Project 1CST630 Project ChecklistStudent Name DateNote This che

Project 1CST630 Project ChecklistStudent Name: Date:Note:
This checklist is designed based on the required project
deliverables in the project steps and instructions in the
classroom to help students and professors effectively write
papers and evaluate assignment submissions respectively.
Currently, it supplements the course grading rubric and it's use
is optional. The Department welcomes any recommendation(s)
for improvement.Project 1: Requires the Following THREE
PiecesAreas to Improve1. Security Assessment Report (SAR)(12
pages minimum, double-spaced)2. Executive Briefing Slides (3
to 5 slides) 3. Lab Experience Report with ScreenshotsSpecific
Details1. Security Assessment Report (12 pages)Conduct a
Security Analysis Baseline (3 of 12 ages)Security requirements
and goals for the preliminary security baseline activity.Typical
attacks to enterprise networks and their descriptions. Include
Trojans, viruses, worms, denial of service, session hijacking,
and social engineering.Include the impacts these attacks have on
an organization.Network infrastructure and diagram, including
configuration and connections Describe the security posture
with respect to LAN, MAN, WAN, enterprise.Network
infrastructure and diagram, including configuration and
connections and endpoints. What are the security risks and
concerns?What are ways to get real-time understanding of the
security posture at any time?How regularly should the security
of the enterprise network be tested, and what type of tests
should be used?What are the processes in play, or to be
established to respond to an incident?Does the security
workforce have the requisite technical skills and command of
the necessary toolsets to do the job required?Is there an
adequate professional development roadmap in place to
maintain and/or improve the skill set as needed?
Describe the ways to detect these malicious code and what
tactics bad actors use for evading detection.In the network
diagram: include the delineation of open and closed networks,

where they co-exist.In the open network and closed network
portion, show the connections to the InternetPhysical hardware
components. Include routers and switches. What security
weaknesses or vulnerabilities are within these devices?Discuss
operating systems, servers, network manage ment systems.data
in transit vulnerabilities
endpoint access vulnerabilities
external storage vulnerabilities
virtual private network vulnerabilities
media access control vulnerabilities
ethernet vulnerabilities
Possible applications. Current and future mobile applications
and possible future Bring Your Own Device policy. Include:
remediation
mitigation
countermeasure
recovery
Provide the methods used to provide the protections and
defenses.From the identification of risk factors in the risk
model, identify the appropriate security controls from NIST SP
800-53A and determine their applicability to the risks
identified.Determine a Network Defense Strategy 2/12
pagesOutline how you would test violations. Identify how you
will assess the effectiveness of these controls and write test
procedures that could be used to test for effectiveness. Write
them in a manner to allow a future information systems security
officer to use them in preparing for an IT security audit or IT
certification and accreditation.Explain the different testing
types (black box testing, white box testing).Plan the Penetration
Testing Engagement 2/12 pagesInclude all involved processes,
people, and timeframe. Develop a letter of intent to the
organization, and within the letter, include some formal rules of
engagement (ROE)Conduct a Network Penetration Test 4/12
pagesAfter finding the security issues within the network,
define which control families from the NIST 800-53 are

violated by these issues. Explain in the SAR why each is a
violation, support your arguments with a copy of your
evidenceProvide suggestions on improving the security posture
of these violations.Complete a Risk Management Cost Benefit
Analysis 1/12 pagesComplete your SAR with a risk management
cost benefit analysis. Think about the cost of violations and
other areas if you do not add the controls. Then add in the cost
for implementing your controls. *****Conduct a Security
Analysis Baseline Feedback*****2. Executive Briefing (three
to five slide presentation - narration not needed) Explain key
points to executivesTitle SlideUse of Readable Fonts and
ColorSummarizes Findings and Recommendations at High
Level*****Executive Briefing Feedback***** 3. Lab
Experience Report with ScreenshotsSummarizes the Lab
Experience and FindingsResponds to the QuestionsProvides
Screenshots of Key Results*****Lab Experience Report
Feedback*****
for improvement.Specific DetailsProject 2: Requires the
Following TWO Pieces Areas to Improve1a. Cybersecurity
Incident Report (CIR) (12 pages minimum) 1b. Executive
Summary (one page summary at the beginning of your CIR)2.
Executive Briefing Slides (3 to 5 slides) 1. Cybersecurity
Incident Report (CIR) (12 pages) w/ Executive Summary
Develop a Wireless and BYOD Security PlanExecutive
summary: A one-page summary at the beginning of the
report.Using NIST 800-153, provide an executive summary to
answer other security concerns related to BYOD and wireless.
Provide answers to the threat of unauthorized equipment or
rogue access points on the company wireless network and the

