Summary: ...................................................................................................................................................... 3 COURSE HOME .............................................................................................................................................. 4 What's New........................................................................................................................................ 5 Course Checklist ............................................................................................................................. 6 SYLLABUS PART 1 .......................................................................................................................................... 6 Title: CISO Leadership: Essential Principles for Success ........................................... 8 Author: Todd Fitzgerald ISBN: 978-0849379437 Publication Date: Sept 13, 2012 ........................................................................................................................................................... 8 SYLLABUS PART 2 ........................................................................................................................................ 19 INSTRUCTOR BIO ......................................................................................................................................... 22 MODULE 1 ................................................................................................................................................... 23 HTML MODULE 1 HOME ......................................................................................................................... 24 MODULE 2 ................................................................................................................................................... 26 Module 1: Weeks 1-4 - Group Discussion ............................................................................................... 27 Topics...................................................................................................................................................... 27 Hidden ..................................................................................................................................................... 27 Post first .................................................................................................................................................. 27 Edit .......................................................................................................................................................... 27 Delete ...................................................................................................................................................... 27 Reorder.................................................................................................................................................... 27 MODULE 2 HOME ....................................................................................................................................... 95 Module 2 Home HTML ............................................................................................................................ 97 Module 2 Deliverables .............................................................................................................................. 101 Module 2 Group Discussion ...................................................................................................................... 107 Module 2: Weeks 5-8 - Group Discussion ............................................................................................. 107 Topics.................................................................................................................................................... 107 Hidden ................................................................................................................................................... 107 Post first ................................................................................................................................................ 108 Edit ........................................................................................................................................................ 108 Delete .................................................................................................................................................... 108 Reorder.................................................................................................................................................. 108 Module 3 Home ........................................................................................................................................ 129 Module 3 Scenario 1 HTML ................................................................................................................... 130 Module 3 Scenario 2 HTML ................................................................................................................... 131 Module 3 Scenario 3 HTML ................................................................................................................... 132 Module 3 Deliverables .............................................................................................................................. 133 Module 3 Group Discussion ...................................................................................................................... 136 Module 3: Weeks 9-12 - Group Discussion ........................................................................................... 136 Topics.................................................................................................................................................... 136 Hidden ................................................................................................................................................... 136 Post first ................................................................................................................................................ 136 Edit ........................................................................................................................................................ 136 Delete .................................................................................................................................................... 136 Reorder.................................................................................................................................................. 136 Module 3 Group Discussion – course feedback .................................................................................... 145 Module 3: Weeks 9-12 - Group Discussion ........................................................................................... 145 Topics.................................................................................................................................................... 146 Hidden ................................................................................................................................................... 146 Post first ................................................................................................................................................ 146 Edit ........................................................................................................................................................ 146 Delete .................................................................................................................................................... 146 Reorder.................................................................................................................................................. 146 Summary: I have just completed the first run of a new online-only class for the University of Dallas, in Irving, TX. I am an adjunct professor there, teaching the final course that students in the Masters of Science Cybersecurity program must complete to graduate. The course is a CISO simulation that makes heavy use of role-play to put students into a real world scenario. Students assume the role of a newly hired Chief Information Security Officer, working in a fictitious pharmaceutical research firm. This firm was spun off of its parent company, leaving them to fully redesign their security infrastructure. Students are presented with videos and text content, to get them started, and then they participate and investigate in role-play through email - where the instructor plays the role of every other person at the company. There are 3 modules, 4 weeks each, across the 12 week, 3 credit hour course. Deliverables are due at the end of each module, after which time, we break from role-play to discuss the preceding module openly in group discussion. During the role-play period, students are barred from collaborating with each other. This is a sole-effort exercise, where any collaboration they need, is satisfied through the email based role-play with the instructor. Module 1: Security Infrastructure Design: students must fact-find through email role-play, determine security gaps (which there are many), shop out solutions, get actual quotes on those solutions, and then present a final proposal to the CIO staying within their alotted $100K budget. During this phase, students experience office politics, the shock of having their budgets reduced to $80K late in the module, and the challenge of getting pricing and valid configurations from real security vendors. Module 2: Security Infrastructure Implementation: students again fact-find with their peers through email role-play, and play project manager, to get various folks in IT to implement the solutions they chose in Module 1. They get news from the CIO, that regardless of what they chose for a firewall, IPS, or web gateway, they have been vetoed- and the company will be going with Palo Alto Networks instead. Some rudimentary training is provided on the next-generation firewall, but mostly, they are left to research any missing information on the internet...to bootstrap themselves into being able to configure an NGFW. Students are granted access to a private lab environment that we constructed, and must put a base configuration on a real instance of a (Palo Alto Networks) next-generation firewall, to enforce the policies they include in the Acceptable Use Policy, which they also must create. Module 3: Incident response/Crisis management: In the final module, the CISO students are faced with escalating cyber attacks against their organizations. These come in the form of high-level reports detailing the types of attacks their new firewall is seeing. Students must research these attacks, separate the falsepositives or not-at-risk items from the actual threats they face, and then take a course of action. These are documented in incident response documents. Again, email role-play with their 'co-workers' is required to fill-in-the-blanks, and help determine threat severity. This course was a success in its first run, and will be run again in the summer term. Feel free to make use of this course concept, or its content, for any other Palo Alto Networks Academy sanctioned programs you may run. I cannot share my private lab resources however- I simply do not have the resources available to extend this environment any further than in is already. Regards, Matthew Ancelin COURSE HOME START HERE If you are reading this, then congratulations! You have taken every other course required in the MS Cybersecurity program here at University of Dallas, and are prepared to undergo your final challenge. For the next twelve weeks, you will play the role of a newly-hired Chief Information Security Officer (CISO) at a fictitious company, PharmaKiln. The course is divided into three modules, each module lasting four weeks. Each module will follow a similar format. Week 1: Instruction week Weeks 2 and 3: Solo work - simulation work weeks, and deliverables due Week 4: Group review week Weeks 1 through 3 of each module require independent student work. This means that during these weeks, you are not to discuss your work with any of the other students. You may however consult with persons outside of UD, just as you would if you were actually in the CISO role. People outside of UD might include actual vendors of hardware/software security solutions, IT professionals, family, or friends. If you do contact other professionals, please clearly state that you are doing research work for your degree program. Do not impersonate a CISO or misrepresent yourself outside of the simulation. Happily, you do have a research assistant assigned to you during this course- it's name is Google. At the end of each Week 3, your deliverable(s) for that module come due. It is critical that you turn in your deliverable(s) by their due date, or you may not be able to participate in Week 4 Group Review. During Week 4, we step out of the role-play, and each student's work is revealed to the others. For this reason, late deliverable submissions will be penalized heavily. During the last week of each module, we will break from role play to discuss our deliverables as a group. To facilitate holding this live meeting, a Doodle Poll has been created for you to select your meeting time preferences. Be sure to complete this prior to week 3 ending, for each module. The link for this scheduling poll can be found at the end of each module's Deliverable section, or under the Week 4 Group Discussion section. During this role-play, the instructor will play the role of any employee at PharmaKiln outside of yourself. You will be expected to ask questions and give answers to the appropriate people in the organization. You will need to leverage the knowledge and power base of your co-workers in order to gather missing information, exert influence and leadership, and otherwise communicate with your fellow employees at PharmaKiln. Internal company communications during role-play weeks will be accomplished using email. You must ensure that 'CYBS*8395*1QA' is in the subject line or the email will not be considered as a role play communication. After the class designation, put the fictitious employee(s) of PharmaKiln you are writing to, followed by the subject line of the email. CYBS*8395*1QA: TO: John Smith, Mary Jones, CC: David Roth, BCC: Jose Fonte: questions about the network Email subject line format example: NOTE: For the independent study weeks, which is weeks 1 through 3 of each module, the instructor must be the ONLY RECIPIENT of role-play emails. Do not include any other students on these emails during the role play weeks.Do not confer with other students on the work you are doing during the role play weeks. This restriction is lifted in week 4 of each module for group discussion, outside of role play. Sound fun so far? If you are ready to jump in, then proceed to Module 1: Congratulations on your new job. What's New Expand All Sort By: Item | Student Module 3 - Group Discussion Go See What's New Since: Last Login: 4/12/2015 7:42:22 PM Course Checklist Students can keep track of the activities and due dates in the course with the Course Checklist. SYLLABUS PART 1 CYBS 8395 Section 010: Cybersecurity Practicum Spring 2015 Syllabus Part 1 CONTACT INFORMATION Professor: Matthew Ancelin, CISSP, CNSE Office: Virtual E-Mail: [email protected] Phone: 214-636-4263 Office Hours: By Appointment WiFi Support (Gorman G/H): 972-721-5030; [email protected] COB Faculty Support Center (Anselm 112): 972-721-5277; [email protected]. COURSE DESCRIPTION The Practicum is taken in the last semester and designed to integrate all earlier coursework. Under the guidance of the professor, each student completes a practical exercise in a simulated cybersecurity management role. Approval is required to enroll. This course is open only to M.S. students in Cybersecurity. Prerequisites: None. Please refer to the UD Bulletin for course descriptions. COURSE OBJECTIVES Upon completion of this course, you will be able to: 1. Demonstrate an ability to design an IT security architecture within real-world constraints. 2. Manage the deployment of an IT security architecture in a simulated environment. 3. Create security policy both written documents and logically enabled on security devices. 4. Respond to IT security incidents and manage crisis situations in a simulated environment. EXPERIENTIAL LEARNING The faculty members of the College of Business are committed to providing experiential learning opportunities in their courses. We believe it is the most effective means for enhancing adult learning. This course incorporates experiential learning in the following way: Use of business world simulation as the context of the course. Access to and use of real-world security tools, security product consoles, and documentation. Participation in simulated IT department collaboration and communication. Participation in simulated and/or real-world engagement with IT security vendors, value added resellers, and industry analysts. ETHICS AND PRINCIPLED LEADERSHIP The Mission Statement of the University of Dallas College of Business reads, in part, “The College of Business is a professional school whose primary purpose is to prepare its students to become competent and responsible managers who are principled and moral leaders.” The faculty members of the College of Business are committed to preparing principled and moral leaders by integrating discussions of ethics throughout our curriculum. We approach this task with the assumption that any decision that impacts another person is by definition a moral decision. In this course we will be addressing the ethics involved in the M.S. Cybersecurity Practicum in the following way(s): Practical application of ethical decision making. Creation of academic research that is free of plagiarism and is academically honest. Being able to defend your decisions and deliverables from an ethical perspective. Understand the ethical application of Network Security principles and what constitutes abuse of power as an IT security professional. SUGGESTED TEXTS – NOT REQUIRED Recommended reading: Title: CISO Leadership: Essential Principles for Success Author: Todd Fitzgerald ISBN: 978-0849379437 Publication Date: Sept 13, 2012 Kindle edition: http://www.amazon.com/CISO-Leadership-Essential-Principles-Succe ebook/dp/B009AI378A/ref=tmm_kin_title_0?_encoding=UTF8&sr=&q Recommended reading: Title: The Illusion of Due Diligence Authors: Jeffrey S Bardin ASIN: B003J35LFY Publication Date: April 24, 2010 Kindle edition: http://www.amazon.com/Illusion-Due-Diligence-Jeffrey-Bardinebook/dp/B003J35LFY/ref=sr_1_1?s=digitaltext&ie=UTF8&qid=1417579362&sr=11&keywords=the+illusion+of+due+diligence Documentation library: In addition to these texts, there are several additional readings availa in the eCollege course itself, including white papers, network diagram product literature, administrator guides, best practices technical note and more. Minimum Software Requirements: Minimal Software Requirements: MS Office 2007 (Word, PowerPoint, and Excel). Charting and/or network diagramming capabilities may be used. Ability to install free or demo version software tools such as Wireshark, Network Notepad, and CADE is a plus. Internet access, browsing, multimedia, flash, and java capable computing resource required. Ability to use Citrix Goto Meeting, and participate in conversation either through headset and microphone, or using telephone dial-in conference bridge to US based phone numbers, is required. Toll-free numbers will be provided for any online conferences. Please refer to the UD Bulletin for course descriptions. Please refer to the COB Graduate Laptop Policy/Technology Requirements for complete details. ASSIGNMENTS AND EVALUATION Assignments You will have 3 major deliverables, each due at the end of the 3rd week of each of the 4-week modules. Module 1: IT security design: risk analysis, recommendations, budget request. Module 2: Policy implementation: written acceptable use policy, strategic policy, and screen shots of firewall configuration reflecting that policy. Module 3: Incident response reports: executive briefing on security posture, incident report, change requests, screen shots of actions taken in lab. Each module's deliverables also requires a summary slide deck. This is what will be shared with the class during the group review week, the 4th week of each module. Discussions Discussions will take two forms: private role-play and group review. Private role-play will occur in the form of email communications during the first 3 weeks of each 4-week module. This represents all communications by the student (CISO) with any other person or groups involved in the simulation. Group review occurs openly in the discussion group, across all students and faculty. This is a time to break from the role play and perform an after-action review and critique based on each individual role-play effort and deliverable. There is both an online discussion and a single, scheduled, live internet meeting to facilitate group review. Please read Interaction Guidance & Grading Criteria later in this syllabus for more information on discussions. Policy on due dates, grammar & spelling requirements for assignments, late submissions, make-ups, participation requirements, and extra-credit, etc. To maintain the integrity of the role-play format, it is critical that all students complete their individual deliverables by the due date. All document-type deliverables must adhere to standard English language grammar and spelling conventions. Technical and/or lab submissions will be required to conform to applicable syntax rules. Late major deliverables will cap the maximum possible grade on that deliverable to a C, at the instructor’s discretion, and may not be able to participate in group review due to time constraints. Participation in both the private role-play and group review discussions/journals is a critical component to this course. Students will be required to correspond multiple times per week to gather and disseminate enough information in their simulated