focused attacks?
 If so, what is the appropriate course of action?
 Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition
of the media streaming company. You have to explain to the
executives that before any systems are integrated, their security
policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security
policies follow relevant industry standards as well as local, state, and
national laws and regulations. In other words, you need to make sure
the new company will not inherit any statutory or regulatory
noncompliance from either of the two original companies. This step
would also identify what, if any, laws and regulations the target
company is subject to. If those are different from the laws and
regulations the acquiring company is subject to, then this document
should answer the following questions:
 How would you identify the differences?
 How would you learn about the relevant laws and regulations?
 How would you ensure compliance with those laws and
regulations?
The streaming company that is being acquired has a current customer
base of 150,000 users, who on average pay $14.99 in monthly fees.
Based on the overall income, use PCI Standards DSS 12
requirements, and the PCI DSS Quick Reference Guide to identify

12. a secure strategy, and operating system protections to protect the
credit card data.
Select at least two appropriate requirements from the PCI Standards
DSS 12 set of requirements and explain how the controls should be
implemented, how they will change the current network, and any
costs associated with implementing the change.
In the next step, you will review the streaming protocols that the
companies are using.
Step 2: Review Protocols for Streaming Services
After reviewing the policies from the company and the policy gap
analysis, the M&A leader asks you about the protocols used by the
streaming company. He wants to know if the protocols used would
affect the current state of cybersecurity within the current company
environment. For this section, review the protocols, explain how they
work along with any known vulnerabilities, and how to secure the
company from cyberattacks. Start with researching the commonly
known streaming protocols and the vulnerabilities of those protocols.
Some examples are the Real-Time Streaming Protocol (RTSP), Real-
Time Transport Protocol (RTP) and the Real-Time Transport Control
Protocol (RTCP).
Additionally, the leadership wants to know if any vulnerabilities
identified would or could lead to a no-go on the M&A.
In other words:
1. You need to identify what streaming the companies are doing
and the specific technology they are leveraging.
2. What are the technical vulnerabilities associated with the
protocols involved?
3. Have those been mitigated? And to what extent (i.e., has the risk
been reduced to zero, reduced somewhat, shifted to a third party,
etc.)?
4. What residual risk to the target company's assets and IP remain?
5. Would those risks extend to the current (takeover) company
after the merger?
a. Would that be bad enough to cancel the M&A?

13. 6. If the response to #5 is yes, then, what should the target
company do to further mitigate the risk? How should the
takeover company mitigate the risk?
7. What are the costs associated to the target company
(implementing the appropriate mitigation)? If the takeover firm
has to take additional measures, identify those costs as well.
After assessing and reviewing the streaming protocols, move to the
next step, where you will assess the infrastructure of the merged
network.
Step 3: Assess the Merged Network Infrastructure
You’ve just reviewed the streaming services of the companies, and
now you will assess the infrastructure of the new network. The
networks of the two companies could be configured differently, or
they could use the same hardware and software, or completely
different hardware and software.
The purpose of this section is to understand what tools the company is
using, the benefits and shortcomings of those tools, and the gaps
within the network. Explain what tactics, techniques, and procedures
you would use to understand the network. You should identify
firewalls, DMZ(s), other network systems, and the status of those
devices.
When your assessment of the infrastructure is complete, move to the
next step, where you will assess any existing policies for wireless and
bring your own device (BYOD) within the companies.
Step 4: Review the Wireless and BYOD Policies
Within Project 2, you learned about and discussed wireless networks.
An M&A provides an opportunity for both companies to review their
wireless networks. Within your report, explain the media company's
current stance on wireless devices and BYOD. However, the company
that is being acquired does not have a BYOD policy. Explain to the
managers of the acquisition what needs to be done for the new
company to meet the goals of the BYOD policy.