methods to find other rogue access points. Describe how to
detect rogue access points and how they can actually connect to
the network. Describe how to identify authorized access points
within your network.Within your plan, include how the Cyber
Kill Chain framework and approach could be used to improve
the incident response times for networks.Include this at the
beginning of your CIR as the basis for all wireless- and BYOD-
related problems within the network. Title the section "Wireless
and BYOD Security Plan."Track Suspicious BehaviorPropose
how you would track suspicious employee movements using
various tools and techniques.How would you track the location
of the company asset?
Explain how identity theft could occur and how MAC spoofing
could take place in the workplace. How would you protect
against both identity theft and MAC spoofing? Address if it is
feasible to determine if MAC spoofing and identity theft has
taken place in the workplace. Include a whitelist of approved
devices for this network. Examples may include authorized
access points, firewalls, and other similar devices.Disuss any
legal issues, problems, or concerns with your actions.What
should be conducted before starting this investigation? Were
your actions authorized, was the notification valid, or are there
any other concerns?Include your responses as part of the CIR
with the title "Tracking Suspicious Behavior."Develop a
Continuous Improvement PlanProvide for your leadership a
description of wired equivalent privacy and also Wi -Fi
protected access networks, for education purposes. Include the
pros and cons of each type of wireless network, as well as
WPA2.Define the scheme for using preshared keys for
encryption. Is this FIPS 140-2 compliant, and if not, what is
necessary to attain this? Include a list of other wireless
protocols, such as BluetoothProvide a comparative analysis of
four protocols including the pros, cons, and suitability for your
company.Include your responses as part of the CIR with the title
"Continuous Improvement Plan."Develop Remote Configuration

ManagementInclude a description of remote configuration
management and describe how it is used in maintain the security
posture of your company's networkThe owner of an
undocumtnted device must be removed from the network.
Implement this and explain how you would remove the
employee's device. Explain how you would show proof that the
device was removed?Include your responses as part of the CIR
with the title "Remote Configuration Management."Investigate
Employee MisconductProvide a definition of ad hoc wireless
networks and identify the threats and vulnerabilities to a
company.How could this network contribute to the company
infrastructure and how would you protect against those threats?
Address self-configuring dynamic networks on open access
architecture and the threats and vulnerabilities associated with
them, as well as the possible protections that should be
implemented.How would you detect an employee connecting to
a self-configuring network or an ad hoc network?How would
signal hiding be a countermeasure for wireless networks?What
are the countermeasures for signal hiding? How is the service
set identifier (SSID) used by cybersecurity professionals on
wireless networks?Are these always broadcast, and if not, why
not? How would you validate that the user is working outside of
business hours?Include your responses as part of the CIR with
the title "Employee Misconduct."Analysis of Wireless
TrafficAnalyze wireless traffic. Include your responses from the
lab as part of the CIR with the title "Wireless Traffic Analysis."
***** Cybersecurity Incident Report Feedback*****2.
Executive Briefing Slides (3-5 slides)Explain key points to
executivesTitle SlideUse of Readable Fonts and
Level*****Executive Briefing Feedback*****

Following TWO PiecesAreas to Improve1a. Cybersecurity
Report for a Successful Acquisition (12 pages minimum) 1b.
Executive Summary (one page summary at the beginning of
your Acquisition Report)2. Executive Briefing Slides (3 to 5
slides) 1. Cybersecurity For A Successful Acquisition Report:
(12 page min) w/ Executive Summary Conduct a Policy Gap
AnalysisExecutive summary: This is a one-page summary at the
beginning of your report.Are companies going through an M&A
prone to more attacks or more focused attacks?If so, what is the
appropriate course of action?Should the M&A activities be kept
confidential?explain to the executives that before any systems
are integrated, their security policies will need to be
reviewedConduct a policy gap analysis to ensure the target
company's security policies follow relevant industry standards
as well as local, state, and national laws and regulations.
Identify what, if any, laws and regulations the target company is
subject to.How would you identify the differences?How would
you learn about the relevant laws and regulations?How would
you ensure compliance with those laws and regulations?Use PCI
standards to identify a secure strategy, and operating system
protections to protect the credit card dataSelect at least two
appropriate requirements from the PCI Standards DSS 12 set of
requirements and explain how the controls should be
implemented, how they will change the current network, and
any costs associated with implementing the change.Review
Protocols for Streaming Servicesreview the protocols, explain
how they work along with any known vulnerabilities, and how
to secure the company from cyberattacks. Identify what
streaming the companies are doing and the specific technology
they are leveraging.What are the technical vulnerabilities
associated with the protocols involved?Have those been
mitigated? And to what extent (i.e., has the risk been reduced to
zero, reduced somewhat, shifted to a third party, etc.)?What