roles to be demonstrate effectiveness. Attendance Policy COB Graduate Attendance Policy: If a student does not participate online or attend the first week of classes, without prior approval, the instructor will notify the Office of the COB Graduate Enrollment who will then contact the student. While we realize that graduate students are working professionals, they should contact their instructor when missing a class. Instructor Feedback Grades for each module will be posted within 48 hours of the last day of that module. Non-role-play emails will be responded to within 48 hours. Role play feedback will be as continuous as possible. COURSE SCHEDULE Course Schedule Module Topic Readings & Assignments Instruction week 1 Design Role play week 1 Role play week 2 Dates Read course introduction and format Watch module 1 videos Read pertinent documentation in Doc Sharing and review resources in Webliography Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play Jan 21 – Jan 27 Research and price security solutions Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play Jan 28 – Feb 3 Research and price security solutions Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play Feb 4 – 10 Module 1 Deliverables: produce security design, budget, high-level implementation plan, and summary slide deck Participate in group discussion of security designs Participate in scheduled live web meeting to review and discuss designs Provide constructive feedback and/or counterpoints to peers and their deliverables, and defend your own Feb 11 - 17 Read module introduction Watch module 2 videos Read pertinent documentation in Doc Sharing and review resources in Webliography Receive module 2 deliverable assignment Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play Feb 18 - 24 Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play LAB: complete Ultimate Test Drive Next-Generation Firewall lab Develop and document acceptable use policies Feb 25 – Mar 3 Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play LAB: Implement security policy on student workshop firewall Module 2 deliverables: initial NGFW configuration, Mar 4 - 10 Group review Instruction week 2 Implementation Role play week 1 Role play week 2 acceptable use policy, implementation plan, and summary slide deck Group review Instruction week and Scenario 1 3 Incident Response Scenario 2 Scenario 3 Participate in online group discussion of policy implementations Participate in scheduled live web meeting to review and discuss Provide constructive feedback and/or counterpoints to peers and their deliverables, and defend your own Mar 11 - 17 Read module introduction LAB: complete Ultimate Test Drive Threat Prevention lab Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play LAB and research: investigate, validate, and determine severity of IOCs (Indicators of Compromise). Document incident analysis and response. Mar 18 - 24 Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play LAB and research: investigate, validate, and determine severity of IOCs (Indicators of Compromise). Document incident analysis and response. Mar 25 - 31 Communicate and collaborate with vendors, co-workers, and others via email with instructor in role-play LAB and research: investigate, validate, and determine severity of IOCs Apr 1 - 7 Group review (Indicators of Compromise). Document incident analysis and response. Module 3 deliverables: revised NGFW configuration, incident response documentation and analysis and summary slide deck Participate in online group discussion of incident response Participate in scheduled live web meeting to review and discuss Provide constructive feedback and/or counterpoints to peers and their deliverables, and defend your own Apr 8 - 14 GRADING SCALE Grading Criteria: Grading Criteria Points Possible Percentage 360 pts 36% Role Play interactions, 9 weeks @ 50 pts each 450 pts 45% Group review interactions, 3 weeks @ 63.33 pts each 190 pts 19% 1000 100% Item Deliverables, 3 sets @ 120 pts each Total COB Standardized Grading Scale: COB Standardized Grading Scale Grade Points Percentage scale* A 4.0 93-100 A- 3.7 90-92 B+ 3.3 87-89 B 3.0 83-86 B- 2.7 80-82 C+ 2.3 77-79 Grade C 2.0 73-76 C- 1.7 70-72 D+ 1.3 67-69 D 1.0 63-66 D- 0.7 60-62 F 0.0 <=59 FA 0.0 Failure because of excessive absences or failure to withdraw from the course. *As a percentage of total points possible for the course. SUPPLEMENTAL INFORMATION Assignment Grading Criteria For all written deliverables, the following grading criteria will guide your final grade on those deliverables. Assignment Grading Criteria Percentage 0% Criteria/Expectations Not turned in OR not original work Incompleteness AND Poor Quality 50% - 69% Incompleteness means the student hasn’t accomplished all required assignments by due date; Poor Quality means the demonstration of misunderstanding on concepts AND major spelling/grammatical errors (more than 10). 70% – 79% Incompleteness OR Poor Quality Incompleteness means the student hasn’t accomplished all required assignments by due date; Poor Quality means the demonstration of misunderstanding on concepts AND major spelling/grammatical errors (more than 10). Good 80% – 92% Good means the student has accomplished all required homework by due date; also there are only minor mistakes in explanation of concepts OR minor spelling/grammatical errors. Excellent 93% - 100% Excellent means the student has accomplished all required homework by due date; also there are no mistakes in explanation of concepts AND no grammatical/spelling errors. Interaction Guidance & Grading Criteria Role-Play: During the first three weeks of each module you will be isolated from communicating with other students taking this course. All other roles beside yourself will be played by the instructor. You will not be able to complete the deliverables satisfactorily without frequent – and efficient - interaction in role-play with your simulated co-workers, simulated vendors, and simulated or real 3rd parties. In real life, no manager is effective managing in a bubble, without interaction. This portion of the course be your opportunity to ask questions, seek guidance, explore ideas, and validate decisions. You will need to wield influence, perform negotiation, and defend your power base. Quantity: It is expected that each student communicate during the role-play each week, as much as needed to accomplish the assigned deliverables. Quantity will be factored in to the role-play both from a perspective of too-much, or too-little. Simulating other busy professionals means that those other people may not respond as quickly as you’d like, or take kindly to being bombarded with email. You will need to use your best judgment and be an effective communicator. Quality/Efficiency: If the quality and depth of your interactions is high, then your quantity could be lower, and still effective. Asking a single close-ended question in role-play as your interaction, will produce a more limited response, which in turn could require more interactions to accomplish the same goal. Seek to communicate in concise, direct ways but also factor in emotion and personality as you would (or do) in your real job. Do not expect other roles in the simulation to complete your research for you – rather come to the conversation with research completed. Due Diligence: Continuous effort is required. Please do not procrastinate. Be mindful of your time limit in the first 3 weeks of each module and do not be caught short of critical information when the deliverable comes due. If this was a real management position, and you only showed up one day per week, you wouldn’t keep that position very long. Group Review: Week 4 of each module allows students to come out of isolation, and share their deliverables with their classmates. This is accomplished in both an online discussion in eCollege, as well as a once-per-module scheduled web meeting which is live. In this role-played management simulation, your ability to provide direct and effective feedback to peers during the week 4 group reviews will be factored into your Group Review grade. You are encouraged to summarize key points, raise questions, contribute ideas and opinions, and share real-world examples or experiences. You must both support and critique your class mates’ deliverables, as well as explain and/or defend your own. Understanding that we are all working professionals, with lives outside of work and school, attendance to 2 of the 3 group review scheduled web meetings will be acceptable. Best effort will be made to find the most amenable date and time for the group review web meetings, such that the majority of the class can attend, and in consideration of students varying time zones. If you cannot attend a group review live meeting, at least be sure that your deliverables are turned in to the Dropbox before Group Discussion week of each module begins. Group Review Threaded Discussion Grading Criteria Percentage Criteria/Expectations 0% If you do not participate at all in the class discussion, you will not receive any points 50% - 69% Minimal initial posting that demonstrates insufficient depth of thought given to the topics and/or failure to 31-44.2 pts 70% – 79% 44.3-49 pts 80% – 89% 50-56 pts 90% - 100% 57-63.33 pts grasp concepts from readings, instruments, lectures, etc., with little or no interaction with other students AND / OR significant grammar and spelling errors Substantive initial posting about the stated topics, but with non-substantive or no replies to other students’ postings OR initial postings and responses of average substance and/or poor grasp of concepts Substantive initial posting about the stated topics PLUS at least one substantive response to another student's pointof-view OR initial postings made after Sunday of each week AND some errors in spelling / grammar Substantive responses to the topics posted by Sunday at noon, two substantive response to other students' postings, plus the posing of questions that move the discussion forward and/or exemplary practical application of concepts AND only a minor error or two in spelling / grammar Part 2 of your Syllabus contains additional info regarding College/Universityspecific policies. You can find Syllabus Part 2 in your eCollege course. SYLLABUS PART 2 Syllabus Part 2 eCOLLEGE The University of Dallas eCollege online helpdesk is available for online students as technical support for completing online coursework. The helpdesk staff is available seven days a week, 24 hours a day. Please note this is provided for students taking online courses ONLY. The staff is trained in the eCollege platform. This helpdesk does not cover online registration or Banner. Helpdesk: 24/7 help with technical questions for online courses should be directed [email protected] or toll free 1-877-476-4622 In addition to contacting the Helpdesk by phone and email, Chat is another way for online students to seek real-time answers to their technical questions related to the online learning environment. Since the Chat feature involves a live, online technician, this additional channel of communication may result in quicker resolution times. Users can access a live chat session by clicking on the Chat link that has been placed on the Help page within the student's welcome screen. LIBRARY The University of Dallas provides a library service for all students. You must obtain a separate username and password for the online library services. For library services username and password assignment and assistance, please contact the UD IT Help Desk at 972-721-5030 or [email protected]. Once you obtain these credentials, you may use the resources. For technical questions regarding access to the databases (except for username and passwords), please contact Cherie Hohertz at 972-721-5040 or [email protected]. POLICY ON ACADEMIC HONESTY All students are responsible for familiarizing themselves with the University's policy on Academic Honesty. Please review the entire Academic Honesty policy, which is in the current University of Dallas General Bulletin. Plagiarism and cheating are extremely serious offenses and are not tolerated in the College of Business. Students who admit to having committed such offenses or who are found guilty of them are subject to dismissal by the Dean. Plagiarism. Plagiarism is an attempt to claim as our own, ideas or writings that originate with others - is a serious offense against the academic community. Plagiarism is not lessened by paraphrase or even by an extensive rewriting of another's work. Whenever ideas or words are borrowed, the student must give credit by citing the source. All credentialed sources of information must be documented in order to give proper credit to the author. In addition to traditional sources of information (e.g., books, journals, magazine and news articles), this includes information accessed electronically through the Internet or other sources. A student who submits plagiarized work is subject to disciplinary action as described in detail in the University of Dallas General Bulletin. Cheating. All work performed by a student to satisfy course or degree requirements must be the student's original work. This includes courses taught in any type of environment, including over the Internet. When plagiarism or cheating is found to have occurred, the student is subject to immediate dismissal from the University, and the grade for the course or the work submitted is subject to change. If a degree or certificate has already been granted at the time the violation is discovered, the degree or certificate shall be revoked, regardless of the time that has passed. When cheating is suspected a formal procedure will be instituted as described in the University of Dallas General Bulletin. POLICY ON DISCRIMINATION, EQUAL OPPORTUNITY, AND HARASSMENT The University of Dallas is an equal opportunity, co-educational and Catholic institution of higher learning. It is open to students and faculty of all faiths, and does not discriminate in admissions or employment on the basis of race, color, sex, age, disability, or national origin. The University of Dallas is committed to the safety and well-being of all students. If you believe that you have been a victim of sexual misconduct, harassment or violence (including sexual assault, stalking, dating or domestic violence), whether on or off campus, you have options and resources available to assist you. Students can make confidential reports to licensed professionals in the Counseling Center or the Student Health Clinic, to a member of the clergy or to the Director of Campus Ministry. Reports made to faculty members must be forwarded by faculty to the campus Title IX Coordinator, the Director of Student Life and/or the Director of Campus Security for investigation. Additional information related to the process for investigation of complaints is available from the Title IX Coordinator. POLICY ON THE AMERICANS WITH DISABILITIES ACT The University of Dallas College of Business complies with the Americans with Disabilities Act in making reasonable accommodations for qualified students with disabilities. Please present your written accommodation request to the ADA Coordinator as soon as possible and notify your professor that you have done so before the second unit begins. Students who are granted accommodations will be provided with a letter that must then be sent directly to your instructor. For additional information, including online accommodation request submissions, please visit: http://www.udallas.edu/offices/hr/adaaa/ Learn how Pearson eCollege is Making Learning Technologies Accessible. ADDITIONAL POLICIES & RESOURCES Academic Policies for College of Business Graduate Students Academic Honesty Academic Review Policy Academic Appeal Process Equal Opportunity Policy Grade Appeal Process Grading System Technology Requirements/Laptop Policy Leave of Absence Time Limit Course Waiver/Transfer Policy Add/Drop/Withdrawal Policy Auto Drop Policy (PDF) University Policies Internet Privacy Policy Academic Policies Online Learning Privacy Policy Transfer Credit Acceptance Policy Academic Honesty Copyright Policies Copyright and Intellectual Property Policies University Copyright Policy Intellectual Property Policy Inventions, Patents, and Copyrights Academic Freedom Student Policies Admission Policies Student Rights and Responsibilities Grading Policies Refund Policy Student Complaint Policy Graduate College of Business Resources Advisors BannerWeb (registration) Business Office (payment) Calendar Course Descriptions Faculty Directory Financial Aid Forms Graduation International Student Services Refund Schedule Registration Rotation Schedule Scholarships Tuition and Fees University of Dallas Bulletin - The UD Bulletin is the official catalog for the University of Dallas. 2013-14 University of Dallas Bulletin University of Dallas Student Handbook - The Student Handbook contains resources for student activities/life. UD Student Handbook 2013-14 INSTRUCTOR BIO Instructor/Professor Biography Matthew Ancelin, CISSP, CNSE - University of Dallas Adjunct Instructor Matthew Ancelin has been a technologist for 30 years, professionally for 13 years, and focused on information security for the past 7 years. Currently Matthew serves as a Network Security Specialist with Palo Alto Networks, supporting pre-sales engagements and network security assessments using next-generation firewall technology. Previous employers include McAfee, Perot Systems (now Dell), Cotelligent, and MicroAge, and previous roles include database administration, project management, salesforce automation systems, sales training, and pre-sales engineering. Matthew served in the United States Army Signal Corps as a microwave communications technician, where he was awarded the Army commendation medal and earned his Airborne qualification. Matthew is an alumni of University of Dallas, where he earned his Masters of Science in Cybersecurity in 2013. He holds a B.S. in Management Information Systems from Park University, summa cum laude. Matthew completed post-baccalaureate studies in Secondary Education at the University of Texas at Dallas in 2003. Matthew is a Certified Information Systems Security Professional (CISSP), Certified Digital Forensics Examiner, Certified Network Security Engineer, and a member of the FBI Infragard program. Matthew serves on the cybersecurity curriculum advisory board of Collin College, and has recently accepted the challenge of being an adjunct professor at the University of Dallas. MODULE 1 [If you have not read the Course Home Introduction do so now. Module 1 is a 4-week module which you will work to completion before beginning Module 2 in week 5.] You've taken a big step- leaving your old job, to take a position at a newly created company, as their Chief Information Security Officer. As you enter the building for your first day at work, you are greeted by the CIO of PharmaKiln, the same person who you had done your final interview with just a couple weeks prior. The CIO greets and leads you toward his office to talk. "Hello! I'm your new Chief Information Security Officer" "Did we get to keep to keep any of the systems or network gear from Megaceutical?" "Who should I be working with?" "What are my immediate priorities?" Over the next couple weeks you will produce a security design, budget proposal, high-level implementation plan, and a summary PowerPoint slide deck. [Proceed to Deliverable section ] HTML MODULE 1 HOME <div style="text-align: center;"><em><font face="Verdana" size="2"><br /> [If you have not read the <a href="/ec/crs/default.learn?CourseID=10750058&47=30362447&dt=1%2f8%2f2015 4%3a32%3a28 PM&UnitNumber=0&COID=&UPK=65627704" target="_top">Course Home Introduction</a> do so now. Module 1 is a 4-week module which you will work to completion before beginning Module 2 in week 5.]</font></em></div> <font face="Verdana" size="2"><br /> <br /> </font> <div style="text-align: center;"><font face="Verdana" size="2"> <img src="/CurrentCourse/pharmakiln_logo.jpg" alt="PharmaKiln logo" title="PharmaKiln logo" /> <br /> <br /> </font> <div style="text-align: left;"><font face="Verdana" size="2">You've taken a big step- leaving your old job, to take a position at a newly created company, as their Chief Information Security Officer. <br /> <br /> As you enter the building for your first day at work, you are greeted by the CIO of PharmaKiln, the same person who you had done your final interview with just a couple weeks prior. The CIO greets and leads you toward his office to talk.<br /> <br /> <strong><em>"Hello! I'm your new Chief Information Security Officer"</em></strong><br /> <br /> <iframe width="560" height="315" src="//www.youtube.com/embed/SfSoPUByJfg" frameborder="0"></iframe> <br /> <br /> <strong><em>"Did we get to keep to keep any of the systems or network gear from Megaceutical?"</em></strong><br /> <br /> </font></div> </div> <font face="Verdana" size="2"><iframe width="560" height="315" src="//www.youtube.com/embed/Jvj-5DTMyIU" frameborder="0"></iframe><br /> <br /> <strong><em>"Who should I be working with?"<br /> <br /> <br /> </em></strong> <iframe width="560" height="315" src="//www.youtube.com/embed/ywqVAuZupuc" frameborder="0"></iframe><br /> <br /> <strong><em>"What are my immediate priorities?"