Technical Project Paper:
Information Systems Security
Suppose you are the IT
professional in charge of security for a small pharmacy that has recently
opened within a shopping mall. The daily operation of a pharmacy is a unique
business that requires a combination of both physical and logical access
controls geared towards protecting medication and funds located on the
premises, as well as the personally identifiable information and protected
health information of your customers that resides on your system. Your
supervisor has tasked you with identifying inherent risks associated with your
pharmacy and establishing strong physical and logical access control methods to
mitigate the identified risks.
|
1) Firewall (1) |
4) Desktop computers (4) |
|
2) Windows 2012 Active |
5) Dedicated T1 Connection |
|
3) File Server (1) |
Picture:
Write an eight to ten (8-10)
page paper in which you:
1. Identify at least five (5) potential physical
threats that require attention.
2. Determine the impact of at least five (5) potential
logical threats that require attention.
3. Detail the security controls (i.e., administrative,
preventative, detective, and corrective) that the pharmacy could implement in
order to protect it from the five (5) selected physical threats.
4. Explain in detail the security controls (i.e.,
administrative, preventative, detective, and corrective) that could be
implemented to protect from the five (5) selected logical threats.
5. For each of the five (5) selected physical threats,
choose a strategy for addressing the risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Justify your chosen
strategies.
6. For each of the five (5) selected logical threats,
choose a strategy for handling the risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Justify your chosen
strategies.
7. Use at least five (5) quality resources in this assignment
(no more than 2-3 years old) from material outside the textbook. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow
these formatting requirements:
· Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for any
additional instructions.
· Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required assignment
page length.
The specific course learning
outcomes associated with this assignment are:
· Explain the concepts of information systems
security as applied to an IT infrastructure.
· Describe how malicious attacks, threats, and
vulnerabilities impact an IT infrastructure.
· Explain the means attackers use to compromise systems
and networks, and defenses used by organizations.
· Explain the role of access controls in implementing
a security policy.
· Explain how businesses apply cryptography in
maintaining information security.
· Analyze the importance of network principles and
architecture to security operations.
· Use technology and information resources to
research issues in information systems security.
· Write clearly and concisely about network security
topics using proper writing mechanics and technical style conventions.
Rubric
|
|
Technical Project Paper: Information Systems |
||||
|
Criteria |
Unacceptable Below 60% F |
Meets Minimum Expectations 60-69% D |
Fair 70-79% C |
Proficient 80-89% B |
Exemplary 90-100% A |
|
1.Identify at least five (5) Weight: 10% |
Did not submit or incompletely identifiedat least five (5) potential physical threats that require attention. |
Insufficiently identifiedat least five (5) potential physical threats that require attention. |
Partially identifiedat least five (5) potential physical threats that require attention. |
Satisfactorily identifiedat least five (5) potential physical threats that require attention. |
Thoroughly identifiedat least five (5) potential physical threats that require attention. |
|
2.Determine the impact of at least five (5) potential logical threats that Weight: 10% |
Did not submit or incompletely determinedthe impact of at least five (5) potential logical threats that require |
Insufficiently determinedthe impact of at least five (5) potential logical threats that require |
Partially determinedthe impact of at least five (5) potential logical threats that require |
Satisfactorily determinedthe impact of at least five (5) potential logical threats that require |
Thoroughly determinedthe impact of at least five (5) potential logical threats that require |
|
3.Detail the security controls (i.e., administrative, preventative, Weight: 10% |
Did not submit or incompletely detailedthe security controls (i.e., administrative, preventative, detective, and |
Insufficiently detailedthe security controls (i.e., administrative, preventative, detective, and |
Partially detailedthe security controls (i.e., |
Satisfactorily detailedthe security controls (i.e., administrative, preventative, detective, and |
Thoroughly detailedthe security controls (i.e., |
|
4.Explain in detail the security controls (i.e., administrative, Weight: 10% |
Did not submit or incompletely explainedin detail the security controls (i.e., administrative, preventative, |
Insufficiently explainedin detail the security controls (i.e., administrative, preventative, |
Partially explainedin detail the security |
Satisfactorily explainedin detail the security controls (i.e., administrative, preventative, |
Thoroughly explainedin detail the security controls (i.e., administrative, preventative, |
|
5.For each of the five (5) selected physical threats, choose a strategy for Weight: 10% |
Did not submit or incompletely chosea strategy for addressing the risk (i.e., risk mitigation, risk |
Insufficiently chosea strategy for addressing the risk (i.e., risk mitigation, risk |
Partially chosea strategy for addressing the risk |
Satisfactorily chosea strategy for addressing the risk (i.e., risk mitigation, risk assignment, |
Thoroughly chosea strategy for addressing |
|
6.For each of the five (5) selected logical threats, choose a strategy for Weight: 10% |
Did not submit or incompletely chosea strategy for handling the risk (i.e., risk mitigation, risk assignment, |
Insufficiently chosea strategy for handling the risk (i.e., risk mitigation, risk assignment, |
Partially chosea strategy for handling the risk |
Satisfactorily chosea strategy for handling the risk (i.e., risk mitigation, risk assignment, |
Thoroughly chosea strategy for handling the |
|
7. 5 references Weight: 5% |
No references provided |
Does not meet the required |
Does not meet the required |
Meets number of required |
Exceeds number of required |
|
8. Clarity, writing Weight: 10% |
More than 8 errors present |
7-8 errors present |
5-6 errors present |
3-4 err |