residual risk to the target company's assets and IP
remain?Would those risks extend to the current (takeover)
company after the merger?
a. Would that be bad enough to cancel the M&A?If the response
to #5 is yes, then, what should the target company do to further
mitigate the risk? How should the takeover company mitigate
the risk?What are the costs associated to the target company
(implementing the appropriate mitigation)? If the takeover firm
has to take additional measures, identify those costs as
well.Assess the Merged Network InfrastructureExplain what
tactics, techniques, and procedures you would use to understand
the network. identify firewalls, DMZ(s), other network systems,
and the status of those devices.Review the Wireless and BYOD
PoliciesExplain the media company's current stance on wireless
devices and BYOD. Explain to the managers of the acquisition
what needs to be done for the new company to meet the goals of
the BYOD policy.Develop a Data Protection PlanInclude the
benefits, implementation activities required for protection and
defense measures such as full disk encryption, BitLocker, and
platform identity keys. Convey to your leadership the
importance of system integrity and an overall trusted computing
base, environment, and support Describe what this would entail
and include Trusted Platform Module (TPM) components and
drivers. How are these mechanisms employed in an
authentication and authorization system? Review Supply Chain
RiskInclude supply chain risks and list the security measures in
place to mitigate those risks. Use the NIST Special Publication
800-161 Supply Chain Risk Management Practices for Federal
Information Systems and Organizations to explain the areas that
need to be addressed.Build a Vulnerability Management
ProgramUse NIST Special Publication 800-40 Guide to
Enterprise Patch Management Technologies to develop a
program to scan and build a vulnerability management
programExplain to the managers how to implement this change,
why it is needed, and any costs involved.Educate UsersInform
the users for the new and old company of the changes, including

policies, processes, and other aspects that were updatedExplain
to the acquisition managers the requirements for training the
workforce.*******Cybersecurity For A Successful Acquisition
Report Feedback*******2. Executive Briefing Slides (3-5
slides - Narration Not Needed)Explain key points to
executivesTitle SlideUse of Readable Fonts and
Level*******Executive Briefing Slides Feedback******
Following THREE PiecesAreas to Improve1a. Proposal for
Secure Videoconferencing (6 page minimum, double-spaced)1b.
Executive summary (one page summary at the beginning of
your Proposal)2. Executive Briefing Slides (3 to 5 slides) 3. Lab
Experience Report with Screenshots1. Proposal for Secure
Videoconferencing (6 pages max)Develop Functional
Requirements for VideoconferencingExecutive summary: (1
page) at the beginning of Proposal for Secure
VideoconferencingExplain the videoconferencing solutions for
Skype, GotoMeeting, Polycom, and Cisco Webex; Include their
capabilities, advantages, and disadvantages.Identify costs as
well as implementation and support requirements for Skype,
GotoMeeting, Polycom, and Cisco Webex
videoconferencing.The functional requirements and the three
possible solutions will be a section of your Proposal for Secure
VideoconferencingDiscuss Implementation ChallengesInclude
the advantages and disadvantages of the implementation options
for the three systems you selected.Include the changes the
media company will need to make to implement the
systems.Explain how system administration or privileged

identity management will operate with these systems. Examine
how data exfiltration will occur with each of the new
systems.Identify Vendor RisksLook at the systems' known
vulnerabilities and exploits. Examine and explain the past
history of each vendor with normal notification timelines,
release of patches, or work-arounds (solutions within the system
without using a patch). Address the timeliness of response with
each company in helping customers stay secure.Develop Best
Practices for Secure VideoconferencingOutline security best
practices for videoconferencing that you would like users and
systems administrators to follow. Discuss how these best
practices will improve security and minimize risks of data
exfiltration as well as snoopingTitle this section "best
practices". It will be part of the overall Proposal for Secure
Videoconferencing.Develop System Integrity ChecksDevelop
system integrity checks for files shared between users of the
videoconferencing systems. Submit Your Proposal Recommend
a system that best meets the business functionality and security
requirements of the company. Prepare a set of high-level
executive briefing slides to give the CEO and CIO an overview
of your study.*******Proposal for Secure Videoconferencing
Feedback*******2. Executive Briefing (3 to 5 slides -
Narration Not Needed) Prepare a set of high-level executive
briefing slides to give the CEO and CIO an overview of your
study.Title SlideUse of Readable Fonts and ColorSummarizes
Findings and Recommendations at High Level3. Lab Experience
ReportGenerate a lab report that will be part of your final
assignment (Step 5) Summarizes the Lab Experience and
FindingsResponds to the QuestionsProvides Screenshots of Key
Results*******Lab Experience Report Feedback******