<br /> <br /> <br /> </em></strong> <iframe width="560" height="315" src="//www.youtube.com/embed/RYJHr3BhJko" frameborder="0"></iframe><br /> <br /> Over the next couple weeks you will produce a security design, budget proposal, high-level implementation plan, and a summary PowerPoint slide deck. <br /> <br /> [Proceed to <a href="/ec/crs/default.learn?CourseID=10750058&47=30362447&dt=1%2f3%2f2015 9%3a30%3a21 AM&UnitNumber=1&COID=7&UDPK=609038967&UPK=66817084" target="_top">Deliverable section </a>]<br /> <br /> <br /> <br /> <br /> <br /> <br /> </font> MODULE 2 Module 1: Deliverables Your CIO has an executive board meeting coming up. You will need to supply the following items to him so that he can present your security plan and budget proposal. Security Plan: Written document in MS Word format. Include any risk analysis or needs assessment. Describe the immediate priorities for securing the PharmaKiln environment. Budget: MS Excel format. Include capital expenditure (initial purchase costs) as well as operating expense (ongoing maintenance costs) for any products included in your design. High-level implementation plan: estimated time required, personnel required, and/or additional costs involved with implementation of your security plan. Include as a single slide in your summary slide deck. Summary Slide Deck: MS PowerPoint format. The CIO will be building your slides into his overall deck, to present to the executives. Summarize your security plan on one slide, your budget on another slide, and your high-level implementation plan on the last slide. Supporting documents: The CIO would like to have any supporting materials in the event that the board digs deep into your plan. This would include any quotes, diagrams, or alternative designs. Documents may submitted as MS Office documents or PDF. Module 1 deliverable is due February 10, 2015 by Midnight. It is critical that you submit your assignment on time, to be able to participate in the Week 4 Group Discussion. Group Discussion time slot preferences must be submitted by Febrary 8, 2015 by Midnight. Once per module, the class gets together online, in a live group session. The purpose of the meeting is to step out of role play and discuss the previous weeks efforts as a group. Come prepared to share and defend your deliverable, as well as provide feedback to other students on theirs. To find a time in which the majority of students can attend, please use the Doodle poll. Select multiple times, any times which you would be available for our group session. The Doodle Poll was built assuming Central time zone, but should adjust to whatever time zone your computer is set for. The times should show as 7pm, 8pm, or 9pm start times (all Central time). DOODLE POLL - Click Here Whether you are not available to attend the date/time assigned for the live meeting, you must also participate in the Group Discussion online. Group Discussion Module 1 Module 1: Weeks 1-4 - Group Discussion Content Toolbox Introductory Text (appears above all topics) Edit Topics Hidden Post first Edit Delete Reorder Share your summary slide deck with the class No No Elements of Module 1 No No Choice of security products No No Add Topic Share your summary slide deck with the class OK! Module 1 is almost done- the design phase. Please post (only) your summary slide deck from your Module 1 deliverables here in this thread, so that your fellow students may review your work. I ask that each of you provide critique for all of your other fellow classmates security design. While positive comments are certainly welcome, I ask that at least one suggestive or corrective comment be included in your post as well. Respond Topic responses Discussion Collapse All More Sort By: Lankappa Prasanna Kumar 2/11/2015 9:33:19 AM Prasanna - PharmaKiln IT Security Plan Summary PharmaKiln IT Security Plan Summary. Rgds, Prasanna Prasanna_ITSecurityPlan_Summary.pptx Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Lankappa Prasanna Kumar 2/11/2015 11:50:01 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Hi Prasanna, Thank you for sharing your comprehensive and insightful summary slide. I can tell you must have done a great in the role-play session to obtain so much insights of PK. Your point-5 almost covers all grounds where PK may have serious or minor problems. Would be great, if you can split your 1 informative slide into 3 slides as prof. Ancelin required (one slide for Security Plan, one for Budget, and one for Implementation plan). I am, and I think the executive board may also be quite curious to see how you can spend 80k in 45 days and make it a successful project. Right? One more thing: I assume it would better serve the need of your CIO, and make exec. board have a good grasp if you have some photos, charts, and figures. Bullets might be the last option for a good presenter, in my opinion. I believe your complete Security Plan probably have covered all the details :-) Again, it's a thorough and comprehensive analysis. Regards, Jack Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Jia Zhuang 2/18/2015 9:11:00 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Jack and Prasanna, It is evident that you did a great job like Jack points out with the role playing as you seemed to have made quite a comprehensive plan in your security response. The recommendations you have are well thought of and my primary observation here is that you understood the role playing game early one, took advantage of that and made the best use of the information that it could lend itself to. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Jia Zhuang 2/11/2015 11:54:05 AM RE: Prasanna - PharmaKiln IT Security Plan Summary I was to do it after my initial posting and I got stuck with work. Done now... Rgds, Prasanna Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Lankappa Prasanna Kumar 2/11/2015 11:53:15 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Posting the complete deck. Prasanna_ITSecurityPlan_SlideDeck.pptx Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Lankappa Prasanna Kumar 2/11/2015 6:55:12 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hi Prasanna Definitely much better than you original post. Thanks for fixing that quickly. Positive Point: 1. You definitely put a lot of effort collecting details for your plan. Suggestions: 1. Too much text on slide. Usually, even mid-level managers doesn't prefer such descriptive slides. If you are presenting this to a CEO, and you have less time to present. 2. You have very detailed budget view along with IT Security Spend View. I felt one could have been sufficient, you are going to talk about the same thing on both the slide which would be the Overall cost. In my view, that's pretty much what management would expect. 3. Security plan implementation timeline is bit confusing. You kind of using a fish bone type analysis view for project plan which is bit confusing. In addition, I could not relate your tasks table with the timeline view since the text on both are different. Overall it’s a good work! Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Venkat Sundararaj 2/13/2015 12:02:09 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Venkat, It was not a fix. I was checking with Professor and had posted just one slide thinking teh first Sumamry Slide was needed. Then I posted immediately the entire deck. Thanks for your feedback. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Lankappa Prasanna Kumar 2/17/2015 11:34:55 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Prasanna, Contrary to what has been suggested, I thought that your security plan implementation timeline was probably the best done in class. I really commend you on your skill of the way you used the colourful fish bone analysis view for the project plan to be quite effective. Shree. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Venkat Sundararaj 2/13/2015 12:10:15 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Venkat, Missed to ask. As a CISO what do you infer from the deck wrt Technical Aspects of the security Plan? Other than seeing the cosmetic things on the slides that you been talking about? May be everyone has there own caliber of making Slides/Reports. Seeing the slides of entire Class I think some are very limited in information and some have more than needed information. But, feedback Professor needed was on the Security Plan and not the Design or Cosmetic things on the Slides or what you used for Project Management. I didn't see Professor's comment or instruction anywhere what really we should use for Plan Implementation. I mean MS Project/Gantt Chart/etc, etc Rgds, Prasanna Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Lankappa Prasanna Kumar 2/19/2015 10:50:54 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Prasanna From the course point of you, I wouldn't disagree on anything you put on the slide with all the data. I was bit hard to relate items if you see them just a slide without someone actually presenting and briefing them. Yes, agreed with you on the point that each one have their own way of making slides/reports. But, my suggestions were more of a recommendation not a corrective commends on your presentation. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Lankappa Prasanna Kumar 2/13/2015 3:19:23 PM RE: Prasanna - PharmaKiln IT Security Plan Summary I liked the format of your timeline- venn works just as well as bar. One subtle thing I buried in the doc share was a PPT template. In a real situation, you want to use any format standard supplied- to keep the CIO from having to reformat before presenting all of his departments. Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Instructor Ancelin 2/19/2015 11:00:46 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello professor, You are right on the bar graph and additional line graph was unnecessary. Yes, I did notice the presentation in the doc sharing is from where I got the logo. But, I was having bit hard time to use them as master slide since the graphics on that was way beyond the actual slide itself. I think I would just use that directly instead of trying to add that to master slide. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Instructor Ancelin 2/18/2015 2:58:44 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Professor Ancelin, Thanks for pointing out the importance of formatting while having to present to the CIO and CEO's of companies. I am sure this is a valuable lesson for the future along with the many other here. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Matthew Price reply to Lankappa Prasanna Kumar 2/14/2015 1:45:17 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Lankappa, This was a very well put together presentation. I liked the two different budgets, and the security implementation timeline. This will be an effective presentation to any C-level or higher. Your solution does provided immediate needs at the edge of the network and the endpoints are protected throughout the organization. Well done. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Matthew Price 2/14/2015 5:14:34 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Thanks Matthew. Appreciate it. Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo reply to Lankappa Prasanna Kumar 2/14/2015 10:10:49 PM RE: Prasanna - PharmaKiln IT Security Plan Summary To me, this is an excellent presentation. You combined both graphic and nongraphic. I personally prefer not to be too graphic. I like the fact that you provided the implementation timeline. This I did not do in mine. Reply Recommend Edit DeleteShow Less Larry Hodge reply to Lankappa Prasanna Kumar 2/17/2015 8:53:02 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Lankappa, Your plan looks really well thought out and detailed. I really enjoy looking at your timeline. It looks as if you have everything covered and Pharmakiln would be most fortunate to have your plan implemented. Again, the only critique I have is that there is so much information in each slide that the common corporate person would probably have a hard time absorbing everything. Reply Recommend Edit DeleteShow Less Royce Humpert reply to Lankappa Prasanna Kumar 2/17/2015 11:58:43 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Lankappa, I went thru your presentation and was glad that someone really hit the nail on the head. The way it could be included in someone else’s presentation is awesome. There was a good plan summary slide. The budget met the projection needs well, and the following summary slide really brings it all together. Lastly your timeline was awesome! Those of you that know me know that I don’t compliment people often, but in this case – Lankappa, you did a great job. In looking over your slide deck I see so many things I could have improved on and made mine better. Sincerely, Royce Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Royce Humpert 2/18/2015 12:32:03 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Thanks Royce. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Lankappa Prasanna Kumar 2/18/2015 3:14:54 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Prasanna, This is a well put together presentation and I can see that you have considerable industry experience in doing so. While I can see that you have worked as a manager in the way you have created a budget by dividing it into specific components of operating expenditure and capital expenditure, your forecasting for years 2016 and 2017 are also quite thorough. Your security implementation timeline is very good and realistic and I feel that most executives would pay attention to such a presentation. Again, I think this is a job well done. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Lankappa Prasanna Kumar 2/18/2015 10:23:23 AM RE: Prasanna - PharmaKiln IT Security Plan Summary Hello Prasanna, That was a good presentation, your choice of security appliance perfectly suites the current infrastructure’s immediate priorities. Providing a separate Security Spend view was a very good idea. The only change I would like to see in your presentation (which in my view is not a bug to consider) is presentation of the timelines which might a distract user view when looking for a particular Task. Otherwise it was a great presentation. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Ian Weir reply to Lankappa Prasanna Kumar 2/17/2015 10:58:07 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Hi Prasanna, I really liked your presentation. When I was putting mine together, I didn't think to present the costs by year the way that you did- I think it was very smart to do it the way you did because it answers questions before they are asked. I also liked the graphical representation of the timeline for the phases of the project. A table is nice, but the timeline showing the sequence makes the information easier to follow. My only critique is that the IT Plan Summary slide is very text heavy. Where possible, distilling the info on the slides is a good move. Very good job. - Ian Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Lankappa Prasanna Kumar 2/18/2015 12:26:19 AM RE: Prasanna - PharmaKiln IT Security Plan Summary I would take back of previous suggestions :-p Your plan is well developed and workable. Jack Reply Recommend Edit DeleteShow Less Bob Chiang reply to Lankappa Prasanna Kumar 2/13/2015 11:03:12 PM RE: Prasanna - PharmaKiln IT Security Plan Summary Prasanna, I like your presentation. I agree with an earlier posting that too many words can lose the attention of your audience, but I understand why you did it. In the absence of pitching the slide, you need the information to convey itself. I like the detail that you provided and the timeline graphic is eye-catching. Great work! Bob Reply Recommend Edit DeleteShow Less Jia Zhuang 2/11/2015 11:23:13 AM Jack Jia Zhuang Summary Slide Deck Hi all, Attached please find my Summary Slide Deck for your review. Welcome comments/suggestions/critics. Thank you, Jack jzhuang_summary slide deck.pptx Reply Recommend Edit DeleteShow Less Bob Chiang reply to Jia Zhuang 2/13/2015 11:06:45 PM RE: Jack Jia Zhuang Summary Slide Deck Jack, I like the graphical approach to your security plan slide. Assuming that someone was verbally pitching the content, the graphics might be sufficient. I also like the two-factor authentication line on your budget. That's a great idea! As for the timeline, I like the detail, but I'd be concerned about the aggressive schedule. Three months to have everything implemented would have me concerned that something is overlooked. Maybe you have a good team :) Thanks for sharing, Bob Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Jia Zhuang 2/11/2015 6:39:43 PM RE: Jack Jia Zhuang Summary Slide Deck Thanks for sharing your slide. Positive Points: 1. Less text on the slides and on to the point for management group is always recommended. I do see that you have them considered in your slide. 2. Your presentation is risk focused. Suggestion: 1. You could have bit more talk about the actual risk on your slide than category of the risk belongs to. For management, usually they care about the actual risk than category that belongs to. 2. You budget doesn't reflect year over year expenses. ** on your slides doesn't really say what that means. Does it mean priority or optional? 2. Your high-level implementation plan doesn't reflect the actual group/people doing that work. It would have been great if you had included them. Overall good work! Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Jia Zhuang 2/11/2015 12:21:51 PM RE: Jack Jia Zhuang Summary Slide Deck Hello Jack, Nice work on the Security Plan Summary slides. I liked the graphics and color that is very attractive and catchy. Also, you managed to include training in the limited budget we had which is a plus point. The budget is well managed but not descriptive enough and detailed about the expenses and going forward the 2016/2017 or further plans for including the Operating Costs. It would have been nice to see some writeup on the Security Plan layout slide along with snaps, so it can speak more or make one understand better what we are implementing or the course of action we take to add Security to PharmaKiln Network. I also felt the implementation timeline of 22 weeks is a bit longer and could have been shortened. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Larry Hodge reply to Jia Zhuang 2/17/2015 8:59:26 AM RE: Jack Jia Zhuang Summary Slide Deck Jack, very slick presentation. A nice balance of graphic and text without overwhelming the viewer. I agree that the plan could have been better if it included a forecast to include ongoing maintenance costs aswell. But overall I found it very informative. You can tell those who understood early on the indtructions and had time to bring something excellent to the board. Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo reply to Jia Zhuang 2/15/2015 7:15:16 PM RE: Jack Jia Zhuang Summary Slide Deck Hello Jack. I agree with my colleagues about the graphic of the slide. I also like the bullets that you provided at the bottom to describe the elements in the graphics. However I wish they could be more descriptive. Reply Recommend Edit DeleteShow Less Matthew Price reply to Jia Zhuang 2/14/2015 1:51:44 PM RE: Jack Jia Zhuang Summary Slide Deck The PowerPoint presentation was very effective. I am wondering why you did FDE when Microsoft has been installing BitLocker in the OS's since at least Windows 7?This would have saved you 25k dollars to use towards another technology. I liked that you considered a contingency in your budget. Essentially saving some money for when it is needed. The problem that I have seen in the past is that if this 8k is not used then your budget is lowered by 8k for the next year. Good job. Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Jia Zhuang 2/18/2015 12:30:50 AM RE: Jack Jia Zhuang Summary Slide Deck Many thanks for your all great insights and suggestions. Your professional suggestions help me to better adjust my security plan. Jack Reply Recommend Edit DeleteShow Less Royce Humpert reply to Jia Zhuang 2/17/2015 11:57:22 AM RE: Jack Jia Zhuang Summary Slide Deck Jack, Normally I am a big fan of high contrast slides, these are a bit much for me. I really think that budget slide would have looked much better using the destination style of the PowerPoint. The bubble frame made the element more of a distraction rather than a solution. In comparison, the implementation slide was clearer and had more impact. Another area of understanding is the way a maximum budget is meant as a maximum. Unless you were ready to campaign to get your 20k back from the database team 80K was the new hard line. The desktop team and database teams were already working on encryption items. That would eliminate some duplication in the budgets and help with the cost recovery of the database overage. This would have given back some money to consider other technologies. Sometimes information like this is hard to get out of leaders and easier found in frontline employees. A deeper dive into the team may have shown that consulting services may not have been needed. That might have helped grow your contingency account. Also, when choosing to encrypt endpoints - encrypt all computers and servers. Doing this just gives you deeper layers to the security you have setup. So to go back to the figures you posted of needing 800 Antivirus licenses, when you are talking about encryption you would use the same number. I agree that certain details were missed about the way VPN is not as widely used as it may be in the average company. That understanding would have given you a different budget entirely. Just food for thought… Later, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Jia Zhuang 2/17/2015 4:39:23 PM RE: Jack Jia Zhuang Summary Slide Deck Hello jack Very nice presentation with graphics, I like the way your representation of the security components on one slide, they speak about your plan of action. Securing the website with HTPPS was a good one as it was mentioned the main web site is being published in plain text. I like the way you have presented the security budget with some amount going into SETA which in my view a very important component in the security budget. One thing that I see in your implementation plan is that dates was mentioned and some activities that you mentioned can be done parallel in my view which could save a lot of wait time for the output to be seen in the project. Great presentation. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Ian Weir reply to Jia Zhuang 2/17/2015 11:06:44 PM RE: Jack Jia Zhuang Summary Slide Deck Hi Jack, I think that you did a good job with selecting the technologies to implement. Including images to represent the various technologies is a good idea because it makes the slide a little more memorable. My only critique is that you didn't use the PharmaKiln template. Aside from that, well done. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Jia Zhuang 2/18/2015 3:35:30 AM RE: Jack Jia Zhuang Summary Slide Deck Hello Jack, I see that your second slide is a pictorial representation of what 'C' Level executives in companies can expect in terms of what threats exist and how one can defectively resolve them. While it was stated that there was no need for a secure connection, you still felt the need to invest in a 'https' type of connection. I guess that is the kind of decision that security managers will have to make that they feel will keep their network safe. If that was not required, then there could have been some saving, but I feel that sometimes saving a bit is not worth the price you can end up paying for security. I think that this was quite well done, enjoyed reviewing your slide deck and wish you well for the rest of the course. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Ian Weir 2/11/2015 1:16:43 PM Ian Weir - PharmaKiln IT Security Plan Summary Hello all, Please see the attached file for the IT Security Plan Summary. Any comments or suggestions are appreciated. Thanks, - Ian IanWeir-CYBS8395-PharmaKiln-SlideDeck.pptx Reply Recommend Edit DeleteShow Less Bob Chiang reply to Ian Weir 2/13/2015 11:15:46 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Ian, Your budget looks very well detailed. You've either been doing this a while or you've researched a lot. Great work! I've comment on other students as having an aggressive schedule, but maybe I don't understand the IT industry as well. Your project completes in approximately two months. Is that really the standard? I haven't worked on a project with that quick of a turnaround time with this level of complexity. Maybe it's worth having some description of the risks to implementing these changes... Thanks for sharing, Bob Reply Recommend Edit DeleteShow Less Ian Weir reply to Bob Chiang 2/16/2015 9:29:57 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Hi Bob, Thanks very much. I think your observation is correct- my timeline was very aggressive. I think that as I was putting it together, I was estimating time required for installation and configuration for a team that had some experience deploying these tools. Looking back, I really should have allowed more time for the planning phase for each step in the process. I will say this though- in my experience, there is a perfect size for the teams doing this work. Too small, and the team can't get things done in a reasonable time; too big, and the team begins to trip over its feet. Also, good point about the risk description. Do you mean risks for if the deployment fails as well as risks for if the tools are not deployed? - Ian Reply Recommend Edit DeleteShow Less Matthew Price reply to Ian Weir 2/14/2015 1:38:13 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Your slides are very well presented to the type of audience that this requires. I like that the budget had an implementation time so that you could expanded to specifics on the next slide with assignments and dependencies. The technologies used in this scenario created many layers that needed to be defeated in order for a breached to occur. I especially liked the use of DLP for the environment. This insures that if PRAD data does attempt to leave the environment then it will be noticed by the company. Very effective solution. Reply Recommend Edit DeleteShow Less Ruth Olugbodi reply to Ian Weir 2/13/2015 5:57:59 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Thanks for sharing Ian. You did a great job with with the implementation schedule, it's simple, clear cut and easy to understand. The task breakdown and time needed for completion and assigned individuals to complete those tasks is very helpful. The budget is also on point. Overall, you did a fantastic job. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Ian Weir 2/15/2015 12:12:00 AM RE: Ian Weir - PharmaKiln IT Security Plan Summary Hello Ian, Awesome! The slides are so meaningful and speak for themselves everything. Up to the point and nicely described. I liked the Security Implementation Schedule so much. I could not suggest anything more. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Larry Hodge reply to Ian Weir 2/17/2015 9:26:40 AM RE: Ian Weir - PharmaKiln IT Security Plan Summary Ian, Great job, I really like you added that buffer time for any unforeseen issues that may arise during implementation. I really like how your plan fits nicely within the allotted budget quite nicely. My only critique, is that it is a little wordy when it comes to each slide- I know it is difficult to fit everything nicely into a neat little package for the easy consumption. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Ian Weir 2/18/2015 9:57:17 AM RE: Ian Weir - PharmaKiln IT Security Plan Summary Hello Ian, This is very dense, packed with all the appropriate information and very well organized. This is very professional, the way you have devised solutions for the security problem at hand. You have implementation plans, the devises you want, timelines in place and interestingly the people who will be responsible for all this. You end this with a security implementation plan in the form of recommendations which is excellent. One of the best presentations I have seen and one which I would like to emulate in terms of the rigour you have put into it. The way you made selections for your Security Appliances were excellent, plans to make the data center and email sever more secure were excellent, and the steps for monitoring and data and log collections were great. Excellent job. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Royce Humpert reply to Ian Weir 2/17/2015 12:03:52 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Ian, I like the devices that you chose and in your presentation you provided good methodology as to why those choices were made. I did disagree with needing an additional server since PharmaKiln has the capacity to virtualize one if needed. Also staying with the course of adding DLP and new firewall and AV was a wise choice. Adding layers to your “security onion” is not a strange idea, Bravo. I did feel you missed the opportunity on projecting things out for another year or two. This would have maybe helped me understand the need for a separate server a bit better. I like the looks of it and those were my only concerns. Thanks, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Ian Weir 2/17/2015 2:46:43 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Hello Ian, I like the way you have selected the Security Appliances, especially i like your plan to secure the data center and email sever. Your Implementation was also impressive, I very much liked your idea to place steps for monitoring and installing log collections there by making sure the new investment you did is adding value. Few things I felt which would have done differently we have two databases and the budget is showing is that plan to buy only one security suite, so where would you put that on to the Oracle Or MS SQL server. Apart from that it would have been a much better Implementation schedule if you would have added estimated dates and define dependencies between process steps. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Ian Weir 2/17/2015 11:21:14 PM RE: Ian Weir - PharmaKiln IT Security Plan Summary Hello Ian, I can tell you've spent a lot of time of doing research to get such a detailed security plan. I really like your focus on pen-testing and working on SQL DB server. Besides lots of attention to PRAD, you also mentioned the importance of securing the HR data during your presentation online, which is quite new in the class. Generally speaking it's a very good plan, however, I'm wondering probably it will be good to leave some testing time before full-load online. The pen-testing for your modification is also important, in my opinion. Great job! Jack Reply Recommend Edit DeleteShow Less Venkat Sundararaj 2/11/2015 5:08:00 PM Venkat R Sundararaj - Summary slide deck Hello Class, Please find the summary slide deck attached. Best Regards Venkat Summary Slide Deck - Sundararaj.pptx Reply Recommend Edit DeleteShow Less Ian Weir reply to Venkat Sundararaj 2/17/2015 11:23:48 PM RE: Venkat R Sundararaj - Summary slide deck Venkat, I thought that this slide deck was very well put together. The information was presented in a way that was a little different from what I would have expected, but it worked. I would normally recommend using the provided slide template, but you created one that was not distracting. It did not take away from the presentation. Good job. - Ian Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Venkat Sundararaj 2/17/2015 11:31:16 PM RE: Venkat R Sundararaj - Summary slide deck Hi Venkat, I like your beautiful slides and way of organize your ideas. Like other students' comments, I totally agree that your demonstration of High & Low priority is very catchy and definitely will be very helpful as a part of CIO's presentation. You even spent time to make some animations to simulate the real presentation flow. Good job! If I may, I would say you can add some details in the note section, which would help CIO to better understand your ideas and better deliver the message. For the estimated timeline, with more info such as "estimated days" for implementation will be appreciated. Thank you, Jack Reply Recommend Edit DeleteShow Less Royce Humpert reply to Venkat Sundararaj 2/17/2015 12:07:30 PM RE: Venkat R Sundararaj - Summary slide deck Venkat, Where I take a look at the template and see that you did not use it, I feel you made an interesting choice in the assertive evidence structure with the company logo. In looking at your slides I see good information, importantly catching the need to add the database firewall is an excellent use of initial funds. Personally, I was saving this for next year’s budget. Overall I was impressed with the complete end to end nature of your protections and found that your presentation proved to be very sound. Thanks, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Venkat Sundararaj 2/18/2015 10:35:25 AM RE: Venkat R Sundararaj - Summary slide deck Hello Venkat, Very intelligent use of the budget and I am impressed with the choice of the security appliances with a wide range covering most of the Immediate needs of the company. I like your presentation on the Asset classification and the Impact to the profitability. Nice categorization of Priorities into High and recommended, However your choose to invest on Oracle Database Audit Appliance, was there any reason that the Critical data is being stored in Oracle Database or the PRAD application’s DB is Oracle, the reason is that we have another database Sql Server which needs to be protected as well, so was there any communication from Satish on this. I like your idea of having a compliance manager, but in my view with the current line of business that Pharm kiln apart from being compliance to statutory requirements and HIPAA there is not much (SOX may be considered, but not right away the company just started on its own), Just wanted to check if there is any specific reason to hire a compliance manager. One smaller thing I noticed that your implementation is spanning across multiple quarters, but the goal is to mitigate immediate risks. Overall for me that was a good presentation Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Venkat Sundararaj 2/18/2015 11:03:03 AM RE: Venkat R Sundararaj - Summary slide deck Hello Venkat, Very well done with the choice of the security appliances you have chosen, most of which are quite comprehensive in addressing all the threats that you address. The way you have chosen to classify your assets and the possible impacts that they have on profitability is excellent. Coupled with the distinction of what are the priorities and the possible recommendations are excellent. You bring in a compliance manager for good measure which is fine and I would think that this is more of a long term strategy. This would be similar to bringingA in a secure HTTPS type of connection, as in this is not immediately required and as an when they business infrastructure of PharmaKiln expands into these areas. Curious that you would still have $20,000 left over when you have already shown expenses for close to $80,000. That was the total revised budget, but then perhaps you are anticipating the remaining money from the original budget to still be allocated t o your team. Overall that was a good presentation Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Larry Hodge reply to Venkat Sundararaj 2/17/2015 9:39:01 AM RE: Venkat R Sundararaj - Summary slide deck Venkat, very VERY nicely done, excellent presentation and all the information was presented well in graphic form. I really liked how you allocated funds for Satish's projected plansI don't have any major critiques to give you- maybe the budget could have been less wordy? But as is, a fine outstanding presentation. Reply Recommend Edit DeleteShow Less Ruth Olugbodi reply to Venkat Sundararaj 2/13/2015 6:46:36 PM RE: Venkat R Sundararaj - Summary slide deck Hello Venkat, thanks for sharing. Good job on the slide deck with the assets classification and top vulnerabilities Suggestions I would have included some write up in it to explain few things. Implementation plan is running from first to third quarter that's too long to secure the network except for training which should be a continuous process. Budget is good but I would have prefer something simple and easy to understand at first glance Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Venkat Sundararaj 2/13/2015 2:14:45 PM RE: Venkat R Sundararaj - Summary slide deck Hello Venkat, Thanks for sharing the slides..... Positive: Excellent work Venkat with regards to Asset Classification, Top Vulnerabilities, charts are interesting and nice way to demonstrate. Also, great to see that you are utilizing the resources within PharmaKiln for Project Execution and Training. Suggestions: Could have done better with some writeup on your Security Plan summary. Looks to me more like a status report and not sure what is the ask here to Senior Management. Just mitigate risks and not improve the overall Security Posture of the Company? Budget proposal does not provide a clear breakup of Capex versus Opex. I believe this was what the need was by the CIO a split up that can depict for next year and further ongoing Support/Maintenance. Implementation Plan isn't very clear with the priority of tasks and not sure if that covers SAN related risks. Did not see any tasks or identified risks for the same on the Slide one. Thanks... Reply Recommend Edit DeleteShow Less Bob Chiang reply to Venkat Sundararaj 2/13/2015 11:19:29 PM RE: Venkat R Sundararaj - Summary slide deck Venkat, I like how your presentation starts with Risk. Senior managers love that. Tell me where the problems are and then offer the solutions. I also like they way you itemized the non-recurring costs from the recurring costs. Lastly, your schedule appears to be the most executable that I've seen. It appears to span seven or eight months, which is think is executable. Great work! Bob Reply Recommend Edit DeleteShow Less Royce Humpert 2/11/2015 5:52:39 PM Slide Deck Rhumpert Hi Everyone, Here is my slide deck for the module. I hope that it makes sense to you all. Thanks, Royce Initial security presentation Rhumpert.pptx Reply Recommend Edit DeleteShow Less Bob Chiang reply to Royce Humpert 2/13/2015 11:26:16 PM RE: Slide Deck Rhumpert Royce, I like the details and the graphics. The overall look of the presentation flows very well. However, I think you missed the mark on slide count. The CIO requested three slides. That's generally because the BOD and senior managers don't have time for extensive details. I recommend squeezing slides three, four, and five together. I like the fact that you budgeted for a responding to a breach incident. Given the current state of the network, it's quite possible that the breach has already occurred. Good luck on the three week turnaround! :) Bob Reply Recommend Edit DeleteShow Less Royce Humpert reply to Bob Chiang 2/18/2015 4:05:49 PM RE: Slide Deck Rhumpert Bob, I know blowing past the three slide limit was a risk, but one I was ready to take to prove my case. I could have just had three slides, and for that part they would have been: 1. Risk assessment 2. Budget and projections 3. Implementation plan and timeline But you are right in knowing me, three weeks can be a bit of a stretch to turn something like this around. Thanks, Royce Reply Recommend Edit DeleteShow Less Larry Hodge reply to Royce Humpert 2/17/2015 9:51:15 AM RE: Slide Deck Rhumpert Royce, Very niceIt looks as if you went above and beyond. My only critique is that you condense it down to 3 slides and only include the necessities per CIO instructions. Nice selectin of security products since it is a windows shop. Reply Recommend Edit DeleteShow Less Royce Humpert reply to Larry Hodge 2/18/2015 4:15:05 PM RE: Slide Deck Rhumpert Larry, I just tried to setup to comply with the regulations with good choices that made sense for the windows and Mac enterprise solutions. Thanks, Royce Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Royce Humpert 2/15/2015 12:26:12 AM RE: Slide Deck Rhumpert Hello Royce, I liked the idea of using Barracuda F380 to replace PIX firewall and Vipre rollout for endpoint point protection. Also, the mention of Social engineering prevention and getting certifications in line for his and other team members job titles is a great idea. Well put. Only concern i thought was will all this be completed in the limited time as planned. Overall a very good presentation. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Royce Humpert reply to Lankappa Prasanna Kumar 2/18/2015 4:11:54 PM RE: Slide Deck Rhumpert Prasanna, The firewall is one that I have had experience with in a similar situation. The certifications should be a lengthy process. The social part of this is one of the biggest risks in my view and it must be closed, or at the very least educated to the point of minimization. Since I am trying to build things now I would be doing the educational sessions. So meeting the timeline should not be a issue. Thanks, Royce Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Royce Humpert 2/18/2015 9:07:47 AM RE: Slide Deck Rhumpert Hello Royce, This is one of the most information intensive presentations that I am yet to see. While that is a good thing in the sense that the audience get a lot of information, my concern is that how much of that will be retained when you get your 30 minutes with the board to make your point. The fact that you chose Vipre business as your end point protection with monitoring capabilities is a good call. The single server update and patch management model both increases efficiency and helps contain your costs, making it easier to manage. The Barracuda F380 is a popular choice and a good replacement when you think it is fit to change your firewall. As an added security feature, your default encryption standard is good choice to make along with your initiative to harden your database. You are one of the few to take into account social engineering attacks and steps to prevent it, by working towards getting certifications for this. I think this was a great effort. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Royce Humpert 2/17/2015 4:28:25 PM RE: Slide Deck Rhumpert Hello Royce, You have used the budget very intelligently. Your choice of the security appliances were good especially using Vipre business at the end points gives a good value to the budget with it centralized management. I liked you view point that training on security should have place in the budget. Nice thinking on going with default encryption. Good thought given on database hardening but I don’t see anything Specifically for SQL SERVER as ORACLE was considered in the budget. I don’t see your implementation plan, which was one of the requirements. On the whole I got to learn from your presentation. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Royce Humpert reply to Ravi Kumar Pannala 2/18/2015 4:18:25 PM RE: Slide Deck Rhumpert Ravi, The database hardening really belongs to the database team this year, part of my next years budget is to add a firewall just for the database. Overall I just used a lot of products that I have experience with and my understanding of medical issues since I have family in that industry. Thanks, Royce Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Royce Humpert 2/17/2015 11:41:56 PM RE: Slide Deck Rhumpert Hello Royce, Thank you for sharing your well developed slides. It seems like a very mature and workable plan. I like your brief notes section for readers' better digest. However, I would suggest you to update the network diagram in slide-7. I know it's the current one PK has, but it's not a mature diagram for the future. It seems like it got beyond the slides page limit of 3. It maybe a little bit painful for CIO to cut off your detailed plan. Sometimes, do your jobs as required is a simple way to get recognition. All in all, it's a great plan. Jack Reply Recommend Edit DeleteShow Less Royce Humpert reply to Jia Zhuang 2/18/2015 4:23:09 PM RE: Slide Deck Rhumpert Jack, The network team will own updating every thing other than the firewall on the network diagram. They do need to simplify it and bring in L2/L3 to really give real network intelligence to the whole company. there were certain slides that can be scrapped and others minimized. With this being a young company I felt getting the facts out was more important. Thanks, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala 2/11/2015 12:04:30 PM Ravi Pannala Security Summary Slide deck Hello All, Please find my summary Slide deck, You are most welcome for suggestions. Thanks Ravi Pannala RaviPannala_Pharmakiln_Secuity_Plan.pptx Reply Recommend Edit DeleteShow Less Ian Weir reply to Ravi Kumar Pannala 2/17/2015 11:15:13 PM RE: Ravi Pannala Security Summary Slide deck Hi Ravi, I thought that your presentation was very thorough. I think that in general more information is better than not enough information, but I think that in this case, you could have removed the slide with the mission statement. If you're presenting to the CIO, he already knows this info. My only other critique was that the formatting was not consistent between the slides. Because of this, the CIO would have to retype the info, rather than just folding your presentation into the deck he will present. Those things aside, I thought your presentation was solid. Very good work. - Ian Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Ravi Kumar Pannala 2/17/2015 11:04:55 PM RE: Ravi Pannala Security Summary Slide deck Hi Ravi, You did a great job of this security summary slides, which seems like a presentable and workable plan. Would be great to give more buffer time to implement the awesome and comprehensive security plan. Based on my experience, it would take sometime for testing before application of new firewalls and other stuff in the infrastructure. I would give 2 months as a safe timeline. What do you think? Thank you, Jack Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Jia Zhuang 2/18/2015 11:10:47 AM RE: Ravi Pannala Security Summary Slide deck Thanks for the comments jack, to be very honest my timelines with what ever little exposure that i have in network, now that i have seen some other plan in this module i think what you say makes sense. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Royce Humpert reply to Ravi Kumar Pannala 2/17/2015 12:02:37 PM RE: Ravi Pannala Security Summary Slide deck Ravi, I think that your use of the title slide for each of your slides made your deck a bit distracting. The introduction slide is a bit of a reach for me as I would rather have the company mission before defining the mission of the cybersecurity program. The plan summary slide is solid and lays out clear objectives. Your implementation plan lays out good dates and structure but I was again distracted with color bars on the presentation. Your budget was more solid and had a good next year projection. My distraction from the slide design did make it hard to concentrate on the facts of your presentation. You have a solid understanding of the CISO role and what it’s going to take. Slide design aside, I was impressed with your choices. Later, Royce Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Ravi Kumar Pannala 2/18/2015 10:33:29 AM RE: Ravi Pannala Security Summary Slide deck Hello Ravi, This is an excellent presentation and you have gone into great detail and put in a lot of hard work to accomplish this task so well. This is the first time that I encounter a mission and vision statement, and this immediately sets the stage as to what the CEO’s and COO’s can expect. Your immediate priorities of third party security audits, securing the DMZ’s and hardening of the servers is good. You have chosen to add like most a new Firewall, add a Load Balancer, endpoint protection, encryption, scanning, and increasing the strength of the VPN. There was one other colleague who also recommended the use of a secure connection with the use of a HTTPS type of connection. The layout and the presentation style of your PowerPoint are was really good. You do a good job getting your recommendations, timelines and budget in place, and your hardware and software choices are excellent. Again breaking it into operating and capital expense is a great touch. I would however ask you to see if you can improve you Wifi connections as a lot of remote access is performed through this channel. Overall, a really great job. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Matthew Price reply to Ravi Kumar Pannala 2/14/2015 1:57:46 PM RE: Ravi Pannala Security Summary Slide deck Very effective PowerPoint presentation. The load-balancer was an interesting choice. The justification in the presentation on Wednesday was very well thought out on why you implemented this device. I think you could have saved some money if you went with MS BitLocker instead of the Dell solution. This has been available in every MS OS release since at least Windows7. Just a thought. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Ravi Kumar Pannala 2/15/2015 12:03:21 AM RE: Ravi Pannala Security Summary Slide deck Good work Ravi. I liked the way you have presented the list of Security Plan action items in the order of Immediate Priorities. Budget proposal well planned and presented and is easy to understand manner and the implementation timelines look very challenging. I think it is doable. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Bob Chiang reply to Ravi Kumar Pannala 2/13/2015 11:12:41 PM RE: Ravi Pannala Security Summary Slide deck Ravi, I like the clear and concise bullet points that you provided for security plan. You articulated everything very well. Your budget is equally detailed and well organized. If I was an executive reviewing this plan, the only thing that I would worry about is the implementation timeline. I don't know how you could complete the project within a month. Great work! Bob Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Ravi Kumar Pannala 2/11/2015 7:22:01 PM RE: Ravi Pannala Security Summary Slide deck Hello Ravi Thanks for sharing your slides. Positive Points : 1. I really like your implementation plan view for the project. Suggestions : From your security plan summary slide, one of the point that I felt is an incorrect statement. "Strengthening the wireless network to prevent intrusion by VPN" Generally, you will use corporate WiFi network when you are at work. You will use VPN, when you are remote. You would strengthen security on your WiFi network so that any unauthorized access will not be grated to users working with in the radius of your wireless network. You may enable VPN for the users to create a secured tunnel to your corporate network when they are connecting remote. Appropriate point would have been just "Strengthening the wireless network to prevent intrusion". Reply Recommend Edit DeleteShow Less Matthew Price 2/11/2015 7:16:40 PM Matthew Price's Slide Deck Here is my slide presentation. Price_Module_1_Presentation.pptx Reply Recommend Edit DeleteShow Less Bob Chiang reply to Matthew Price 2/13/2015 11:30:03 PM RE: Matthew Price's Slide Deck Matthew, Do you get brownie points for implementing the full Palo Alto solution? :) Great details on the security plan summary and budget. I think a graphic on the implementation slide would make a greater impact. I say this because people can retain a picture longer than they can words. Therefore seeing how these are implemented might mean more to the audience. Thanks for sharing! Bob Reply Recommend Edit DeleteShow Less Matthew Price reply to Bob Chiang 2/14/2015 1:31:45 PM RE: Matthew Price's Slide Deck would need. The option is relatively cheap when compared to how many other appliances are needed in order to accomplish the same task. I have worked with Palo Alto’s at my previous job and this job so I am a little biased when compared to other NGFW technologies. In my opinion any NGFW would be the effective solution for this type of organization I do agree with you on the graphic presentation. My PowerPoint skills are lacking. Seeing the other student’s examples helps with what I could have done on the slides. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Matthew Price 2/15/2015 1:10:24 AM RE: Matthew Price's Slide Deck Hello Matthew, This is one of the best presentation and a matured way of using Technology/Solution to implement security. Hearing from the Professor during the discussion about the way you convinced the CIO to part with that $20k for your budget indicates your great skills as a CISO. All are positive points here starting from your security plan, use of products and technology solutions, architecting for enhanced security and budget distribution. I am sure like me there are many here who appreciate your knowledge and CISO skills. I heard and in process of learning many new things from these. Thanks to Professor Ancelin in designing this Module which gave ample knowledge from role play to discussion. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Larry Hodge reply to Matthew Price 2/17/2015 10:29:47 AM RE: Matthew Price's Slide Deck Matthew, Great job on your detailed security plan. I enjoyed the fact that you can use only 1 vendor for your complete security needs. I'm sure the professor got a kick out of it :) Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Matthew Price 2/17/2015 11:53:08 PM RE: Matthew Price's Slide Deck Hi Matt, I have to say you're a definitely one of the few well qualified CISOs! Many thanks for your fighting for the 20k and Prof. Anceline's comments to inform us to fight for making your plan workable. I appreciate your brave attitude and great strategy to secure your funds. I actually don't have too much suggestion here. I know security is expensive, but the $21,000 per day Palo Alto Networks consulting services stills seems scary to me. If it would be added into operational cost for 2 or 3 times a year, it would be a question mark from the board as well. How it would be sustainable for the coming year? Thank you, Jack Reply Recommend Edit DeleteShow Less Royce Humpert reply to Matthew Price 2/17/2015 12:10:29 PM RE: Matthew Price's Slide Deck Matt, I am really impressed that you fought for your budget. In doing so you got to go with my 1st class choices. BRAVO! You have a solid budget with great choices on the products. I still think that the consulting budget could have been a bit lower given the professor’s relationship with this company. The point is that you took a risk that the rest of us were afraid to do, you did the right thing in making the other team own their overage. Personally I think the PA3020 is the best device on the market for a company this size and think I should have fought with myself before going with my second choice. Point blank, awesome work! Later, Royce Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Matthew Price 2/18/2015 10:46:53 AM RE: Matthew Price's Slide Deck Hello Matthew, You have been a great learning experience to work with in this course. This was an excellent way to deal with a IT security implementation. The Professor did take time out to tell the class about your negotiation prowess and what you did to keep your $20,000. I would think while the rest of use just accepted the situation meekly, you really stood up to the test and by doing so, I learnt something. That you do not just accept situation and have people dictate terms to you, when you are, a). At the level of the CISO and b), Learn not to be so subservient and afraid. While that is just a part of what you did, your actual presentation is very good. You had a great amount of details and a very good security plan summary and a budget to back that with. It is really interesting that you decided to go with just one big vendor - Palo Alto for your Firewalls, Threat Protection, Antivirus, URL Filtering, Wildfire, TRAPS and the DNS Sinkhole. Somehow, I am a bit hesitant to take a step like that, however it is not that the company that you have chosen is any less competent. I would also improve upon the quality of your graphics on the presentation to help get a sense of the Palo Alto products you talk about. It would have also been nice to see an implementation timeline, but then again I can still live with the way you have chosen to approach it. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Ruth Olugbodi 2/11/2015 7:30:57 PM My slide Deck Hi class, here is my summary slide deck Olugbodi_Slide_Deck.ppt Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Ruth Olugbodi 2/18/2015 10:15:47 AM RE: My slide Deck Hello Ruth, The layout and the presentation style of your PowerPoint are really good. You do a good job trying to get the objectives and summaries in place, and your hardware and software choices are out to solve this. All your security choices were slightly expensive, and I will go with this as you cannot buy good quality at lower prices all the time. Your Application firewall is very good and brands like CISCO, Citrix, Juniper and Symantec can be fully trusted. While it would have helped if you could have shown us an implementation schedule, if we are to go by the class average, then most implementations are done in a month and I would think that your security solutions will take as long. The way you break down information in the security implementation plan is quite lucid and I would assume high-level executives would greatly appreciate the fact that things have been explained to them clearly to help make decisions quickly. Great job. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Royce Humpert reply to Ruth Olugbodi 2/17/2015 12:25:11 PM RE: My slide Deck Ruth, Your layers and multiple vendors prove to be wise selections in building a strong defense. Often times in building a good defense alternating security vendors makes for excellent protection. I admit that not using the included template was unexpected, however with strong results. You also defended your choices well during the call. Thanks, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Ruth Olugbodi 2/17/2015 5:34:06 PM RE: My slide Deck Hello Ruth, Your presentation was bang on target for the immediate needs for the securing phramakiln. I very much liked your choice of the appliances as they all seem to be at the high end of technology. The best parts of your budget items were the Application firewall and the budget amount for the training. As we discussed in our discussion we can allocate any amount from our budget, I feel using 20k out of 80K seems to be on the higher side. Yet you covered pretty impressively the immediate concerns that need to be done. I wish you have covered the Database as well as the critical data will be present in that. Talking about the presentation layout, the format on the budget page seems to be a bit off and the timelines were also missing. Overall I liked your work. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Ruth Olugbodi 2/17/2015 11:57:48 PM RE: My slide Deck Hi Ruth, I like your way of presenting your plan. However, as Bob mentioned, you and I both missed the template that Prof. provided in the doc sharing folder... My only suggestion would be saving some text and details in the note section, and add some graphics for better understanding of the audiences--the board. Nice work. Jack Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo reply to Ruth Olugbodi 2/14/2015 10:51:48 PM RE: My slide Deck Good job Ruth. I like the fact that you included the goals and objectives. I also like your budget proposals which included the awareness and training. This I did not include in mine. It is a learning process for all. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Ruth Olugbodi 2/15/2015 12:41:02 AM RE: My slide Deck Hello Ruth, Nice presentation. Very detailed and covers most of the Security Objectives. Budget is well distributed. Idea of using Juniper Security Detector Application. Not sure about your idea, but only thing I saw missing was just the timelines for implementation. May be you had different idea. This is great presentation. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Bob Chiang reply to Ruth Olugbodi 2/13/2015 11:35:56 PM RE: My slide Deck Ruth, I really like the format of your presentation. One thing to remember, the CIO gave you a template. As a person that has presented a 200 page slide to customers, I must say that if each contributor changes the template, even slightly, it means hours of work on the person that is combining the slides into a single package. For this exercise, I don't think it matters and the template that you used is very clean and elegant. I like it. The details on the budget are good too. I recommend fixing the formatting so that the amounts are on the same line as the dollar symbol. My OCD wouldn't allow me to see past that if I was in a board meeting. Lastly, I like all of the content on the implementation slide. I recommend adding a timeline so that the audience knows when you plan to implement these great ideas. Fantastic work! Bob Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo reply to Bob Chiang 2/14/2015 10:47:49 PM RE: My slide Deck Hello Bob. I was reading through your comment and I saw where you said the CIO provided the template. I must have missed it because I did not see one. If he did, then I too did not use the template. I agree with you though that all should have used the same template because it will make it a lot easier for the person collating and merging. Reply Recommend Edit DeleteShow Less Bob Chiang 2/12/2015 7:45:35 PM IT Security Slides Attached is my CISO three slide presentation. CISO Presentation.pptx Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Bob Chiang 2/13/2015 2:46:31 PM RE: IT Security Slides Hello Bob, Thanks for sharing the slides. Positive Point: Your Security Plan summary is cut and clear. Focused on high level summary and approach. Suggestions: I would have refined the budget to a bit more detailed, included the Operating Cost and also the focus of budget on next year. I also felt that implementation plan timeline is a bit too long. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Bob Chiang reply to Lankappa Prasanna Kumar 2/13/2015 11:38:25 PM RE: IT Security Slides Prasanna, I agree with you about the budget. To be honest, this is outside of my field of expertise and I would have liked to dedicate more time into the research. I find the area fascinating and the technology that is available is growing at a lightening pace. I'm beginning to think that the IT industry is moving at a faster pace than I am accustomed. Thanks for you comments, Bob Reply Recommend Edit DeleteShow Less Ruth Olugbodi reply to Bob Chiang 2/13/2015 6:55:34 PM RE: IT Security Slides Hello Bob, thanks for sharing. Budget is clear and easy to understand Sugestions Implementation shouldn't take that long in my opinion but I understand we all learning. Going through all the slides, I picked couple things that I need to improve myself on too. Good job Bob. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Bob Chiang 2/13/2015 3:23:27 PM RE: IT Security Slides Bob, speaking of timeline, have you been involved in security deployments that took multiple quarters to complete? If so, care to share that experience here? Reply Recommend Edit DeleteShow Less Bob Chiang reply to Instructor Ancelin 2/13/2015 11:47:13 PM RE: IT Security Slides Professor, I work in the defense industry on designing hardware for missile defense applications. The projects that I've worked on where measured in years, but the end result was something that can be deployed into any battlefield for decades. Thus the architecture, development, and test phases took multiple quarters each. So when I see these drastic implementations completed within a month, I'm shocked. I question the level of rigor that goes into the testing and ensuring that the data and network integrity is sound before going live on a production system. Having said that, I've also design and demonstrated projects within a nine months on rapid research project. The hardware used in the information security arena appears to be more mature and provided as turn key solutions. If that's the case, it's possible that my conservatism is misplaced and that these solutions could be online in a much shorter time frame. Thanks for asking, Bob Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Bob Chiang 2/14/2015 11:52:01 AM RE: IT Security Slides Interesting work Bob. True enough, security vendors like to sell their products as easy-to-deploy, but certainly some of the more advanced gear takes not only installation (the easy part) but tuning (the hard part) to minimize false positives or false negatives. Because of this, many systems are purchased, even installed, but never tuned, integrated, or used to its maximum capabilities. This missing step can be blamed for many of our recent newsworthy breach events...where logs were ignored (too much log noise?) or functionality was not turned on. Thanks for sharing your industry's perspective on 'rapid' vs slow deployments. Reply Recommend Edit DeleteShow Less Matthew Price reply to Bob Chiang 2/14/2015 2:08:47 PM RE: IT Security Slides The slides are effective and are able to present a clear picture to anyone in the presentation. When I first read ISP I thought Internet Service Provider instead of Information Security Plan. I do not think that it is needed as it is repetitive. I think that you left 50k on the table by helping other departments with there refreshes. This money could have been used to further protect PharmaKiln. Good job. Reply Recommend Edit DeleteShow Less Bob Chiang reply to Matthew Price 2/15/2015 8:40:08 PM RE: IT Security Slides I realized that I was underspent. I think the opportunity to review everyone's budget gave me a better idea of how to spend the money. Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Bob Chiang 2/18/2015 12:02:10 AM RE: IT Security Slides Hi Bob, I like your clear developed slides, which would easier to fit the need of the CIO. However, it seems not quite realistic to upgrade security in such a long span. Might be OK for government? or it would be a good strategy to keep CISO job? Thank you, Jack Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Bob Chiang 2/17/2015 4:56:54 PM RE: IT Security Slides Hello Bob, I liked your idea of making provision to use some of your budget your hardware upgrade and attack the immediate concerns now. One of the good things in your shopping was buying the similar appliances from the same vendor which does come with a lot of flexibility in implementing and managing them. This way we will have the edge and upgrades or add plugin’s which we might buy in future as more or less they all sit on the same underlying architecture. One this that I dint understands in your presentation was the timelines that were mentioned for the implementation plan as they were spanning across multiple quarters for the immediate concerns. For Some reason I think they all can get completed in the same quarter. Correct me if my interpretation is wrong. Another small thing I noticed Training employees was part of plan but no budget allocation is done, I assume training will be imparted by your team. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Royce Humpert reply to Bob Chiang 2/17/2015 12:28:28 PM RE: IT Security Slides Bob, When I reviewed your presentation I felt your security choices were solid. In looking over the sharing of your budget with the desktop and network teams, this is not something I would have done without the “Gotcha” we were hit with from the database team. It almost seems like you are ready to lay out your funds with a share and share alike strategy. The way it looks to me is that you gave away 70K of the original 100K budget. I understand sharing costs, but this is a bit much. I would have focused developing a few layers of defense i.e. Strong AV, Encryption, and hardware based firewalls. There are more things that we can always do to build on what we already have but we need to make sure we aren’t duplicating effort and just spending money that we cannot afford to share. Secondly your time line was a little hard to read. I feel you could have made it a bit clearer by using more contrasting colors. The text above the time line was clear and made good points about where PharmaKiln is in the security space and expectations. Last is your “ISP,” the first thing I think of is more of the kinds of ways we can add depth to the security layers. I also looked at your activities, those could be changed dependent upon the time line. Overall your slides read well and have good spacing. Overall, it was well presented. Thanks, Royce Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Bob Chiang 2/18/2015 8:47:28 AM RE: IT Security Slides Hello Bob, Your PowerPoint is quite neat in the way it presents its hardware recommendations. I notice that you are shopping for similar products with the Barracuda Next Generation control and the Barracuda Firewalls. This way, you pick you vendor and decide to go with the best features and service support that they have to offer. Your idea of provisioning some of the budget for the future upgrades is quite thoughtful. Buying equipment from the same vendor gives you the flexibility to of possibly reducing your maintenance cost by seeing if they have a service bundle option. Your time line of the project implementation is also quite nice. However, do you not think that it would be easier to complete it in a shorter time frame than spreading it over a few quarters like you do? If there is a business justification to that, perhaps you might want to add that in your notes on the slide. I think this was a great effort. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Larry Hodge 2/15/2015 2:15:01 PM Pharmakiln Summary Slide I came a little late to the game and had to catch up - I came at it with a literary angle Summary slide.pptx Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Larry Hodge 2/18/2015 9:20:06 AM RE: Pharmakiln Summary Slide Hello Larry, The thing about your presentation is that you have the most important part nailed down and that is understanding the concept and the requirement of the exercise. Your slides show that, and now it is just moving to the next step of implementation. One step at a time and you are already at your goal with the desired results. You do bring in a great perspective with the criticality and confidentiality ranking, something which most of us did not consider. I sure will now look at this angle in my own security response. Good start and a great job Larry. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Larry Hodge 2/18/2015 12:06:15 AM RE: Pharmakiln Summary Slide Hi Larry, Oops... It seems like a incomplete slides. However, I can grasp your ideas based on your risk assessment. It looks quite promising when you starting working from a good baseline assessment. Good luck! Jack Reply Recommend Edit DeleteShow Less Royce Humpert reply to Larry Hodge 2/17/2015 12:30:08 PM RE: Pharmakiln Summary Slide Larry, I liked your risk assessment, including breaking down of the rankings. I also like the way you laid out your timeline, however I think that maybe you might need work with the network team to implement the Fire Eye devices. Cutting out Bruce’s team may have some rather severe consequences. Your budget did include a solid endpoint security product, yet it lacked the pricing needed to evaluate the Fire Eye solutions. Personally I wish you had been able to present on the call to help build your case. Later, Royce Reply Recommend Edit DeleteShow Less Bob Chiang reply to Larry Hodge 2/15/2015 8:36:55 PM RE: Pharmakiln Summary Slide Larry, You're risk assessment is a great start! I think the next step is describing what you're going to do with the assessment. Thanks for sharing, Bob Reply Recommend Edit DeleteShow Less Larry Hodge reply to Bob Chiang 2/16/2015 7:38:47 AM RE: Pharmakiln Summary Slide Oh no - wrong slides- !! oops- i thought it was the complete deck- can this course go MORE wrong?!?! Reply Recommend Edit DeleteShow Less Larry Hodge reply to Larry Hodge 2/16/2015 8:06:36 AM RE: Pharmakiln Summary Slide I will be uploading my deck when I get off work todayReply Recommend Edit DeleteShow Less Joshua Olorunnisomo reply to Larry Hodge 2/15/2015 7:34:13 PM RE: Pharmakiln Summary Slide Hello Larry. I came in practically in the 3rd week. My work demands kept me out the first 2 weeks. So I can understand. However considering the circumstances, you have done well. We just need to keep up until the end. Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo 2/15/2015 7:26:45 PM Pharmakiln Security Summary deck I came late to work on this module and practically rushed through and did not have time to think through all that is needed. I did not even know that we had a template to use for the slides. However by looking through everyone's slides, I have been able to now clearly understand what we needed to do. Olorunnisomo_Module 1_Deck.pptxOlorunnisomo_Module 1_Budget Proposal.xlsx Reply Recommend Edit DeleteShow Less Bob Chiang reply to Joshua Olorunnisomo 2/15/2015 8:35:42 PM RE: Pharmakiln Security Summary deck Hi Joshua, I think your slide presentation was very thorough. I recommend that you condense the slides to a single high level overview that is suitable for the board of directors. I believe that's what the CIO requested. However, I would keep the slides that you've generated as backup. The details will be at the ready when questions are raised. Thanks for sharing, Bob Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Bob Chiang 2/18/2015 12:14:24 AM RE: Pharmakiln Security Summary deck Hi Joshua, Your plan looks very informative. I would suggest your to shrink 9 slides into 3 as the CIO required. The detailed explanation can be moved to a note sections or be integrated into your 1 page implementation plan. Thank you for your hard working. Jack Reply Recommend Edit DeleteShow Less Larry Hodge reply to Joshua Olorunnisomo 2/17/2015 10:49:23 AM RE: Pharmakiln Security Summary deck Hi Josh, Your slides are exactly how I was going to approach the assignment before the professors 'heads up' email alerting me to what is exactly going onI do have to say that you could have condensed it down to 3 slides, but I totally understand your confusion and stress and the fact you had to rush through the first moduleReply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Joshua Olorunnisomo 2/17/2015 2:05:38 AM RE: Pharmakiln Security Summary deck Hello Joshua, Thanks for sharing the deck. With the available time frame, I believe you have done a good job. Plan and the budget looks great. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Royce Humpert reply to Joshua Olorunnisomo 2/17/2015 12:32:36 PM RE: Pharmakiln Security Summary deck Joshua, I see that I am not alone on going over the three slide limit. I looked thru your presentation multiple times and found justification for items in your budget. However, I felt it was lacking and still showed a lot of duplicate items that should be in other work groups domain. Office should be part of a Microsoft enterprise alliance, as would the OS and other software the desktop/server support teams need. The network team needs to own the idea of upgrading the cable. As CISO you can bring those ideas to the CIO however, you need to let them own the cost and implementation. If they won’t own the cost then expand your budget and ask them to take the hit. The CISO is both the watchdog and the SGT. At arms – meaning our office controls the firewalls, Antivirus, and intrusion detection/prevention. I also look at the duty to educate and evaluate physical security. These are things that I look at the additional text books that Professor Ancelin for guidance and what we have to own as we work this class to completion. Sincerely, Royce Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala reply to Joshua Olorunnisomo 2/17/2015 5:21:22 PM RE: Pharmakiln Security Summary deck Hello Joshua, I would say you did a good job with the time limitations that you have. I liked your idea to go with the current MS security essentials so that you can use that money on other things, the best part was to make it a point to make sure the patches are up-to-date. The good part of your budget was that you went in detail to allocate money, for ex, pointing that we need money for the network cabling was a good thing, in fact the budget was decent amount. I dint understand though as why did you choose MS Office 2010 for, am I missing something here, and also Implementation plan was also not mentioned. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Joshua Olorunnisomo 2/18/2015 9:39:54 AM RE: Pharmakiln Security Summary deck Hello Joshua, While you may not see this as yet given the anxiety all of us have been experiencing regarding the exercise and the direction that we were to follow, you still did a good job with the time allocated and resources presented. Firstly, breaking the whole presentation into two parts one with the strategic implementation plan and the second part being the budget, that makes the approach more organized. Then you talk about your assessment goals and the summary. This makes your approach so much more focused and I can see that you are employing critical thinking here. Once you had that, then you went out and started to make recommendations keeping in mind your security goals. It is a good call, to go with a big name like CISCO to source your firewall when it comes up for replacement. The current model, the CISCO PIX 500 series is being replaced with the ASA 5500, and I would think that is a great move to go with the same vendor as by now you have built a relationship with that company and the people and will make it easier for you to work with them, negotiate maintenance terms and conditions with them. You also had the foresight to allocate money for other things, including cabling and installation. Great job Josh. Many thanks and kindest regards, Shree. Reply Recommend Edit DeleteShow Less Larry Hodge 2/16/2015 4:41:06 PM Larry Hodge- Pharmakiln Summary Slide Deck- complete Here is my complete slide deck Pharmakiln.pptx Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Larry Hodge 2/16/2015 7:05:15 PM RE: Larry Hodge- Pharmakiln Summary Slide Deck- complete Did anyone price out FireEye during this excercise? Wondering what those cost these days- I think around $60K for a one-vector solution (there's an email appliance, web appliance, and files appliance). Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Instructor Ancelin 2/17/2015 1:35:13 AM RE: Larry Hodge- Pharmakiln Summary Slide Deck- complete I haven't used this product during the exercise. But, was trying to find the price and found this information wrt email appliance: Pricing and Availability The FireEye Email Malware Protection System will be available in the second quarter of 2011. Pricing begins at $54,950 for the appliance, with per seat licenses starting at $11.68 (for a 5,000 seat organization) https://www.fireeye.com/products.html http://investors.fireeye.com/releasedetail.cfm?ReleaseID=790329 Reply Recommend Edit DeleteShow Less Larry Hodge reply to Instructor Ancelin 2/17/2015 8:24:42 AM RE: Larry Hodge- Pharmakiln Summary Slide Deck- complete I was awaiting an email back from White Rock distributors for a quote on the Kaspersky with the Fire Eye- I think he figured out I was B.S.'ng him and he's not going to get the commision that he'd been planning his Summer Vacation around (haven't heard anything back as of yet). It was quite amusing to get ignored when asking as a student and having vendors fall over themselfs when you act like a potential client. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Larry Hodge 2/17/2015 1:54:31 AM RE: Larry Hodge- Pharmakiln Summary Slide Deck- complete Hello Larry, Your presentation deck looks good. Though you were late in the activity, you have done so nice. Summary Plan looks good. Implementation timelines also looks fine and achievable. Budget planning should be fine as long as we can get this done within the allocated budget. Good work Larry. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Larry Hodge 2/18/2015 12:11:49 AM RE: Larry Hodge- Pharmakiln Summary Slide Deck- complete Hi Larry, I like your updated slides and your way of working to get the actual quotes from various sources of solution providers. Quite curious the price of Fireeye as well. Jack Reply Recommend Edit DeleteShow Less Shree Venugopalan 2/17/2015 11:12:58 PM Slide deck from Module 1 Hello Team, Please find attached my slide deck from the first module for your critical response. Many thanks and kindest regards, Shree. svenugopalan_Practicum Module 1 - 02-10-2015.pptx Reply Recommend Edit DeleteShow Less Royce Humpert reply to Shree Venugopalan 2/18/2015 4:41:46 PM RE: Slide deck from Module 1 Shree, I felt your presentation was strong, your choices are solid. I think your best part was your SWOT. That was a good grab! Great work, and I think you could have minimized the slides. Things will be very improved in your scenario with this kind of focus. Thanks, Royce Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Shree Venugopalan 2/18/2015 12:39:34 AM RE: Slide deck from Module 1 Hello Shree, Good options to present the summary plan. I liked your idea. Just one thing that can be highlighted is the implementation timelines. Everything looks good. Great work. Rgds, Prasanna Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Shree Venugopalan 2/18/2015 12:23:13 AM RE: Slide deck from Module 1 Hi Shree, It's good to see your slide deck here :-) I like your well organized slides and looks quite thorough. The SWOT analysis looks quite catchy, but a little off as CIO requested. You'd better save this slide and replaced with a comprehensive timeline of implementation. I believe the board will appreciate to see the feasibility of a plan. Right? Good job! Jack Reply Recommend Edit DeleteShow Less Venkat Sundararaj reply to Shree Venugopalan 2/17/2015 11:52:59 PM RE: Slide deck from Module 1 Hello Shree A risk assessment may be more idle for a security evaluation than a SWOT in my opinion. A risk assessment provide the true assets that needed to secure in the organization based on its risk level. Timeline doesn't reflect who and when they will be implemented. thanks Venkat Reply Recommend Edit DeleteShow Less MODULE 2 HOME GROUP DISCUSSION: the votes are in, and the winner is Monday March 16 at 8pm CST for the live group discussion meeting. https://global.gotomeeting.com/join/697758365 You can also dial in using your phone. United States (Long distance): +1 (872) 240-3212 Access Code: 697-758-365 More phone numbers: https://global.gotomeeting.com/697758365/number sdisplay.html ***Lab Update March 8: the commit errors are not fixed- continue to use the Save function to keep your config intact. The inability to commit your configuration will not affect your grade. TO: CISO (student) FROM: Matthew Ancelin, CIO Feb 18, 2015 RE: approval of security plan After reviewing your security plan and budget proposal, the executive board has agreed to fund you to implement your security plan. I need your plan implemented quickly because we have auditors coming to visit. One of our investors is requiring this early audit, to ensure that we are managing risk to their expectation. They will be looking at our financials as well as IT. If we were to fail their audit, they might pull funding, so I can't stress enough how important the next few weeks will be. With respect to your vendor selections, it looks like I will need to veto you on part of them. Since we have the opportunity to build our security from the ground up, it is my desire to make use of the most cutting-edge security products available. Regardless of your choice of firewall, IPS, or web gateway, the vendor we will be implementing will be Palo Alto Networks and their next-generation security platform. It will handle all three of those major network security functions, as well as QoS (traffic prioritization) and VPN (both SSL VPN for our users, and IPsec tunneling for our partners). I have made arrangements to get you a boot-strap orientation to the Palo Alto Networks next-generation firewall (NGFW) and its capabilities. The NGFW will be yours to manage directly. Outside of your network security, I see that we have other security elements that you have included in your proposal. We will need to assign the deployment of these products to the appropriate people, and they will manage these products after implementation. If you are in need of logs or reports from these other products, simply contact the product's manager by email for that information. As for your specific duties, I need you to work with the network team to come up with some good network zoning, access controls and security policy. There are two approaches we can look at to come at this: positive enforcement or negative. If we are to block everything, allowing only known good/desirable things, that would be the positive enforcement model. If we are to start with a wide-open, any-any rule, then attempt to block the things we don't want, that's a negative enforcement approach. While the negative enforcement model is easy and quick- it is far less secure than the positive enforcement model. I ran into some guys from Forrester Research at a conference last year, and they shared their 'zero-trust network architecture' with me. I want your implementation to include zerotrust network elements. I'll also want a documented acceptable use policy for our employees. I will want to see it first, but then take that through legal and HR to get their blessings on it before we mandate everyone to sign it. Finally, we need some strong policies in place on the NGFW to support our segmentation and usage standards. Ill need those implemented in the next couple weeks. Of course, you will need to coordinate your policy ideas with the rest of the leadership at PharmaKiln, to ensure that we provide security- but NOT at the cost of productivity. Palo Alto Networks has a next-generation firewall demonstration that I'd like you to watch to get started. You should review the documents found in the X: Drive (Doc Sharing) as well as research online for any additional information on configuration of the Palo Alto Networks nextgeneration firewall. Inside of the firewalls console, you can click the ? icon anywhere to get context-aware help...this is basically the firewall's admin guide. Google is also a great resource to quickly find technical how-to's, videos, and guides. I pulled a favor from a friend that works at Palo Alto, and he will be sharing their Ultimate Test Drive lab environment with you. This is a great hands-on opportunity to learn the basics of how to configure and write policy in the NGFW. Once you have watched the demo video, email me to request lab access instructions. DO NOT START the lab until you are prepared to FINISH the lab. Once the lab is started, a 6-hour timer begins. The lab will no longer be accessible after those 6 hours. The lab should not require the full 6 hours to complete, maybe a couple hours at most. I'll need all of this done by March 10th at Midnight, because the auditors will be onsite March 11th. [ Proceed to Deliverable section ] Module 2 Home HTML <div style="text-align: center;"> <div style="text-align: left;"><span style="text-align: left;"><font size="4"><font face="Verdana">GROUP DISCUSSION: the votes are in, and the winner is Monday March 16 at 8pm CST for the live group discussion meeting. <br /> <div id="clipboard-text" class="clipboard-text"> <ul class="list-unstyled"> <li><a id="meeting-join-url" data-bind="attr.href:joinUrl" href="https://global.gotomeeting.com/join/697758365">https://global.gotomeeting.com/join/6977583 65</a> </li> <br /> <li> <span id="text-dial-in">You can also dial in using your phone.</span> <div id="pstn-numbers-list" data-bind="foreach: primarynumber"> <div> <span id="country-name" data-bind="attr: {country:$data.country, country-name: $data.countryName}" country="US" country-name="United States"> United States (Long distance): <span id="toll-number" data-bind="html: $data.displayNumber">+1 (872) 240-3212</span> </span> </div> </div> <strong class="gray-text" data-bind="attr: { 'access-code' : formattedMeetingId() }" access-code="697758-365">Access Code:</strong> <span data-bind="html: formattedMeetingId()">697-758-365</span> <br /> More phone numbers: <a id="number-display-url" target="_blank" data-bind="html: meetingFrontEndSvcUrl() + '/' + meetingSettings().meetingId + '/numbersdisplay.html',attr.href:''+ko.unwrap(meetingFrontEndSvcUrl())+'/'+ko.unwrap(meetingSetting s().meetingId)+'/numbersdisplay.html'" href="https://global.gotomeeting.com/697758365/numbersdisplay.html">https://global.gotomeeting.c om/697758365/numbersdisplay.html</a> </li> </ul> </div> <br /> ***Lab Update March 8: the commit errors are not fixed- continue to use the Save function to keep your config intact. The inability to commit your configuration will not affect your grade.