14. When the review of the wireless and BYOD policies is complete,
move to the next step: developing a data protection plan.
Step 5: Develop a Data Protection Plan
You’ve completed the review of the wireless and BYOD policies. In
this step, you will develop the recommendations portion of your
report in which you will suggest additional mechanisms for data
protection at different levels of the acquired company’s architecture.
Include the benefits, implementation activities required for protection
and defense measures such as full disk encryption, BitLocker,
and platform identity keys. You also want to convey to your
leadership the importance of system integrity and an overall trusted
computing base, environment, and support. Describe what this would
entail and include Trusted Platform Module (TPM) components and
drivers. How are these mechanisms employed in an authentication
and authorization system? Include this in the report and whether the
merging company has this.
In the next step, you will assess any risks with the supply chain of the
acquired company.
Step 6: Review Supply Chain Risk
The data protection plan is ready. In this step, you will take a look at
risks to the supply chain. Acquiring a new company also means
inheriting the risks associated with its supply chain and those firm's
systems and technologies. Include supply chain risks and list the
security measures in place to mitigate those risks. Use the NIST
Special Publication 800-161 Supply Chain Risk Management
Practices for Federal Information Systems and Organizations to
explain the areas that need to be addressed.
After your supply chain review is complete, move to the next step,
where you will create a vulnerability management program.
Step 7: Build a Vulnerability Management Program

15. After your supply chain review, you conduct an interview with the
company's current cybersecurity team about vulnerability
management. The team members explain to you that they never
scanned or had the time to build a vulnerability management program.
So, you need to build one. Use NIST Special Publication 800-40
Guide to Enterprise Patch Management Technologies to develop a
program to meet the missing need.
Explain to the managers how to implement this change, why it is
needed, and any costs involved.
The next step is a key one that should not be overlooked -- the need to
educate users from both companies of the changes being made
Step 8: Educate Users
You’ve completed your vulnerability management program, but it’s
important to educate all the users of the network about the changes.
During the process of acquiring a company, policies, processes, and
other aspects are often updated. The last step in the process is to
inform the users for the new and old company of the changes. Within
your report, explain to the acquisition managers the requirements for
training the workforce.
When you’ve completed this step, move to the final section of this
project, in which you will prepare and submit your final report.
Step 9: Prepare and Submit Your Report, Executive Briefing, and
Executive Summary
You’re ready now for the final step, in which you will compile and
deliver the Cybersecurity for a Successful Acquisition report for the
company leaders to enable them to understand the required
cybersecurity strategy.
Again, keep in mind that companies undergoing an acquisition or
merger are more prone to cyberattacks. The purpose of this paper is to
analyze the security posture of both companies and to develop a plan
to reduce the possibility of an attack.
The assignments for this project are as follows:

16. 1. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
2. Executive summary: This is a one-page summary at the
beginning of your report.
3. Cybersecurity System Security Report for Successful
Acquisition: Your report should be a minimum 12-page double-
spaced Word document with citations in APA format. The page
count does not include figures, diagrams, tables or citations.
Submit all three components to the assignment folder.
Deliverables: Cybersecurity for a Successful Acquisition, Slides to
Support Executive Briefing
******************************
CST 630 Project 4Secure Videoconferencing
Communications
For more classes visit
www.snaptutorial.com
Project 4
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system
is to develop a set of functional requirements for videoconferencing
that you believe the media company will nee based on its geographic
dispersion and business needs.
In developing those requirements, research three videoconferencing
solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex
and explain their capabilities, advantages, and disadvantages. Identify
costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a
section of your Proposal for Secure Videoconferencing. In the next
step, you will review the challenges of implementing those solutions.

17. Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements for secure
videoconferencing for the company and outlined three potential
solutions. Part of your final proposal should also include the
advantages and disadvantages of the implementation options for the
three systems you selected. This section of the proposal also must
include the changes the media company will need to make to
implement the systems.
Additionally, explain how system administration or privileged
identity management will operate with these systems. You will also
need to examine how data exfiltration will occur with each of the new
systems.
The changes to the systems and challenges for the implementation of
these potential solutions will be an important section of your Proposal
for Secure Videoconferencing. In the next step, you will take a closer
look at the track records of each of the potential videoconferencing
vendors.
Step 3: Identify Vendor Risks
You've finished outlining the pros and cons of three
videoconferencing systems. Now, it'S time to take a close look at how
they serve their clients. This will take some research. Look at the
systems' known vulnerabilities and exploits. Examine and explain the
past history of each vendor with normal notification timelines, release
of patches, or work-arounds (solutions within the system without
using a patch). Your goal is to know the timeliness of response with
each company in helping customers stay secure.
This step will be a section of your Proposal for Secure
Videoconferencing.
In the next step, you will outline best practices for secure
videoconferencing that will be part of your overall proposal to
management
Step 4: Develop Best Practices for Secure Videoconferencing