Following THREE PiecesAreas to Improve1. Cybersecurity
Technology Strategic Plan (12 to 15 pages, double-spaced)2.
Executive Presentation (5 to 10 Slides - Written narration/in-
class presentation, or audio/video narration)3. Lab Experience
Report with Screenshots1. Cybersecurity Technology Strategic
PlanSelect Devices and TechnologiesSelect Devices and
Technologies most appropriate for data loss prevention for your
organization's business mission and future success.Research and
choose from the following and discuss your business rationale
for selecting or not selecting them:-IPv6-Internet of Things
(IoT)-Blockchain-Tokenization-Data Masking- Data
Obfuscation- Operational Context- Tamper-proofing- Big Data
AnalyticsInclude significant detail about these, including what
kinds of IoT devices might be appropriate for your company's
use.Develop Goals and ObjectivesFocus on the organizati onal
mission and develop a set of goals and objectives to show how
your set of chosen devices and technologies will help your
company prepare for the future.Include a discussion for
deploying, maintaining, and securing these devices and
technologies' impact to the existing company infrastructure and
security.Prepare a SWOT Analysis TableJustify adding these
devices and technologies to the network infrastructure.In order
to do this, perform a strengths, weaknesses, opportunities, and
threats (SWOT) analysis of each device/technology being
introduced into the infrastructure.SWOT Chart and
AnalysisEnsure the following questions are answered:- How do
they influence the operation and maintenance of the network? -
What can be done to overcome these limiting factors?Address
Integration and Implementation issuesDiscuss integration issues
and problems that can arise when you try to implement them
into the infrastructure.Address legacy devices in the
infrastructure.Update the Data Flow DiagramComplete the lab,
create, and include an updated data-flow diagram.Plan People,
Process, and Data Governance IssuesDiscuss people, process,

and data governance aspects of deploying new
technology.Address possible process changes.Address possible
personnel changes, hiring, training, retraining or users and
administrators.Finalize the ReportCompile, review, edit, and
proofreadAs you write the conclusions and summary statements,
address the following possible challenges:- Any key impacts to
the organization or network infrastructure- What will the
organization need to do in the future to meet goals and
objectives.- How will your organization ensure continuous
improvement?- What possible roadblocks could your
organization face?- How would you oversome these potential
roadblocks?*******Cybersecurity Technology Strategic Plan
Feedback*******2. Presentation (Complete Set of Team Slides
and Narration of a Portion)Title SlideUse of Readable Fonts and
LevelSlide Narration or In Class or Online Presentation (5-6
minutes or a portion of report)******Presentation
Feedback*******3. Lab Experience Report [Can Be Produced
by Designated Member(s) of Team]Summarizes the Lab
Experience and FindingsResponds to the QuestionsProvides
Screenshots of Key Results*******Lab Experience Report
Feedback******
functions/Functions Tasksheet.pdf
Sensitivity: Internal
Mathematical Software
Functio n s Tasksheet
https://uk.mathworks.com/help/matlab/matlab_prog/create-
functions-in-files.html

1) Write the following single variable functions as functions in
MATLAB
a. �(�) = sin⁡(2�2)
b. �(�) = √�2 + 400
c. ℎ (�) = tan(��(�))⁡⁡
2) Create functions for the following
a. (� ∘ � ∘ ℎ )(�) Composite function
b. �(�) + �(�) + ℎ (�) Addition
c. �(�) ⋅ �(�) ⋅ ℎ (�) Mutliplication
d. Evaluate these functions with � = 1
3) Write the following as multivariable functions in MATLAB
a. �(�, �) = �2 + �2
b. �(�, �) = 2��
c. ℎ (�, �, �) = �� + �2
d. Compute the following
i. �(3,4)
ii. √�(3,4)
iii. �(5,3)

