For this assignment, you are a consultant who has been asked to give recommendat

For this assignment, you are a consultant who has been asked to give recommendations about how to secure the data and the application.
You are tasked with
1) Recommending an authentication mechanism to be designed and implemented by the app developers
2) Designing a RBAC role hierarchy with associated permissions to be implemented by the app developers
3) Developing a threat model and with recommending what controls must be implemented to secure this application.
Given a budget of $325,000 per year, choose from the controls listed below. Explain why you chose each control, what its function is, and what the overall application’s architecture looks like once you have implemented all of your recommendations.
Control Cost per year
Chief information security officer $200,000
Information security engineer $125,000
Information security analyst $100,000
Virtual Private Network $10,000
Firewall (each) $25,000
Phishing Awareness Training $20,000
Antivirus/Endpoint Protection $20,000
Patch management platform $20,000
Vulnerability scanning service $10,000
Whole disk encryption (per device) $1,000
TLS encryption (per server) $1,500
Penetration test (per engagement) $30,000
Threat Intelligence Subscriiption $30,000
Cloud Security Platform $40,000
Multi factor Authentication Service $25,000
Additional Security Consultancy $20,000
Pricing for additional security controls that are not listed here may be obtained by emailing dr. Leune. If you do not feel that there is enough budget available, you may contact your professor to request additional funds. If you do, clearly articulate why the budget is not sufficient, how much additional money you need, and what it will be spent on.
Expected Deliverable
You must produce a report in which you describe your analysis. The report must be structured as follows:
Title Page
1. Executive Summary (describe goal of report, list recommend controls, list total cost)
2. Descriiption of the environment (repeat/expand on the case study)
3. Authentication Subsystem Descriiption
4. Access Control Model Descriiption
5. Threat Model (models and descriiption)
6. Recommendations (list of all controls, the risk that are mitigated by them, and their location in the overall architecture)
7. Final architecture (including all controls)
Each section should start on a new page. Your report should between 5 and ten pages long.
You may work on this assignment in groups of no more than two people. If you do collaborate, list all group members on the title page. Each group member must submit a copy of the report.
Last modified: Sunday, November 28, 2021, 11:54 AM