18. The last few steps have been devoted to analyzing potential
videoconferencing solutions. But obtaining a trusted vendor is just
part of the security efforts. Another important step is to ensure that
users and system administrators conduct the company's
videoconferencing in a secure manner. In this step, outline security
best practices for videoconferencing that you would like users and
systems administrators to follow. Discuss how these best practices
will improve security and minimize risks of data exfiltration as well
as snooping.
This "best practices" section will be part of the overall Proposal for
Secure Videoconferencing.
In the next step, you will develop system integrity checks within a
virtual lab environment.
Step 5: Develop System Integrity Checks
As part of the overall proposal, the CISO has asked you to develop
system integrity checks for files shared between users of the
videoconferencing systems. These checks will ensure file protection
and prevent exfiltration of sensitive files.
The lab exercise will show how this is done. In this step, you will
generate a lab report that will be part of your final assignment. The
lab instructions will tell you what the report needs to contain.
Note:
You will use the tools in Workspace for this step. If you need help
outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the lab Setup.
Click here to access the Project Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools
you will use. Then, enter Workspace
(http://virtualdesktop.umuc.edu/).
This will be a section of your Proposal for Secure Videoconferencing.
Now, you are ready for the final step, which will be to put all of the
components of the proposal together for management. Remember,

19. your task is to recommend the best videoconferencing system for the
company. Part of that proposal includes a set of high-level executive
briefing slides.
Step 6: Submit Your Proposal for Secure Videoconferencing and
All Related Materials
It’s time to prepare your materials on secure videoconferencing for
management. Your task is to recommend a system that best meets the
business functionality and security requirements of the company. As
part of that recommendation, you will also prepare a set of high-level
executive briefing slides to give the CEO and CIO an overview of
your study.
The assignments for this project are as follows:
1. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
2. Executive summary: This is a one-page summary at the
beginning of your Proposal for Secure Videoconferencing.
3. Proposal for Secure Videoconferencing: Your report should be a
minimum six-page double- spaced Word document with
citations in APA format. The page count does not include
figures, diagrams, tables or citations.
4. Lab report: Generated from Workspace.
Submit all four components to the assignment folder.
******************************
CST 630 Project 5 Data Loss Prevention (21
Pages + 10 slides + lab report)
For more classes visit
www.snaptutorial.com
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab
report)

20. ******************************
CST 630 Project 1Risk, Threat, and
Vulnerability Management
For more classes visit
www.snaptutorial.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis
baseline of the IT systems, which will include a data-flow diagram of
connections and endpoints, and all types of access points, including
wireless. The baseline report will be part of the overall security
assessment report (SAR).
You will get your information from a data-flow diagram and report
from the Microsoft Threat Modeling Tool 2016. The scope should
include network IT security for the whole organization. Click the
following to view the data-flow diagram: [diagram and report]
Include the following areas in this portion of the SAR:
c. Security requirements and goals for the preliminary security
baseline activity.
d. Typical attacks to enterprise networks and their descriptions.
Include Trojans, viruses, worms, denial of service, session
hijacking, and social engineering. Include the impacts these
attacks have on an organization.
e. Network infrastructure and diagram, including configuration
and connections. Describe the security posture with respect to
these components and the security employed: LAN, MAN,
WAN, enterprise. Use these questions to guide you:
a. What are the security risks and concerns?
b. What are ways to get real-time understanding of the
security posture at any time?

21. c. How regularly should the security of the enterprise
network be tested, and what type of tests should be used?
d. What are the processes in play, or to be established to
respond to an incident?
e. Workforce skill is a critical success factor in any security
program, and any security assessment must also review
this component. Lack of a skilled workforce could also be
a security vulnerability. Does the security workforce have
the requisite technical skills and command of the
necessary toolsets to do the job required?
f. Is there an adequate professional development roadmap in
place to maintain and/or improve the skill set as needed?
g. Describe the ways to detect these malicious code and what
tactics bad actors use for evading detection.
f. Public and private access areas, web access points. Include in
the network diagram the delineation of open and closed
networks, where they co-exist. In the open network and closed
network portion, show the connections to the Internet.
g. Physical hardware components. Include routers and switches.
What security weaknesses or vulnerabilities are within these
devices?
h. Operating systems, servers, network management systems.
i. data in transit vulnerabilities
1. endpoint access vulnerabilities
2. external storage vulnerabilities
3. virtual private network vulnerabilities
4. media access control vulnerabilities
5. ethernet vulnerabilities
j. Possible applications. This network will incorporate a BYOD
(bring your own device) policy in the near future. The IT
auditing team and leadership need to understand current mobile
applications and possible future applications and other wireless
integrations. You will use some of this information in Project 2
and also in Project 5.
The overall SAR should detail the security measures needed, or
implementations status of those in progress, to address the identified
vulnerabilities. Include:

