Information Security Network Architecture Project
Information Security Network Architecture Project
Principles of Computer and Information Systems Security
This project will have you create the maps/designs of the information security network architecture for the public health department of a large, metropolitan US city (population greater than 2 million) named Redstone. This department consists of a central office that houses its leadership staff and support staff. Two satellite offices serve as clinics and education spaces for the department. Health data is passed between all three offices, primarily from the clinic to the central office. Health facilities from all over the city also send health information to the central office as part of disease reporting mandated by law. Because of the distributed nature of the offices, the data network is distributed, with some of the equipment and data being located at the offices themselves and some of the equipment and data stored in the cloud. Assume you will use the NIST SP 800-14 framework and its principles for securing systems.
To be able to develop the map to the level that is expected of this assignment, you need to be able to answer the following questions for this organization (or state the assumptions):
What is the risk profile of this organization?
What regulations/laws would apply to this organization regarding its information security?
Are there any policies that are in place at this organization, or that should be in place, at this organization that impact your information security architecture?
Does this organization accept payment of any kind or process any financial transactions? If so, what is the impact on security architecture? (Hint: it does handle financial transactions.)
What approach does the organization take to access control? How is this implemented?
Does this organization need firewalls? What types of firewalls would there be, and how many? Where would they be placed on the network? How would these be optimally configured for this organization?
What are the different types of remote connections that this network supports, and how does it support these different connections?
Does this organization need IDPS? What types of IDPS would there be, and how many? Where would they be placed on the network? How would these be optimally configured for this organization?
How does the network administration monitor and respond to support this network security architecture and its operations? What tools does it use to do this?
Is any cryptography implementation required on the network? (Hint: this would be determined by the laws regulating this organization and its tasks.)
Deliverables: There should be at least one visual (a drawing or map of some sort) that shows the actual design you have developed for the architecture of this organization. [There have been drawings like this throughout the lecture slides; many are in the textbook and on the Internet.] You can draw one map or several as long as I am presented with the complete representation of the organization's network architecture in the end.
A written document should accompany this map to explain why you chose the different parts of the design and how you developed the map. There is no specific guidance for the length of this written document. You do NOT need to explain what each piece of what you put in the architecture is; I know that. You need to explain WHY you put what you did in the architecture essentially, explaining your reasoning.
