>> Please see full details for the Case attached as "CaseA Part 2.doc"<<
All answers can be short descriptions.
Page 3 (towards the bottom) shows the assignment -- prepare a proposal in response to the following Request for Proposal that CGT issues to your consulting firm (which is defined on that page). (All figures are were uploaded separately due to size limits)
Use the Proposal Format defined on page 5. For this Request For Proposal you can disregard sections1, 2, and 3. Please submit this in ONE document.
NOTE: Although you need to address each area, you do not need to "write a book". Short descriptions are fine.
For example: In Section I. Estimate of Costs. You assess what you think might be the cost based on the number of rooms and employees and the level of security and your answer could be something like this:
F. Estimate cost. The cost of this project would be around 400k which could be depreciated in next couple year by providing reliable service and less outage.
Your solution is ATTACHED as an EXCEL file. Have a super day!
SECTION I: INVESTIGATION AND NEEDS ANALYSIS
A. Company History
CGT Inc. is a premier developer and publisher of games and entertainment software. CGT has become a leading force in the world of interactive software; it combines cutting-edge technology, enchanting graphics, and superior game designs.
CGT was sarted by Mike Edwards in 1992 in a garage in Las Vegas. Among the early creations of CGT were Space, Saga, Robo-Wars, Coldrake, and Quest of the Staffs which had widespread recognition not just in domestic market but also abroad. In 1995, CGT merged with Software-4-All which enabled CGT
Inc. to become a software publisher in its own right and to enjoy Software- 4-All's superior worldwide distribution network. In 1998, the company relocated to Atlanta, Georgia, in order to take advantage of potential new talent in the software programming fields.
CGT's computing resources consists of:
• Dedicated staff for development, testing, and technical support
• 250 client desktop systems
• RRAS server
• HP Procurve 2424 M switches
• VPN server
B. Problem Definition
CGT operates in an industry where protection of intellectual property is the foremost requirement. CGT's current working conditions are such that the company's assets are under a threat from external as well as internal environment.
External Threat: CGT has internet presence, and employees are allowed to work from home once a week, which means that they would access company's emails from personal internet connection. This poses a risk to the company.
Internal Threat: Internal activities/operations of the company are prone to potential threats of access from unauthorized users. The network is also susceptible to accidental employee activities.
C. User Requirements
Task functions: Able to use home based internet system to access CGT's emails without any risk
Prevent unauthorized access in the work area
Security training on creating awareness on potential risks
Recommendations: Authenticating all remote users. Authentication of users should be in compliance with CGT's IT policy.
Users shall not establish a separate Internet connection while simultaneously connected to CGI's network through the use of multiple network cards, modems or other access techniques.
CGI shall establish and implement a procedure for keeping their directory of approved users accurate, current and protected.
Following documents shall be required to be created and maintained:
• IT Security Policy document
• Employee details document
• List of users authorized for remote connection
• Directory of dial-in numbers to contact in case of emergency
D. Feasibility study
Economic feasibility: The economic feasibility consists of performing a cost benefit analysis. Some of the items that affect the cost of a control or safeguard include:
1. Cost of development or acquisition of hardware, software, and services
2. Training fees
3. Cost of implementation
4. Service costs
5. Cost of maintenance
Benefits can be determined by valuing the information assets exposed by the vulnerability and then determining how much risk is there for assets. This is expressed as the Annualized Loss Expectancy (ALE).
SLE, or Single Loss Expectancy is the value associated with the most likely loss from an attack
SLE = Asset Value(AV) * exposure factor (EF)
SLE = $10,000,000 * 60% = $6,000,000
Where, EF is the percentage loss that would occur from a given vulnerability exposed
ALE = SLE * ARO
ALE = $6,000,000 * 0.50 = $3,000,000
Where, ARO is the probability of loss from an attack
Technical Feasibility: capability of current technology and methods of operation in meeting user requirements. It consists of analyzing the following:
• Review of current technical state of CGI
• The openness of each technical architecture to support the development of security network
• A map of systems and data information flows that will support the development of security network
• Technical requirements needed to connect to security network
• The time frame and resources required to create the security network
• The technology at CGI is leading edge with high risk
Behavioral Feasibility: It is the acceptance of changes within the organization by CGI employees. It deals with the following:
• Checking whether it is convenient for users to operate the new security system
• How easily can they be trained in due course of time
The security system is very simple to understand and operate and users require initial training to create awareness about the new system and regular trainings to update them of the latest.
E. Outline of project scope/goals
• Provide a high level of data security solution to CGI
• Facilitate coordination and information sharing with both internal and external stakeholders of the project
• Accomplish project business goals and objectives within defined budget and time parameters
• Provide a security solution that is scalable and grows as CGI grows
• Minimize impact to standard business operations within the organization
• Ensure that end users are trained on the new system
F. Estimate of Costs
Costing Item Yr 0-1 Yr 2 Yr 3,4,5
Post implementation support $60,000
Maintenance Service Plan $40,000 $40,000
Total $300,000 $100,000 $40,000
Additional Infra Items 2 Offices 2 Offices 1 Office
One Time Implementation Cost Estimate (Yr 0-1): $300000
One Time Post Implementation Support Cost Estimate (Yr 1-2): $60000
On-going maintenance cost per annum: $40000
• Additional Cost Elements: Real Estate & facility Management
- 2 offices required for security system deployment
A) 1 Office for security solution hardware, server etc - ongoing requirement
B) 1 Office needed for security solution implementation consultants - Yr 0-2 requirement
G. Existing Resources
• Office space
• Administrative support by ASA
• WWW services by Pinnacle Web Services (PWS)
• 12 TCP protocol LAN
• Back-up database servers
• Dial-up server (RRAS server)
• VPN Server
• LAN file servers
• 250 desktop computers
H. Feasibility Analysis
Feasibility Comments Outcome
Economic Benefits of implementing security are far more than cost of implementation Go Ahead
Technical Existing security system offers limited or no protection against potential threats Go Ahead
Behavioral Users to be made comfortable with network ...
A request for proposal for computer gaming technologies are examined.