22. e. remediation
f. mitigation
g. countermeasure
h. recovery
Through your research, provide the methods used to provide the
protections and defenses.
From the identification of risk factors in the risk model, identify the
appropriate security controls from NIST SP 800-53A and determine
their applicability to the risks identified.
The baseline should make up at least three of the 12 pages of the
overall report.
When you have completed your security analysis baseline, move on to
the next step, in which you will use testing procedures that will help
determine the company's overall network defense strategy.
Step 2: Determine a Network Defense Strategy
You've completed your initial assessment of the company's security
with your baseline analysis. Now it's time to determine the best
defenses for your network.
Start by reading a publication by the National Institute of Standards
and Technology, NIST-SP-800-115 Technical Guide to Information
Security Testing and Assessment, and outline how you would test
violations. Identify how you will assess the effectiveness of these
controls and write test procedures that could be used to test for
effectiveness. Write them in a manner to allow a future information
systems security officer to use them in preparing for an IT security
audit or IT certification and accreditation. Within this portion of the
SAR, explain the different testing types (black box testing, white box
testing).
Include these test plans in the SAR. The strategy should take up at
least two of the 12 pages of the overall report.
Click the following link to learn more about cybersecurity for process
control systems: Cybersecurity for Process Control Systems
After you've completed this step, it's time to define the process of
penetration testing. In the next step, you'll develop rules of
engagement (ROE).

23. Step 3: Plan the Penetration Testing Engagement
Now that you've completed your test plans, it's time to define
your penetration testing process. Include all involved processes,
people, and timeframe. Develop a letter of intent to the organization,
and within the letter, include some formal rules of engagement
(ROE). The process and any documents can be notional or can refer to
actual use cases. If actual use cases are included, cite them using APA
format.
This portion should be about two pages of the overall 12-page report.
After you have outlined the steps of a penetration testing process, in
the next step you will perform penetration testing. During the testing,
you will determine if the security components are updated and if the
latest patches are implemented, and if not, determine where the
security gaps are.
Step 4: Conduct a Network Penetration Test
You've defined the penetration testing process, and in this step, you
will scan the network for vulnerabilities. Though you have some
preliminary information about the network, you will perform a black
box test to assess the current security posture. Black box testing is
performed with little or no information about the network and
organization.
To complete this step, you will use industry tools to carry out
simulated attacks to test the weaknesses of the network. You will do
this within your lab Workspace. The workspace instructions will
provide many of the details, but in the simulation, you will launch a
sandbox type of virtual machine (VM), report your findings and
actual screen captures of the behaviors you see as a result of the tests,
and include these in the SAR.
Your assessments within the lab will be reported in the SAR.
Note: You will use the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.

24. Click here to access the instructions for Navigating the Workspace
and the Lab Setup.
Click here to access the Project 1 Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace.
After finding the security issues within the network, define which
control families from the NIST 800-53 are violated by these issues.
Explain in the SAR why each is a violation, support your arguments
with a copy of your evidence, and then provide suggestions on
improving the security posture of these violations.
This section should make up at least four of the 12 pages in the
overall report.
After you've completed the penetration testing, move to the next step,
where you will compile a risk management cost benefit analysis.
Step 5: Complete a Risk Management Cost Benefit Analysis
You've completed the penetration testing, and now it's time to
complete your SAR with a risk management cost benefit analysis.
Within this analysis, think about the cost of violations and other areas
if you do not add the controls. Then add in the cost for implementing
your controls.
When you have finished with the cost benefit analysis, which should
be at least one page of your overall report, move to the final step,
which is the completed SAR. As part of the final assignment,
remember that you will need to create a slide presentation as part of
the executive briefing, and submit that along with the SAR.
Step 6: Compile the SAR, Executive Briefing, and Lab Report
You have completed comprehensive testing in preparation for this
audit, provided recommended remediation, and developed a set of
recommendations. Now you are ready to submit your SAR and
executive briefing.
The requirements for Project 1 are as follows:
4. Executive briefing: A three- to five-slide visual presentation for
business executives and board members.

