Enterprise Security Assignment: Case study report Task: Provide a security architectural design for the Work Integrated Learning Program (WILP), a division of BITS Pilani, whose brief it is to provide the highest quality education experience to industry professionals. WILP is currently implementing new IT systems, something that also requires a complete overhaul of their IT security. This latter task is your responsibility. WILP is worried about several security issues: 1. Compliance with various security policies and privacy legislations 2. Cybersecurity - attacks from external sources, as well as from internal sources (rogue students) 3. Confidentiality of student records 4. Protection of WILP computer systems from inadvertent damage WILP, BITS Pilani has IT systems in all of their offices: Head office 1 - central administration of staff and students, central office systems Regional offices 3 - student records, regional office systems, payroll Regional campuses 7 - IT teaching laboratories, staff workstations, local office systems (file servers, printers) Components to deliver (Deliverables): 1. High-level security architecture. You can use any reference architectures that you can find. The purpose of this work product is to show what types of security services you intend to provide, what types of networks and servers are required, for each type of location (head office, regional office, regional campus). You will need to make reasonable assumptions about sizing, capacity, etc. of the various IT systems, and you need to provide a design for best security practice, i.e. cost is less of an issue than having security exposures and weaknesses. 2. Detailed security architecture for each type of office (HO, RO, RC). This will include specific details of what security services you will provide at office type, what networking you will provide, what application systems you will be protecting, what tools you will be using. 3. Detailed design for HO, 1 RO, 1 Campus. This will include security equipment, networking devices, storage systems, management tools, operational components for the detailed security architecture. 4. Costing estimates (hardware and software, both for implementation and operation) Pre-cursor (Deliverable) work products: Apart from the set of work products listed above, you may need to produce, before the final deliverables, the following additional work products: 1. Business requirements and risk assessments on which you will base your designs. 2. Use cases and/or Business Processes - to describe interactions between WILP users, systems and subsystems. Approach: Use any well-known security framework as a guide for your work products (including the data-centric approach discussed in class). Concentrate on the How, Who and Where (Process, People and Location) aspects. You will need to describe the existing WILP IT systems for which you will need to provide security services based on your security architecture. That means you have to do some research about how an organisation like WILP would be running its IT systems and what they would consist of. Use any tools or security appliances available in the market, as COTS or base solutions that can be extended. Submission: Due date: Refer LMS Course Page Format: report, suggested length 25-30 pages (incl. diagrams and tables), in a standard report format, submitted in electronic form as PDF document Assessment/ Marking: This assignment is worth 20% of the total course marks, and will be marked out of 20. Marks will be awarded for: 1. Report format and style - 2 2. Thoroughness and reasonableness of your assumptions - 2 3. Application of use cases to your assumptions - 2 4. Linking of business requirements to your solution - 2 5. Consistency between high-level architecture, detailed architectures and detailed designs - 2 6. The relevance of your architectures and designs to business requirements and use cases - 3 7. Delivery of all required work products and completeness of your solution - 4 8. Proof of application of security best practice in your solution -3