The purpose of this project is to evaluate the student’s ability to research and evaluate security testing software and present a proposal for review by executive team members. By completing the document the student will also gain practical knowledge of the security evaluation documentation and proposal writing process. The project will enable the student to identify and understand the required standards in practice, as well as the details that should be covered within a proposal.
- Using the Case Study presented in this document, to complete an executive proposal.
- Provide a threeto five page proposal summarizing purpose and benefit of chosen security software to the executive management team.
- The student will evaluate and test security testing software for purposes of testing corporate network security. The purpose of the software is to measure the security posture of the organization by identifying vulnerabilities and help prevent future attacks and deter any real-time unknown threats.
- The proposal should effectively describe the software in a manner that will allow the executiveteam members to understand the purpose and benefits of the software to approve purchase.
- Evaluate and select a security tool for recommendation that you learned about in theiLabs modules or the EC-Council text books.
- The proposal document must be 3 to 5 pages long, conforming to APA standards. See “Writing Resources” in the online classroom where you’ll find help on writing for research projects.
- At least three authoritative, outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled “References.”
- Appropriate citations are required. See the syllabus regarding plagiarism policies.
- This will be graded on quality of research topic, quality of paper information, use of citations, grammar and sentence structure, and creativity.
The purpose of project is to write an executive proposal for a fictitious company called Medical Solutions Systems. The goal of the proposal is to persuade the executive management team to approve purchase of security testing software that can benefit the company’s corporate network security by testing and identifying vulnerabilities before they are exploited by hackers. The proposal must include a detailed description of the software, its purpose and benefits.
- Research a security testing software tool that you practiced using in the EC-Council iLabs or from the textbook.
- Determine whether the tool would be beneficial in testing the security of a corporate network.
- Use the vendor’s website to collect necessary information about the tool to be able to explain its purpose and benefit.
- Include 3rd party endorsements and case studies about the tool.
- Integrate the information from your own experience with the tool into your proposal. This may include results from the iLab exercises or your own test lab.
CMIT 321 Executive Proposal Project Example
The testing software to be considered in this case is Core Impact testing software. This software helps the security system administrator to think as an attacker by validating and simulating the steps in which adversary would take to reach the most critical organization asset. The Core Impact Pro is regarded as the most inclusive solution software for testing and assessing security susceptibilities in the entire organization. The software is regarded as comprehensive since it caters for almost all security aspects of an organization information system. The software caters for the network devices and system, web services and applications, wireless networkers, mobile devices, identities and passwords, and endpoint systems. This software is supported by over 15 years of leading –edge research of security and development in commercial-grade. The software permits an organization to analyze the posture of the security by the use of the same methods used by cyber criminals today (Core Security, 2015a).
Core Impact is unique software which empowers an organization to replicate multi-staged attacks which pivot across applications, devices and systems, revealing how exploitable vulnerabilities chains open routes to the critical mission of assets and system in an organization. The system has surveillance camera susceptible testing and web services testing for mobile and web application. The system also document and demonstrate the exposures severity by replicating how an attacker would interact with and compromise susceptible systems, and enlightening data that is at risk. The software also provides a stable, updated commercial-graded exploits library and actual-world testing aptitudes. Routinely, Core software delivers over thirty new exploits as well as other updates every month. These updates are normally professionally developed and evaluated by in-house developers and researchers.
Core Impact has highly been recognized for its ability to establish various loopholes before they turn into a big problem. It enhances network penetration testing. It collects network information and develops profiles of the system. It also exploits and identifies critical application, service, device, and OS vulnerabilities. It also replicates attempts of an attacker to manipulate and access data. Core Impact also leverages systems that are compromised as positions to attack other resources of network via proxy and VPN pivots. This software system offers network defensive technologies the aptitude to recognize and halt attacks. The software also enhances client-side testing for endpoints and end users. It focuses more search engines and crawl sites for possible targeted information. It influence different templates or develop routine phishing emails. Software exploits the client-side to evaluate security of the endpoint, pivot, defenses, and assess to network tests. It enhances test of awareness of security without or with exploiting system. Other forms of testing provided by this software include password cracking and identity discovery, testing for wireless network penetration, attacks on surveillance cameras, and evaluation of web application penetration (Core Security, 2015a).
