Guidelines for CYSE 445 Project 2
1
Statement
Develop a resilient cybersecurity solution for the engineering systems of 445 Cyber Co., a
rapidly growing cybersecurity consulting company.
Submission
• A single pdf file must be uploaded to Blackboard no later than midnight Saturday,
December 4, 2021.
• You can work as a group of two or three members on this paper. Please include the members’
names on the paper. Only one copy should be submitted for the group. The filename of the
report should be of the format: CYSE445_Project2_
and
• The cybersecurity solution paper must include the following sections:
1. (10) Section 1 – Risk assessment. What are the risks of the current systems of 445
Cyber Co.?
2. (10) Section 2 – Solution narrative. Describe your proposed engineering systems for
445 Cyber Co.
3. (15) Section 3 – System and network detailed design. Provide diagrams and descriptions
of your proposed engineering systems. Be sure to depict the 445 Cyber Co.’s major
systems, any external systems used by 445 Cyber Co., major data flows, network
architecture, trust boundaries, and users.
4. (15) Section 4 – Threat Modeling.
o Perform Threat modeling of your proposed engineering systems by using one or
more models among STRIDE, CAPEC and/or OWASP models. Be sure to
describe what threats you plan to protect against.
5. (15) Section 5 – Security Controls. Provide the strategy to address the threats identified
in Section 4. Recommend security controls as well as tools and procedures to
implement security controls and to build resiliency. Be sure to discuss security controls
to protect the engineering systems (including access control and account management).
You should also recommend security controls to detect intrusions and suspicious
behavior. Your recommended security strategy should monitor corporate assets, data
ingress and egress points, attack surfaces, and host vulnerabilities.
6. (10) Section 6 – Incident Response. Recommended incident handling and recovery
procedures.
7. (10) Section 7 – Testing. Strategy for testing system security and resiliency.
8. (15) Appendix A – Requirements. Provide a table listing the requirements based on
your analysis of the Problem Scenario below.
Requirement No Requirement Statement Proposed Solution
Guidelines for CYSE 445 Project 2
2
Important Notes
• You want to establish the set of requirements before proceeding to propose a solution
design.
• The solution you propose should be commensurate with a small consulting company that
can’t afford a gold-plated solution suitable for critical infrastructure, a major federal
government agency, or a Fortune 100 corporation.
• On the other hand, the consulting company provides cybersecurity services so must
implement best practices. The solution narrative should articulate the trade-off decisions
you make in designing your solution.
• You may include outsourced services and off-premises solutions as part of your
engineering systems solution. But you must defend your decisions as being suitable for
the goals outlined in the scenario and commensurate with a small consulting company.