25. 5. Security assessment report (SAR): Your report should be 12
pages minimum, double-spaced with citations in APA format.
The page count does not include figures, diagrams, tables or
citations.
6. Lab report: A document sharing your lab experience and
providing screenshots to demonstrate that you performed the
lab. Attach it to the SAR as an artifact.
Submit all three components to the assignment folder.
******************************
CST 630 Project 2 Incident Response
For more classes visit
www.snaptutorial.com
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own
device (BYOD) policy, security attitudes have been lax and all sorts
of devices, authorized and unauthorized, have been found connected
to the company's wireless infrastructure. In this first step, you will
develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153 to provide an executive
summary to answer other security concerns related to BYOD and
wireless. Within your cybersecurity incident report, provide answers
to the threat of unauthorized equipment or rogue access points on the
company wireless network and the methods to find other rogue access
points. Describe how to detect rogue access points and how they can
actually connect to the network. Describe how to identify authorized
access points within your network.
Within your plan, include how the Cyber Kill Chain framework and
approach could be used to improve the incident response times for
networks.

26. Include this at the beginning of your CIR as the basis for all wireless-
and BYOD-related problems within the network. Title the section
"Wireless and BYOD Security Plan."
Click the following link to learn more about security
management: Security Management.
In the next step, you will explore a scenario on suspicious behavior,
and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's
time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious
behavior. You decide to track the employee's movements by using
various tools and techniques. You know the location and time stamps
associated with the employee's mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could
take place in the workplace. How would you protect against both
identity theft and MAC spoofing? Address if it is feasible to
determine if MAC spoofing and identity theft has taken place in the
workplace. Include a whitelist of approved devices for this network.
Examples may include authorized access points, firewalls, and other
similar devices.
Are there any legal issues, problems, or concerns with your actions?
What should be conducted before starting this investigation? Were
your actions authorized, was the notification valid, or are there any
other concerns? Include your responses as part of the CIR with the
title "Tracking Suspicious Behavior."
In the next step, you will explore another workplace scenario, and
your responses will help you formulate a continuous improvement
plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan

27. Now that you've completed the section on tracking suspicious
behavior for your CIR, you are confronted with another situation in
the workplace.
You receive a memo for continuous improvement in the wireless
network of your company, and you are asked to provide a report on
the wireless network used in your company. You have been
monitoring the activities on the WPA2. Provide for your leadership a
description of wired equivalent privacy and also Wi-Fi protected
access networks, for education purposes. Include the pros and cons of
each type of wireless network, as well as WPA2.
Since WPA2 uses encryption to provide secure communications,
define the scheme for using preshared keys for encryption. Is
this FIPS 140-2 compliant, and if not, what is necessary to attain this?
Include this for leadership. Include a list of other wireless protocols,
such as Bluetooth, and provide a comparative analysis of four
protocols including the pros, cons, and suitability for your company.
Include your responses as part of the CIR with the title "Continuous
Improvement Plan."
In the next step, you will look at yet another workplace scenario, and
you will use that incident to show management how remote
configuration management works.
Step 4: Develop Remote Configuration Management
You've completed the continuous improvement plan portion of the
CIR. Now, it's time to show how your company has
implemented remote configuration management.
Start your incident report with a description of remote configuration
management and how it is used in maintaining the security posture of
your company's network. Then, consider the following scenario:
An undocumented device is found on the company network. You
have determined that the owner of the device should be removed from
the network. Implement this and explain how you would remove the
employee's device. How would you show proof that the device was
removed?
Include your responses as part of the CIR with the title "Remote
Configuration Management."