Case Studies and Customers Recommendation
Core Impact is tested and proven system testing software. The software was initially released in 2002 and thus, the software has been in use for almost 13 years. The software has been widely used by a number of organizations and received a wide range of recommendation for its efficiency. Based on the software review, the Core Impact is rated at 62% based on 2011 to 2015 review with most users or customers recommending the software for its efficiency in security testing and development of security related report in different systems. However, not without critics especially due to its high cost and the difficulties associated with obtaining a trial version of the software. This software has been widely used in the world especially in huge organization that deals with sensitive information and where systems attack would result to great losses. Some of the companies that have tried and approved this software include massive aerospace company which employs the software to carry out proactive testing of the organization IT applications and systems to understand the most vulnerable points of this system. The software has also been applied in the US Department of Defense who give a similar confession of efficiency and reliability as the aerospace. Defense force system holds very vital intelligence data and entrust the security to Core Impact is a create endorsement to the software. This justifies its efficiency and validity in its operation. Core Impact has also been used in other sectors that include e-commerce business, health care such as health insurance, Industries for instance in comprehensive vulnerability management in the U.S state governments and in client-side security evaluation, in government it has been used to U.S. government lab, Vermont state, security management in South Carolina, and also in financial sectors. The software has highly been embraced by different organizations that hold sensitive information. This is a clear indication that the software is very reliably in security related matters (Core Security, 2015b).
I have also witness the efficiency and reliability of Core Impact software by working directly with it. The software was use to check on vulnerability in the network system of a company. After installing and running the software, the software took a few minutes to check on various security aspect of the system demonstrating its progress on the same. It eventually displayed a detailed clear report on a number of vulnerability the system was experiencing. This information was very helpful since the report clearly pointed out specific points and the loophole in which the organization system was experiencing. The software reported the particular vulnerability, the level of security and possible attacks that can take advantage of the vulnerability. The software also proposes a number of measures that can be employed to fix each and every problem noted. Based on experience, this software is of great important in preventing a system from being attacked, identifying vulnerabilities that can be used by hackers to facilitate an attack. Thus, this software plays a very essential role in enhancing the security of an organization.
Cost of the Product
The Core is expensive software that needs an organization to use a total of $30,000. This inclusive of the software cost, training cost, and maintenance cost. Training is highly needed after the installation of the software to ensure that the IT personnel are able to use the software effectively based on the system or aspect of the system they wish to secure. The software has a wide functionality and thus, enough knowledge is needed to ensure each aspect is applied effectively for the benefit of an organization. Although the software seems to be very expensive, it provides the organization with a number of advantages. The software is regarded as one of the most efficient software in in testing and detecting vulnerabilities. This reduces the organization risk of losing vital information, an aspect that can be very expensive to the company which holds essential research data obtained after investing a lot of money in research (Coresecurity, 2008).
Software Effect on Work Environment
The Core Impact software plays a very essential role in enhancing uninterrupted operation in an organization. The early detection of loopholes and system vulnerability plays a major role in ensuring that the organization’s system is available for the workers at all times. Availability is one of the aspects targeted by attackers in an organization. They normally ensure access denial attack that hinders users from accessing some vital information from the system. This limits the users operations since one cannot access previous stored information or sent information. Attacks can be very costly to a research institution where the data integrity and availability is very essential. Any data alteration would result to huge errors to the final research conclusion. In addition, lack of data availability can highly result to research deadlocks or ineffective utilization of resources since researchers may be forced to repeat their previous work, part or whole of it. In this regard, prevention of attacks would be of great importance to the company. The possible interruption for the company include authentication by pass as a way of accessing vital information mostly by a competitor and denial of access attack where the attacker would do this to ensure that they jeopardize the organization operation. This can be done to slow down the organization operation for an attacker who is in this case would be the assumed to be the organization competitors. The test in this case would focus protecting the organization systems from any malicious attract to steal information or to hinder the access to information for the organization’s users.