The cybersecurity solution paper should include the following information: in your paper, please number these sections as they are numbered below (point values in parentheses; 100 points total):
1. (10) Risk assessment of the current systems of 445 Cyber Co
2. (10) Solution narrative of proposed engineering systems for 445 Cyber Co.
3. (15) System and network detailed descriptions and diagrams of your proposed engineering systems. Be sure to describe 445 Cyber Co.’s major systems, any external systems used by 445 Cyber Co., major data flows, network architecture, trust boundaries, and users.
4. (10) Risk assessment and threat model for your proposed engineering systems. Be sure to describe what threats you plan to protect against, how you will address them, and what risks you plan to accept.
5. (15) Recommended security controls as well as tools and procedures to implement security controls and to build resiliency. Be sure to discuss security controls to protect the engineering systems (including access control and account management). You should also recommend security controls to detect intrusions and suspicious behavior. Your recommended security strategy should monitor corporate assets, data ingress and egress points, attack surfaces, and host vulnerabilities.
6. (10) Discuss resiliency of the proposed engineering systems. You should discuss characteristics of your engineering systems that make them resilient and recommend procedures that build resiliency into the proposed engineering systems.
7. (10) Recommended incident handling and recovery procedures.
8. (10) Strategy for testing system security and resiliency.
Appendix A (10): Requirements summary – a table listing the requirements identified in the scenario and how each is met (or not) by your proposed solution.
The solution you propose should be commensurate with a small consulting company that can’t afford a gold-plated solution suitable for critical infrastructure, a major federal government agency, or a Fortune 100 corporation. On the other hand, the consulting company provides cybersecurity services so must implement best practices. The solution narrative should articulate the trade-off decisions you make in designing your solution.
You may include outsourced services and off-premises solutions as part of your engineering systems solution. But you must defend your decisions as being suitable for the goals outlined in the scenario and commensurate with a small consulting company.
The paper should be organized into sections that describe your engineering system solution and present a logical flow to tell the story how your solution is secure and resilient (use sections numbered as above). Your paper should include all information necessary to provide a comprehensive understanding of your proposed solution.
I expect professional writing suitable in technical detail and approach for a decision-maker able to understand and agree to implement your proposed engineering systems solution. You may personalize the position paper (e.g., “Personally, I would . . .”). Use headers for each numbered category of information identified in the list above. You may use bullets, charts, and tables to help convey information concisely. You may use an appendix or appendices to provide very detailed information that otherwise would interrupt the flow of your paper.
Review of editorial suggestions in your word processor for structure, spelling, and grammar is recommended. Grade reductions will be made for unprofessional submissions (including spelling and grammar errors), poor structure, lack of cohesive structure, excessive wordiness, or extraneous matter not on point (i.e., “fluff”).
You should identify any sources used in your paper by providing footnotes, endnotes, source/reference list at the end of the document, or similar. The reference format is using IEEE style.
The paper should be double-spaced and formatted with one-inch margins for top, bottom, right and left. Please use 12-point Times New Roman (or similar font). There is not a page or word-count minimum or limit. The expectation is that a 12-15 pages paper (without appendices) is necessary to provide a comprehensive discussion of information required.