28. In the next step, you will illustrate how you investigate possible
employee misconduct.
Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you would
investigate possible employee misconduct. You have been given a
report that an employee has recorded logins during unofficial duty
hours. The employee has set up access through an ad-hoc wireless
network. Provide a definition of ad hoc wireless networks and identify
the threats and vulnerabilities to a company. How could this network
contribute to the company infrastructure and how would you protect
against those threats? Use notional information or actual case data and
discuss.
Address self-configuring dynamic networks on open
access architecture and the threats and vulnerabilities associated with
them, as well as the possible protections that should be implemented.
From your position as an incident manager, how would you detect an
employee connecting to a self-configuring network or an ad hoc
network? Provide this information in the report. How would signal
hiding be a countermeasure for wireless networks? What are the
countermeasures for signal hiding? How is the service set identifier
(SSID) used by cybersecurity professionals on wireless networks?
Are these always broadcast, and if not, why not? How would you
validate that the user is working outside of business hours?
Include your responses as part of the CIR with the title "Employee
Misconduct."
In the next step, you will use lab tools to analyze wireless traffic.
Step 6: Analyze Wireless Traffic
You've completed several steps that you will use to present your CIR.
In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to precaptured files of wireless traffic on the
company network. This is another way to monitor employee behavior
and detect any malicious behavior, intentional or even unintentional.

29. Note: You will use the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the Lab Setup.
Click here to access the Project 2 Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace.
Include your responses from the lab as part of the CIR with the title
"Wireless Traffic Analysis."
Step 7: Prepare the Cybersecurity Incident Report, Executive
Briefing, and Executive Summary
You've completed all of the individual steps for your cybersecurity
incident report. It's time to combine the reports you completed in the
previous steps into a single CIR.
The assignments for this project are as follows:
4. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
5. Executive summary: This is a one-page summary at the
beginning of your CIR.
6. Cybersecurity Incident Report (CIR): Your report should be a
minimum 12-page double-spaced Word document with citations
in APA format. The page count does not include figures,
diagrams, tables or citations.
Submit all three documents to the assignment folder.
Deliverables: Cybersecurity Incident Report (CIR), Slides to Support
Executive Briefing
Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9
******************************
CST 630 Project 3 Enterprise Network Security
For more classes visit

30. www.snaptutorial.com
Project 3
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity
for mergers and acquisitions, keep in mind that the networks of
companies going through an M&A can be subject to cyberattack. As
you work through this step and the others, keep these questions in
mind:
 Are companies going through an M&A prone to more attacks or
more focused attacks?
 If so, what is the appropriate course of action?
 Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition
of the media streaming company. You have to explain to the
executives that before any systems are integrated, their security
policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security
policies follow relevant industry standards as well as local, state, and
national laws and regulations. In other words, you need to make sure
the new company will not inherit any statutory or regulatory
noncompliance from either of the two original companies. This step
would also identify what, if any, laws and regulations the target
company is subject to. If those are different from the laws and
regulations the acquiring company is subject to, then this document
should answer the following questions:
 How would you identify the differences?
 How would you learn about the relevant laws and regulations?
 How would you ensure compliance with those laws and
regulations?
The streaming company that is being acquired has a current customer
base of 150,000 users, who on average pay $14.99 in monthly fees.
Based on the overall income, use PCI Standards DSS 12
requirements, and the PCI DSS Quick Reference Guide to identify

31. a secure strategy, and operating system protections to protect the
credit card data.
Select at least two appropriate requirements from the PCI Standards
DSS 12 set of requirements and explain how the controls should be
implemented, how they will change the current network, and any
costs associated with implementing the change.
In the next step, you will review the streaming protocols that the
companies are using.
Step 2: Review Protocols for Streaming Services
After reviewing the policies from the company and the policy gap
analysis, the M&A leader asks you about the protocols used by the
streaming company. He wants to know if the protocols used would
affect the current state of cybersecurity within the current company
environment. For this section, review the protocols, explain how they
work along with any known vulnerabilities, and how to secure the
company from cyberattacks. Start with researching the commonly
known streaming protocols and the vulnerabilities of those protocols.
Some examples are the Real-Time Streaming Protocol (RTSP), Real-
Time Transport Protocol (RTP) and the Real-Time Transport Control
Protocol (RTCP).
Additionally, the leadership wants to know if any vulnerabilities
identified would or could lead to a no-go on the M&A.
In other words:
8. You need to identify what streaming the companies are doing
and the specific technology they are leveraging.
9. What are the technical vulnerabilities associated with the
protocols involved?
10. Have those been mitigated? And to what extent (i.e., has
the risk been reduced to zero, reduced somewhat, shifted to a
third party, etc.)?
11. What residual risk to the target company's assets and IP
remain?
12. Would those risks extend to the current (takeover)
company after the merger?
a. Would that be bad enough to cancel the M&A?