4) We want to extend our knowledge a little further
Write functions for +, -, *, / and call them ‘add’, ‘subtract’,
‘multiply’, ‘divide’
Now use these functions to compute
3⁡ + ⁡2 ⋅ 6⁡ −
2
10
5) Write a function called fact which takes in a paramenter �
and returns �!
Please use a for loop, do not copy the example on the MATLAB
help guide
e.g. fact(5) should return 5! = 120
Advanced
1) Write a function my_trace to compute the trace of a matrix
2) Write a function my_sum to sum all the elements of a matrix
3) Write a function sum_rows to sum all the rows of a matrix,
note this should return back a row vector
4) Write a function to sum_cols sum the columns of a matrix,
note this should return back a column vector

5) Combine the functions in 3 and 4 into 1 function
sum_row_or_cols which takes an additional parameter
that let’s you choose to sum either columns or rows. 1 should
sum over columns, 2 should sum over rows.
i.e. you should call sum_row_or_cols(A,1) or
sum_row_or_cols(A,2)
https://uk.mathworks.com/help/matlab/matlab_prog/create-
functions-in-files.html
functions/Matrix trace and sum.pdf
Matrix Trace and Sum
� × � Matrix
� =
�11 �12 ⋯ �1�
�21 �22 ⋯ �2�
�31 �32 ⋯ �3�
⋮ ⋮ ⋮ ⋮
��1 ��2 ⋯ ��

e.g.,
� =
4 3 1 6
2 6 1 3
3 5 2 0
�� = �
�=1
�
��
Is this valid?
Trace
Valid for square matrices
� =
�21 �22 ⋯ �2�
�21 �22 ⋯ �2�
⋮ ⋮ ⋮ ⋮
��1 ��2 ⋯ ��
� =
4 3 1
2 6 1
3 5 2

�� = �
�=1
�
��
This is known as the trace, what is this adding up?
The diagonal, here
�� = 4 + 6 + 2 = 12
Trace
� =
�11 �12 ⋯ �1�
�21 �22 ⋯ �2�
�31 �32 ⋯ �3�
⋮ ⋮ ⋮ ⋮
��1 ��2 ⋯ ��
�� = �
�=1
�
�� = �11 + �22 + �33 + ⋯+ ��

It is adding up the main diagonal
Trace
A = [1 2 3; 3 4 1; 4 3 4];
trace(A)
my_trace(A)
function t = my_trace(A)
t = 0
[m,n] = size(A)
for i=1:m
t = t + A(i,i)
end
end
� × � Matrix
� =

�11 �12 ⋯ �1�
�21 �22 ⋯ �2�
�31 �32 ⋯ �3�
⋮ ⋮ ⋮ ⋮
��1 ��2 ⋯ ��
�
�=1
�
�
�=1
�
��
Is this valid?
What is it doing?
� × � Matrix
� =
�11 �12 ⋯ �1�
�21 �22 ⋯ �2�
�31 �32 ⋯ �3�

⋮ ⋮ ⋮ ⋮
��1 ��2 ⋯ ��
�
�=1
�
�
�=1
�
�� = �
�=1
�
��1 + ��2 + ��3 …+ ��
First summing the rows, then summing these values.
It is adding all the elements of the matrix!
Sum
A = [1 2 3; 3 4 1; 4 3 4];

sum(sum(A))
my_sum(A)
function s = my_sum(A)
s = 0
[m,n] = size(A)
for i=1:m
for j=1:n
s = s + A(i,j)
end
end
end
finite/1st Order ODES - annotated.pdf
1st Order Ordinary
Differential Equations (ODES)

Disclaimer
We are merely looking to get an idea of the topic, we are not
studying
this rigorously! For a proper introduction there are plenty of
online
resources or textbooks.
You will also see these throughout the course in more detail.
We just want an idea so that we can compare a numerical
method that
we are going to learn.
What is a 1st Order Ordinary Differential
Equation (ODE)
An equation involving the independent
variable and the first derivative
��
��
+ 2� = � + 5
��
��
= �2
��
��

= 2�
Solution
s to 1st Order Differential Equations
Find a function �(�) which solves the
following equations
��
��
= �2 (1)

Project 1CST630 Project ChecklistStudent Name DateNote This che

More Related Content

Similar to Project 1CST630 Project ChecklistStudent Name DateNote This che

More from davieec5f

Recently uploaded

Project 1CST630 Project ChecklistStudent Name DateNote This che