32. 13. If the response to #5 is yes, then, what should the target
company do to further mitigate the risk? How should the
takeover company mitigate the risk?
14. What are the costs associated to the target company
(implementing the appropriate mitigation)? If the takeover firm
has to take additional measures, identify those costs as well.
After assessing and reviewing the streaming protocols, move to the
next step, where you will assess the infrastructure of the merged
network.
Step 3: Assess the Merged Network Infrastructure
You’ve just reviewed the streaming services of the companies, and
now you will assess the infrastructure of the new network. The
networks of the two companies could be configured differently, or
they could use the same hardware and software, or completely
different hardware and software.
The purpose of this section is to understand what tools the company is
using, the benefits and shortcomings of those tools, and the gaps
within the network. Explain what tactics, techniques, and procedures
you would use to understand the network. You should identify
firewalls, DMZ(s), other network systems, and the status of those
devices.
When your assessment of the infrastructure is complete, move to the
next step, where you will assess any existing policies for wireless and
bring your own device (BYOD) within the companies.
Step 4: Review the Wireless and BYOD Policies
Within Project 2, you learned about and discussed wireless networks.
An M&A provides an opportunity for both companies to review their
wireless networks. Within your report, explain the media company's
current stance on wireless devices and BYOD. However, the company
that is being acquired does not have a BYOD policy. Explain to the
managers of the acquisition what needs to be done for the new
company to meet the goals of the BYOD policy.

33. When the review of the wireless and BYOD policies is complete,
move to the next step: developing a data protection plan.
Step 5: Develop a Data Protection Plan
You’ve completed the review of the wireless and BYOD policies. In
this step, you will develop the recommendations portion of your
report in which you will suggest additional mechanisms for data
protection at different levels of the acquired company’s architecture.
Include the benefits, implementation activities required for protection
and defense measures such as full disk encryption, BitLocker,
and platform identity keys. You also want to convey to your
leadership the importance of system integrity and an overall trusted
computing base, environment, and support. Describe what this would
entail and include Trusted Platform Module (TPM) components and
drivers. How are these mechanisms employed in an authentication
and authorization system? Include this in the report and whether the
merging company has this.
In the next step, you will assess any risks with the supply chain of the
acquired company.
Step 6: Review Supply Chain Risk
The data protection plan is ready. In this step, you will take a look at
risks to the supply chain. Acquiring a new company also means
inheriting the risks associated with its supply chain and those firm's
systems and technologies. Include supply chain risks and list the
security measures in place to mitigate those risks. Use the NIST
Special Publication 800-161 Supply Chain Risk Management
Practices for Federal Information Systems and Organizations to
explain the areas that need to be addressed.
After your supply chain review is complete, move to the next step,
where you will create a vulnerability management program.
Step 7: Build a Vulnerability Management Program

34. After your supply chain review, you conduct an interview with the
company's current cybersecurity team about vulnerability
management. The team members explain to you that they never
scanned or had the time to build a vulnerability management program.
So, you need to build one. Use NIST Special Publication 800-40
Guide to Enterprise Patch Management Technologies to develop a
program to meet the missing need.
Explain to the managers how to implement this change, why it is
needed, and any costs involved.
The next step is a key one that should not be overlooked -- the need to
educate users from both companies of the changes being made
Step 8: Educate Users
You’ve completed your vulnerability management program, but it’s
important to educate all the users of the network about the changes.
During the process of acquiring a company, policies, processes, and
other aspects are often updated. The last step in the process is to
inform the users for the new and old company of the changes. Within
your report, explain to the acquisition managers the requirements for
training the workforce.
When you’ve completed this step, move to the final section of this
project, in which you will prepare and submit your final report.
Step 9: Prepare and Submit Your Report, Executive Briefing, and
Executive Summary
You’re ready now for the final step, in which you will compile and
deliver the Cybersecurity for a Successful Acquisition report for the
company leaders to enable them to understand the required
cybersecurity strategy.
Again, keep in mind that companies undergoing an acquisition or
merger are more prone to cyberattacks. The purpose of this paper is to
analyze the security posture of both companies and to develop a plan
to reduce the possibility of an attack.
The assignments for this project are as follows:

35. 4. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
5. Executive summary: This is a one-page summary at the
beginning of your report.
6. Cybersecurity System Security Report for Successful
Acquisition: Your report should be a minimum 12-page double-
spaced Word document with citations in APA format. The page
count does not include figures, diagrams, tables or citations.
Submit all three components to the assignment folder.
Deliverables: Cybersecurity for a Successful Acquisition, Slides to
Support Executive Briefing
******************************
CST 630 Project 4Secure Videoconferencing
Communications
For more classes visit
www.snaptutorial.com
Project 4
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system
is to develop a set of functional requirements for videoconferencing
that you believe the media company will nee based on its geographic
dispersion and business needs.
In developing those requirements, research three videoconferencing
solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex
and explain their capabilities, advantages, and disadvantages. Identify
costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a
section of your Proposal for Secure Videoconferencing. In the next
step, you will review the challenges of implementing those solutions.

36. Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements for secure
videoconferencing for the company and outlined three potential
solutions. Part of your final proposal should also include the
advantages and disadvantages of the implementation options for the
three systems you selected. This section of the proposal also must
include the changes the media company will need to make to
implement the systems.
Additionally, explain how system administration or privileged
identity management will operate with these systems. You will also
need to examine how data exfiltration will occur with each of the new
systems.
The changes to the systems and challenges for the implementation of
these potential solutions will be an important section of your Proposal
for Secure Videoconferencing. In the next step, you will take a closer
look at the track records of each of the potential videoconferencing
vendors.
Step 3: Identify Vendor Risks
You've finished outlining the pros and cons of three
videoconferencing systems. Now, it'S time to take a close look at how
they serve their clients. This will take some research. Look at the
systems' known vulnerabilities and exploits. Examine and explain the
past history of each vendor with normal notification timelines, release
of patches, or work-arounds (solutions within the system without
using a patch). Your goal is to know the timeliness of response with
each company in helping customers stay secure.
This step will be a section of your Proposal for Secure
Videoconferencing.
In the next step, you will outline best practices for secure
videoconferencing that will be part of your overall proposal to
management
Step 4: Develop Best Practices for Secure Videoconferencing

37. The last few steps have been devoted to analyzing potential
videoconferencing solutions. But obtaining a trusted vendor is just
part of the security efforts. Another important step is to ensure that
users and system administrators conduct the company's
videoconferencing in a secure manner. In this step, outline security
best practices for videoconferencing that you would like users and
systems administrators to follow. Discuss how these best practices
will improve security and minimize risks of data exfiltration as well
as snooping.
This "best practices" section will be part of the overall Proposal for
Secure Videoconferencing.
In the next step, you will develop system integrity checks within a
virtual lab environment.
Step 5: Develop System Integrity Checks
As part of the overall proposal, the CISO has asked you to develop
system integrity checks for files shared between users of the
videoconferencing systems. These checks will ensure file protection
and prevent exfiltration of sensitive files.
The lab exercise will show how this is done. In this step, you will
generate a lab report that will be part of your final assignment. The
lab instructions will tell you what the report needs to contain.
Note:
You will use the tools in Workspace for this step. If you need help
outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the lab Setup.
Click here to access the Project Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools
you will use. Then, enter Workspace
(http://virtualdesktop.umuc.edu/).
This will be a section of your Proposal for Secure Videoconferencing.
Now, you are ready for the final step, which will be to put all of the
components of the proposal together for management. Remember,

38. your task is to recommend the best videoconferencing system for the
company. Part of that proposal includes a set of high-level executive
briefing slides.
Step 6: Submit Your Proposal for Secure Videoconferencing and
All Related Materials
It’s time to prepare your materials on secure videoconferencing for
management. Your task is to recommend a system that best meets the
business functionality and security requirements of the company. As
part of that recommendation, you will also prepare a set of high-level
executive briefing slides to give the CEO and CIO an overview of
your study.
The assignments for this project are as follows:
5. Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
6. Executive summary: This is a one-page summary at the
beginning of your Proposal for Secure Videoconferencing.
7. Proposal for Secure Videoconferencing: Your report should be a
minimum six-page double- spaced Word document with
citations in APA format. The page count does not include
figures, diagrams, tables or citations.
8. Lab report: Generated from Workspace.
Submit all four components to the assignment folder.
******************************
CST 630 Project 5 Data Loss Prevention (21
Pages + 10 slides + lab report)
For more classes visit
www.snaptutorial.com
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab
report)

39. ******************************