</font></font></span></div> <font face="Verdana" size="2"><br /> <br /> <br /> <img src="/CurrentCourse/pharmakiln_logo.jpg" alt="PharmaKiln logo" title="PharmaKiln logo" /> <br /> <br /> </font></div> <font face="Verdana" size="2"><strong>TO: CISO (student)<br /> FROM: Matthew Ancelin, CIO<br /> Feb 18, 2015<br /> RE: approval of security plan</strong><br /> <br /> After reviewing your security plan and budget proposal, the executive board has agreed to fund you to implement your security plan. I need your plan implemented quickly because we have auditors coming to visit. One of our investors is requiring this early audit, to ensure that we are managing risk to their expectation. They will be looking at our financials as well as IT. If we were to fail their audit, they might pull funding, so I can't stress enough how important the next few weeks will be.<br /> <br /> With respect to your vendor selections, it looks like I will need to veto you on part of them. Since we have the opportunity to build our security from the ground up, it is my desire to make use of the most cutting-edge security products available. Regardless of your choice of firewall, IPS, or web gateway, the vendor we will be implementing will be Palo Alto Networks and their next-generation security platform. It will handle all three of those major network security functions, as well as QoS (traffic prioritization) and VPN (both SSL VPN for our users, and IPsec tunneling for our partners). I have made arrangements to get you a boot-strap orientation to the Palo Alto Networks next-generation firewall (NGFW) and its capabilities. The NGFW will be yours to manage directly. <br /> <br /> Outside of your network security, I see that we have other security elements that you have included in your proposal. We will need to assign the deployment of these products to the appropriate people, and they will manage these products after implementation. If you are in need of logs or reports from these other products, simply contact the product's manager by email for that information.<br /> <br /> As for your specific duties, I need you to work with the network team to come up with some good network zoning, access controls and security policy. <br /> <br /> There are two approaches we can look at to come at this: positive enforcement or negative. If we are to block everything, allowing only known good/desirable things, that would be the positive enforcement model. If we are to start with a wide-open, any-any rule, then attempt to block the things we don't want, that's a negative enforcement approach. While the negative enforcement model is easy and quick- it is far less secure than the positive enforcement model.<br /> <br /> I ran into some guys from Forrester Research at a conference last year, and they shared their 'zero-trust network architecture' with me. I want your implementation to include zero-trust network elements. <br /> <br /> I'll also want a documented acceptable use policy for our employees. I will want to see it first, but then take that through legal and HR to get their blessings on it before we mandate everyone to sign it. <br /> <br /> Finally, we need some strong policies in place on the NGFW to support our segmentation and usage standards. Ill need those implemented in the next couple weeks. Of course, you will need to coordinate your policy ideas with the rest of the leadership at PharmaKiln, to ensure that we provide security- but NOT at the cost of productivity. <br /> <br /> <br /> Palo Alto Networks has a next-generation firewall demonstration that I'd like you to watch to get started.<br /> <br /> <iframe width="560" height="315" src="//www.youtube.com/embed/3LLGdw7Fvmk" frameborder="0"></iframe><br /> <br /> You should review the documents found in the X: Drive (Doc Sharing) as well as research online for any additional information on configuration of the Palo Alto Networks next-generation firewall. Inside of the firewalls console, you can click the ? icon anywhere to get context-aware help...this is basically the firewall's admin guide. Google is also a great resource to quickly find technical how-to's, videos, and guides. <br /> <br /> I pulled a favor from a friend that works at Palo Alto, and he will be sharing their Ultimate Test Drive lab environment with you. This is a great hands-on opportunity to learn the basics of how to configure and write policy in the NGFW. <strong>Once you have watched the demo video, email me to request lab access instructions. </strong><br /> <br /> <strong>DO NOT START the lab until you are prepared to FINISH the lab.</strong> Once the lab is started, a 6-hour timer begins. The lab will no longer be accessible after those 6 hours. The lab should not require the full 6 hours to complete, maybe a couple hours at most. <br /> <br /> I'll need all of this done by March 10th at Midnight, because the auditors will be onsite March 11th.<br /> <br /> [ <a href="/ec/crs/default.learn?CourseID=10750058&47=30362447&dt=1%2f6%2f2015 2%3a44%3a29 PM&UnitNumber=2&COID=10&UDPK=612082305&UPK=66817094" target="_top">Proceed to Deliverable section </a>]<br /> </font> Module 2 Deliverables Module 2: Deliverables Auditors are coming to inspect your security implementation among other things. Complete the following before they arrive. 1. Ultimate Test Drive Lab - Next-Generation Firewall: o This lab is to familiarize you with the configuration of a Palo Alto Networks next-generation firewall. It is not permanent, and it is not where you provide the configurations required in the Initial Configuration deliverable below...it is for training purposes only. o You must request access the lab and the lab exercise workbook from the CIO/Instructor through a role-play email. Do so after reading the Module 2 introduction, and watching the NGFW demonstration video. Your role-play email request constitutes acknowledgement of the following: Do not log in until you are prepared to complete the entire lab exercise. If the lab expires and you are not able to complete it, no make-up will be offered, and your grade will be negatively affected. This lab will expire 5 or 6 hours after initial log-in. The lab should only require approximately 2-3 hours to complete. The workbook is a PDF document. You will get this PDF by email when you request your login. I suggest you PRINT the lab excercise workbook such that you can view the lab screen independently of the workbook, without having to switch back and forth. If you have dualmonitors this would work as well- where one monitor would display the lab and the other the PDF workbook. Although this is a required assignment, there is nothing to turn in. Your instructor can extract your activity in the lab from the reporting provided by the lab hosting platform Cloudshare. 2. Acceptable Use Policy: MS Word format. Written document describing the acceptable and non-acceptable uses of PharmaKiln network and computing resources. Document may cover entire company, or maintain separate policies per groups of employees. Document should include consequences for non-compliance. Document should be specific to which network applications are to be allowed or disallowed, or controlled in some way. This document will drive your student workshop NGFW configuration- so make it as comprehensive as you feel would be necessary for PharmaKiln's environment and its employees. Examples: 3. o social networking like facebook or linkedin, can every access it? only certain groups? which functions within social networking platforms will be allowed to operate, chat? email? use imbedded apps? o What about web-based email, like gmail or yahoo mail? o Is point-to-point filesharing (P2P) to be permitted? o Remote Desktop Protocol (RDP) should it be allowed between zones, or from internet to internal? o Do not limit your choices to only these examples- think about not only user behaviors on the network, but also system needs, and make this an outline or guide to how you will configure your firewall. Implementation plan: for all security elements selected outside of the NGFW, provide either a project time line, and/or written plan that estimates time required, personnel required, systems requirements, and description of deployment methods. o You may build upon your previous 'high-level implementation plan' or create a new one. o You should add one more layer of detail to the plan that was created in Module 1, for instance, if you have a project for deploying anti-virus, and it first requires a MS Server and SQL database to be established to manage the AV, how long does that take? Who will do those steps of the project? o For all security elements outside of the NGFW, no actual configuration will occur, no other technical hands-on lab work will be provided or required either. You will however need to communicate (through role-play) with the people involved in the implementation and gain their agreement and acceptance of the job(s) they must do. 4. o I want to see that you have researched what steps would actually be required from a systems and personnel standpoint, to deploy the countermeasures that you chose in your budget from Module 1- all, except for the NGFW, since you are ‘deploying’ that yourself during this module. o The deliverable for this will be the MS PowerPoint slide, the same one you will include in your summary slide deck. Initial NGFW configuration: Actual configuration in the student workshop, and summary in MS PowerPoint format. o The Student Workshop is a SEPARATE lab environment from the Ultimate Test Drive. The student workshop is a blank slate, a factory default config NGFW similar to what you would have if you first installed a real one. o After you have completed your Ultimate Test Drive lab above, request your login for the student workshop through a role-play email to the CIO. o Once logged in, you will have your own sandboxed NGFW lab environment which will persist between log-ins, meaning changes you make and save will still be there the next time to log in. You are in fact logging in to an actual Palo Alto Networks next-generation firewall, however this firewall is not connected to any form of real production network. o There is no timer in the student workshop lab...stay logged in as long as you like, and log in and out as you please. This will be your personal firewall lab space throughout the rest of this course. o Module 2 required configuration: (Refer PAN-OS-6.1-Admin-Guide.pdf to complete this task) o Zones (Network tab>Zones): create zones by name for the zones you wish to establish. Due to limitations with this brand new lab environment, no IP addresses or interfaces will need to be included. o Security Policies (Policies tab>Security): According to the acceptable use policy you create, create security policies to control access and data flow. These policies will need to allow or block traffic from zone to zone, zone to internet, and/or internet to zone. Each policy will need to have source and destination zones, users (if applicable), applications, services, action, and for profiles, a WildFire file blocking policy, and URL policy. Disregard HIP Profiles (on security policy rule User tab), URL Category (on Service/URL Category tab), and Log Settings/Other Settings (on Action tab). o Decryption: Create a self-signed digital certificate (Device tab>Certificate Management>Certificates). Create selective decryption policies (Policies tab>Decryption) Important Notes for Completing Module 2 required configuration: o This lab does not have an Active Directory (or any other names server) connected to it. If it did, you would be able to select users by name, or by AD container/group, inside of your security policies. To simulate this, you should insert the domain/user into any 'user' fields manually, where you want to specify which users or group(s) a security policy rule should apply to. An example would be, if you wanted to allow RDP to flow between zones but only for the IT staff, in the User tab, you would Add 'PK\IT', where PK is the domain name, and IT is the OU container that includes all persons belonging to the IT group. If a rule should apply to all employees, then leave it as 'any' with no specific user names or groups specified. You may invent your own group names, suitable to the departments of PharmaKiln. o Remember to COMMIT your changes before logging out or shutting down your session. Changes may be lost if you do not do so, and committing changes is what actually enables the settings to take effect on the firewall. Commit is in the top right corner of the console. You should see a progress bar pop-up window when you commit, and it should complete before you log off or close your browser. o 5. Use screen shots of your various configurations, inserted into PowerPoint, to create your deliverable. You may also include text explanations for policy choices to support and explain your policy configurations. When using MS Windows, Screen shots may be captured using the 'Print Screen' or 'Prnt Scrn' button on your keyboard. When you press it, whatever is on your screen is captured to your clipboard. In MS PowerPoint, click Paste, and your screen shot will appear as an image that can be cropped, re-sized, commented on, etc. Windows also offers a program called 'Snipping Tool' which can allow you to capture a portion of a given screen, rather than the entire screen. Other screen capture tools exist such as SnagIt or Jing. (see Webliography for link to Jing) Any screen capture tool may be used as long as the text on your screen captures are legible and not distorted. Summary Slide Deck: MS PowerPoint format. The CIO will be building your slides into his overall deck, to review with the auditors. The CFO will handle all financial audit concerns in her own slide deck- this is not part of your assignment. Your slides should include: o Single slide summarizing your security implementation plan for any nonnetwork, non-NGFW security elements that you were funded for in Module 1. o Single slide summarizing your acceptable use policy. o Single slide summarizing your segmentation and network access approach. o No more than 3 slides summarizing your 'implemented' security policy decisions. Module 2 deliverables are due March 10, 2015 by Midnight. It is critical that you submit your assignment on time, to be able to participate in the Week 4 Group Discussion. Group Discussion time has been decided: Monday March 16th, 8pm CST. Group discussion in eCollege will begin Wednesday March 11. Mon, Mar 16, 8:00 PM Central Daylight Time Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/697758365 You can also dial in using your phone. United States (Long distance): +1 (872) 240-3212 Access Code: 697-758-365 More phone numbers: https://global.gotomeeting.com/697758365/numbersdisplay .html Whether you are not available to attend the date/time assigned for the live meeting, you must also participate in the Group Discussion online. Module 2 Group Discussion Module 2: Weeks 5-8 - Group Discussion Content Toolbox Introductory Text (appears above all topics) Edit Topics Hidden Post first Edit Delete Reorder Acceptable use: How much lockdown is too much lockdown? No No Technical, configuration, NGFW Q&A No No Implementation Planning: herding cats No No Course Design: the 2 lab approach No No Add Topic Acceptable use: How much lockdown is too much lockdown? Please post your Acceptable Use Policy here. (and yes, send it in for grading to the DropBox as well please) During Module 2, many of you sought to 'lock down' the PharmaKiln network, by implementing a strict positive enforcement model. Meaning all internet access, and even interzone access, is denied- except for a couple specific allow rules. Think about rolling out this dramatic of a policy shift in real life. Would this work in real life? Have you ever worked in an environment such as this, where the computers were only good for accessing company specific applications? Is that practical at PharmaKiln? What did (would) it do for employee morale- or employee desire to circumvent security? What does 'Safe Application Enablement' mean, and how would it look if implemented at PharmaKiln? What advantages might there be to implementing firewall policies which provide Safe Application Enablement? Some of you were very broad in your guidelines of what acceptable use is at PharmaKiln, some very specific. Share with the group how you approached your Acceptable Use Policy. Post your Acceptable Use Policy here for the group to see. Post your Acceptable Use Policy here for the group to see. Respond Topic responses Discussion Collapse All More Sort By: Jia Zhuang 3/13/2015 12:41:10 AM 3 Questions about the NGFW configuration Dear Prof. Ancelin, I am curious and try to figure out 3 questions in the NGFW configuration session: 1) How to set the Destination zone to "Untrust"? I can see the source zone can be set to trust, but it's not available for the destination zone. 2) How to make sure the Executive board members can get access to most stuff? I'm little confused about which policy should be ranked higher than the others for HR, Sales team. 3) How to set up the protection for VPN under NGFW? Define a IP range first? such as 172.xxx.xxx. Thank you so much! Jack Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar 3/13/2015 2:30:24 PM Acceptable Use Policy I do not think that locking down everything on the network via implementing strict enforcement would really yield any additional benefits. I don’t believe that any company would be bothered by someone taking ten to fifteen minutes a day to take a break from their routine tasks. Most of the times, Sales team may be communicating with people on outside world, but it might be that they may be consumers/possible clients, etc. So this lock down rule doesn't necessarily be applied to all. Also, in one way of you see, social networking brings to business a boon of free advertising. Workplaces that monitor Internet or any external are typically watching for patterns of significant amounts of time being spent on non-work sites, too much bandwidth being eaten by streaming music or video for non-work purposes, etc. Employee morale will decline causing adverse and negative effects. Even they might try to bypass security process or procedures at times to get through what they want. Absence of social networking Safe Application Enablement was kind of new concept to me. I learnt reading through some articles and the exercise about the possibilities of the same. Palo Alto Networks Nextgeneration firewalls help companies to safely enable applications for all users, regardless of location, resulting in reduction of security risks. Safe application enablement policies if implemented at PharmaKiln allows the application use in a controlled manner, simplifies access there by reducing the threats. Safe application enablement policies can help improve the security posture in the following ways: At the perimeter, the threat footprint can be reduced by blocking unwanted applications and then inspecting the allowed applications for both known and unknown threats. In the traditional/virtualized datacenter, application enablement translates to ensuring only datacenter applications are in use by authorized users, protecting the content from threats and addressing security challenges introduced by the dynamic nature of the virtual infrastructure. Enterprise branch offices and remote user enablement policies can be extensions of the same policies deployed at the headquarters location, thereby ensuring policy consistency. http://www.rdc.uk.com/wp-content/uploads/2012/12/Palo-Alto-Safe-ApplicationEnablement.pdf My acceptable use policies were based on the Industry standard guidelines/InfoSec as well as customized to the PharmaKiln environment. The acceptable use policies defined were to guide access to information in electronic media, information technology, and networks. The purpose of such policies were mainly to to educate; to provide protection against violations of privacy; to prevent misuse of company resources; to protect against inappropriate or destructive behaviors which can result due to the access to electronic information resources; and also to ensure that technology resources provided through PharmaKiln are dedicated to improving Security across Organization that would enable good practices and administration. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Lankappa Prasanna Kumar 3/15/2015 1:42:52 PM RE: Acceptable Use Policy I missed to attach my document when I answered this thread initially. Please see attached my Acceptable Use Policy document.. PharmaKiln_Acceptable Use Policy_Prasanna.docx Reply Recommend Edit DeleteShow Less Royce Humpert 3/13/2015 2:47:21 PM Strict AUP, Do they work? In my years in the IT field a strict AUP serves as a good “three strikes you are out kind of tool” for some managers or for a company that doesn’t understand what they actually need. Open AUPs lead to breaches and the balance between the two is not just trying to meet compliance. In thinking about the above questions the first one is not if it works, but how effective it is. I went with a very strict AUP because that seems to fit the mold of what is PharmaKiln’s business sector. I have worked in places where you basically have open access and others that are very locked down for each situation I think that they did work for the company’s environment. I believe that given the industry this is appropriate for PharmaKiln. The employee morale in each of these environments can be defined as: Lose AUP = High, Strict AUP = Low. This is not always the case but it is true in my experience. If PharmaKiln went with the “Safe Application Enablement” this would allow access to certain web applications but not all the features of those applications. Something like this might work very well for PharmaKiln. One of the major advantages of this kind of policy with a NGFW is the two way tracking of the IP traffic between the user and the destination so that white lists and black listed IPs can be used to help with the management of this task. The reason I went with a strict AUP is that my family has members in the legal and medical professions. Many of those AUPs are pages long and do not simply lay out the foundation elements clearly of what users can and can not do in the company network. rhumpertAUPDrev2.docx Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Royce Humpert 3/17/2015 7:41:00 PM RE: Strict AUP, Do they work? Hello Royce, I think when you have a very strict Acceptable Use Policy, that can alienate a lot of the employees, and if you are very relaxed, then a lot of rules are breached. What I would think as a good strategy is that you empower the stakeholders or people involved in this scenario. A balanced approach is what I would advocate and would get better results. However, you make a lot of good points and I enjoyed your post. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Royce Humpert 3/13/2015 6:03:26 PM RE: Strict AUP, Do they work? Clarity is a big deal actually- many of the AUP's I graded here recently were very thorough, but the average user would have stopped reading and started skimming after the first page. The part that employees sign should be short and sweet, making it clear as to what they are signing. Reply Recommend Edit DeleteShow Less Venkat Sundararaj 3/13/2015 2:48:30 PM Acceptable Use - Sundararaj Would this work in real life? o Locking down internet is not something uncommon. I used work for an insurance company back in india as a network admin and the IT director requested me to lock down the internet only to specific group. All other insurance agent will have access only to a corporate portal through shared desktops. This was possible only when you start the company and you have very limited employees, any new hire wouldn’t mind having such access restricted. But, if you do this on a pre-existing company that’s running under profit and lock down internet completely, then that would definitely have push back from employees. Have you ever worked in an environment such as this, where the computers were only good for accessing company specific applications? Is that practical at PharmaKiln? o Yes, this is again going back to my first answer. The insurance company that I used to work had given limited access to sale agent for their corporate portals only. Their managers had internet access, if they needed anything beyond their portal, they would reach out to their managers. What did (would) it do for employee morale- or employee desire to circumvent security? o It will definitely bring down employee morale for sure. But again, it depends on how well company announces the reason for doing so. This tone had to come from the top and the reason provided to the employee should make each one feel that it’s better to have it limited access than full. In recent growth in smart phone where individuals can use social media through their phones through their data connection from the carrier. What does 'Safe Application Enablement' mean, and how would it look if implemented at PharmaKiln? o Safe application enablement enables the ability to identify user, content and application data associated with each session irrespective of the network channel and the bypass technique they imply. For PharmaKiln, this will give granular control over each application connection traffic. What advantages might there be to implementing firewall policies which provide Safe Application Enablement? o Safe Application Enablement would provide granular control for an application. Meaning for a given application, you can create different set of policies restricting different level of content access to the various user groups. In addition, it provide the ability to block specific to the department with in the trusted zone. Some of you were very broad in your guidelines of what acceptable use is at PharmaKiln, some very specific. Share with the group how you approached your Acceptable Use Policy. o My approach for the acceptable use policy by 3 main category. Enterprise Info Security Policy Defensible for any legal challenges Executive level document at CIO/CISO level No frequent updates and based on higher level writing Issue Specific Security Policy Policies that address specific issues and provide information for employees for proper usage guidance. Frequently reviewed and updated System Specific security policy System specific policy are related to technologies implemented within the organization, configuration and access control details Reviewed frequently and updated Acceptable Use Policy - Sundararaj.docx Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Venkat Sundararaj 3/13/2015 6:08:11 PM RE: Acceptable Use - Sundararaj Understood- there are times and places for locked down networks, certainly. Ill wait until some more people post, to see their take on what 'safe application enablement' means, before sharing my thoughts on that topic Reply Recommend Edit DeleteShow Less Ruth Olugbodi 3/13/2015 9:28:42 PM Acceptabe Use Policies The lock down network approach with no or limited access will not work in ideal work situations, all departments should have access to the internet with some restriction on what websites to block. I have never work in an environment with no internet access to employees, the use of the internet is essential but with some restricted sites. My employer internet policy is to use for business purpose only, but of course some of us it to check email or research information. Couple weeks ago we were block from using web based emails such as Gmail, yahoo, etc. because of the data breach that happened with Blue Cross Blue shield. There was some phishing emails going around for people to provide personal information for their Blue Cross Blue shield Insurance Company. Locking down the internet access will definitely hurt employee morale and reduce productivity; many people depend on the internet to reach their families and love ones. Safe application Enablement is the ability to control network traffic based on applications, users and content. PA NGFW is able to identify users, content and data associated with each session. Safe enablement begins with application classification by APP-ID, tying users and devices, regardless of location to applications with UserID. Safe Application Enablement provides fine-grained visibility and policy control over application access and safely enables application usage decision and threat prevention. This provides more visibility into the network and gives real time information about what is traversing the network My Acceptable use Policies are based on Enterprise security policy that specify the basic and standard policies that all employees must adhere to in order to protect the integrity of PharmaKiln Network and assets. I went further by specifying defining rules for each zone based on the need to know basis, for example sales group should have access to the applications they needed and of course internet access too. Sales should not have access to product development, HR, IT etc. Applications. Ruth_Acceptatble_UsePolicies.docx Reply Recommend Edit DeleteShow Less Matthew Price 3/13/2015 9:41:37 PM Matthew Price's AUP/EUP 1. I think that this does work in real life specifically within government settings where they have the authority to lock systems down. 2. The acceptable use policy that I created was based on a worldwide manufacturer that was worried about Intellectual Property (IP). They locked down all their facilities so that you had to request internet access. Access to the Internet was constantly watched to determine if it was still necessary. I think for PharmaKiln researchers it would difficult to lockdown the environment as they will need to be collaborating with many different companies and researchers outside of the organization. I think that eventually PharmaKiln could go to a locked down model, but beginning an information security department/group it would be hard to get upper management buy in immediately. If there was a breach of the network executive buy in happens immediately though. 3. I think if you apply for a position at a government agency you know what you are getting into before you start working there and accept the risk of having to follow the rules. If the strict positive enforcement model had buy in from executives then it is possible to be implemented successfully. I think that PharmaKiln should go to such a enforcement specifically for the researchers accessing PRAD. In email communication this was described as the holy grail of PharaKiln, and therefore should be protected as such. 4. "Safe Application Enablement" on a Palo Alto NGFW will allow PharmaKiln researchers to collaborate together on a specific research. This means that researchers A, B, and C are able to access application three. However researcher D cannot access application three because that do not need that application to do there research. This would be able to be setup between companies as long as a dedicated IPSEC VPN tunnel was created that was decrypted so that specific users could be detected trying to access the shared data. This might be very difficult to implement on the backend though with the tunnel creation and very specific firewall rules for the traffic. 5. If Safe Application Enablement was enable then the Palo Alto would only allow specific users to access specific applications that they are allowed to access. I think a disadvantage is that if one of these users account is compromised then someone that should not have access to the data can access the data. 6. My AUP was very specific on what could and could not be used on the PharmaKiln network. I based my policy on situations that I currently see within my current employer and previous employer's. For example I disallowed USB's because this is an easy way to exfiltrate a lot of data and not being detected. When an employee agrees to this policy it gives the IT department the obligation to shutdown USB on any system they used. This can be enforced at a BIOS level on all computers. The other big policy rule in my AUP was that Cloud Storage was not allowed to be access. I feel that once a document is uploaded to the cloud the owners lose control of the data. This essentially exposes company data to the world. PharmaKiln End User Policy.docx Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Matthew Price 3/14/2015 6:35:46 PM RE: Matthew Price's AUP/EUP Matt, you did in fact just point out a weakness to 'safe enablement'... that goes along with the zero-trust concept. If you have RDP allowed for all IT dept users, but one of those users is compromised, then the bad guys now have RDP too. What I'm hearing in the comments thus far, from Ruth and yourself on up, is that the amount of lockdown depends on the environment- and the type of company, use of network, and sensitivity level. Perhaps if all companies locked down tightly, our electronic economy would be safer- but at the cost of freedom. Safe enablement is about being able to say 'YES' to your users more often, as long as the allowance can be filtered and monitored, as to not exceed your particular threshold for risk. Reply Recommend Edit DeleteShow Less Matthew Price reply to Instructor Ancelin 3/16/2015 2:43:19 PM RE: Matthew Price's AUP/EUP Do you really expect freedom at work? I understand that if the company that I work for does not allow social media (or any other appliaction) then I cannot use social media at work or on a work asset from home. I do not consider this a loss of freedom, because I am at work and the company dictates how it wants their employee's to behave. If you want to use social media at work find a company that allows this or find a position in the marketing department. Now if my ISP decides that I can no longer use streaming media because all their customers are streaming movies, and it is affecting the ISP's overall network performance. This is clearly a loss of freedom. I realize once the FCC's net neutrality is implemented then this scenario is no longer valid as it will be against the law. Reply Recommend Edit DeleteShow Less Bob Chiang 3/13/2015 10:20:30 PM My AUP I've worked in the defense sector for over a decade. It's been my experience that internet usage is fairly locked down. Most sites, even business relevant are blocked until justification is provided to allow that particular URL. The process has become more streamlined over the years, but the implicit deny is still there. As for morale, I can't recall any time where someone was offended by the denied access. We simply understood the policy and the rationale and submitted the change request. Thus for PharmaKiln, I started with a lock down approach and was met with some resistance by members of the role play. I ultimately opened up the policy to allow personal email and social media. Even if it was against my better judgment. For the sake of a fictitious company, I thought the imaginary employees should be spared the bureaucracy. I like the idea of safe application enablement, but I'm not completely clear on how it's used. Based on my understanding, the way this works is because a network of customers collect information for PaloAlto. Then PaloAlto systems perform heuristics and behavioral analysis on the network traffic. When something bad happens, a response is recorded and a new policy is rolled out the customers. In order for this model to work, one or many customers need to be "infected" before the others can be "vaccinated". Thus it pays off for the many, but isn't there a victim? So I like the idea of safe enablement, but I wouldn't want to be the guinea pig that discovered the malware and leaked proprietary information to competitors. PharmKiln - Acceptable Use Policy.docx Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Bob Chiang 3/14/2015 6:41:36 PM RE: My AUP What you are describing there Bob sounds more like the WildFire function maybe? WildFire attempt to turn unknown files into known ones- by sandboxing them in the cloud. That would be the primary bit of threat intel that Palo Alto is collecting. Application ID's are able to be user-made, but Palo Alto also works to maintain the most up to date Application-ID database it can. They create new new ones for customers upon request, to help admins be able to at least classify all traffic on the network. The patient 0 example, where one gets sick before the others can block on sight, is also true for WildFire though. A wholly unknown file, that finds it very first target, will not be delayed from getting to the user. This means patient 0 could get infected, and the admin would know about it 15 minutes later when the WildFire result caught up to it. At that 15 minute mark, all the other firewalls globally would then be able to also block that same file inline. Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo 3/13/2015 11:52:43 PM Acceptable Use Policy Will the 'lock down' method work in real life? On the surface I will say no. However I think it will depend on the industry. I once worked at the Credit Card Processing of one of the Legacy banks as a Mainframe Developer. We were only allowed access to the intranet. Only the managers and key employees like the architects were allowed internet access. It did not affect our morals in any way simply because we really did not have the cause to surf the internet. Most of the resources that we needed to do our work were provided on the company intranet. According to the PaloAlto website. the Safe Application Enablement simply means looking at the totality of the network based on application, users and contents and not applying hard fast rules. Olorunnisomo_Module 2_Acceptable Use Policy.docx Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Joshua Olorunnisomo 3/14/2015 6:44:22 PM RE: Acceptable Use Policy Another concept behind Safe Application Enablement is the idea that your rules are not limited to being 'on/off' switches, instead, think of your rule base like a dimmer switch. An example is allowing posting and reading to facebook, but not allowing binaries to be uploaded (images, files), not allowing facebook chat, not allowing facebook apps from running. This targets the highest risk and highest time wasters, but allows the basic functionality. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Instructor Ancelin 3/15/2015 1:48:14 PM RE: Acceptable Use Policy Thanks for the information Professor. Can we utilize this Safe Application Enablement in the PA NGFW to also set the same type of rules on any Corp or Internal applications to allow or not allow to run as needed. Is there any scripting, configuration changes needed and can that be done at a Network administrator's level? Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala 3/15/2015 5:08:26 PM Will Lock down add value ? I don’t think a complete lock down would add much value to the company, In my view every company can have set of rules which suits their business, however they should adhere to some kind of industry standards because employee might feel that they are being controlled to the maximum extent or they might compare with similar companies which might allow some kind of activity. There is a thin line between a complete lock down and the being preventive as far as security is concerned. In my experience 15 years back when I started working for company which develops web applications we used to have access to anything and everything. I remember people taking advantage of that where in the time they put into web surfing was more than the time they spend on work. The very next company I joined which used to ERP client server application, we were not given any kind of internet access at all. I remember going to nearby cybercafes to check personnel email. We used to go at the lunch hour. These were tow complete opposites I saw in the year 2000. After few years when i was working in Middle East I used to work for a company which was also more or less locked but there used to one computer in each floor dedicated to internet which we need to block it for 20 Mins with managers approval if one used to do personnel work. Another incident I would want to share, when i used to work in AUSTIN, TX we should to have access to have everything, the whole network was blocked when every body started watching Michael Jackson Funeral at office hours. This kind of things make the Security team think of putting more restrictions so that everything is under control. Safe Application enablement is a concept which depends on information for enforcing the policies or inspection as opposed to the traditional methods of blocking the entire port from which the application comes in. This definitely is a better way of handling applications. But the dynamism of the policies needs to be built very carefully. As I said my approach was to get the best standards and modify them and according to our needs. RaviPannala_Pharmaklin_ Acceptable Use Policy.doc Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Ravi Kumar Pannala 3/15/2015 9:06:27 PM RE: Will Lock down add value ? so then your concept of safe enablement factors in productivity...if you and your team did not have to go to such great lengths to leave the office or schedule time to use the internet, that time could have been used for work. The MJ funeral is a great example- whether its the Olympics which are all webcast now, or the Sweet 16 basketball tournament, each year Palo Alto develops specific Application-ID's for those big events. Mass-watching of web content can be a serious drain on bandwidth- and bad for productivity- so we provide the App-IDs to enable controls. Either to block specifically that content, or to QoS/bandwidth throttle the content to ensure it doesn't impede normal business network activity...another example of safe enablement. Reply Recommend Edit DeleteShow Less Ian Weir 3/16/2015 7:49:57 PM My approach to AUP I think that this could certainly work in real life, but I think that it might be difficult to do without putting certain conveniences in place. The break room computers that had internet access would likely be a big help as far as keeping morale up. Regardless, I think it would be necessary to try and develop an organizational culture that understood that the goal of the business takes precedence over niceties like non-business internet access. I have worked in environments with networks and systems that were completely separated from any outside networks. No internet access, and no access to systems that were not also part of the isolated network. I think that is likely to work best in environments where there is a need for high security, like military, pharmaceutical, etc.. If things were locked down with no special considerations for employee access to the internet, and there was no organizational acceptance or real buy-in from the rank and file, there would probably be a strong temptation to circumvent controls. (I think that a good way to help counter this temptation is to make it worthwhile to put up with the inconvenience. As in, pay the staff handsomely for working in a less relaxed environment.) Safe Application Enablement has to do with specifying which users can be associated with a given type of traffic (application or protocol). This would look similar to what we implemented at PharmaKiln during this module. Only specific traffic was allowed on some of the VLANs. This was the case both internally (from the Product Development VLAN to the PRAD environment) and externally (traffic from the break rooms to the outside world). There are a lot of benefits to using Safe Application Enablement. It allows for easy control over the type of traffic allowed. Another benefit is that it can help to make it much easier to identify traffic that is in violation of intended policies. When I was putting together the AUP, I really just wanted to keep it very generic. I wanted to cover obvious common sense things like prohibited activity, as well as to address any attempts to circumvent controls. I made sure to try to include sections that were explicit with regard to use of the computers provided by PharmaKiln in the break rooms. Reply Recommend Edit DeleteShow Less Shree Venugopalan 3/16/2015 8:02:34 PM Acceptable Use Policy documents. Hello Team, Please find attached my Acceptable Use Policy documents. This policy applies to all employees of PharmaKiln who have access to computers and the Internet to be used in the performance of their work. Use of the Internet by employees of PharmaKiln is permitted and encouraged where such use supports the goals and objectives of PharmaKiln. However, access to the Internet through PharmaKiln is a privilege and all employees must adhere to the policies concerning Computer, Email and Internet usage. Violation of these policies could result in disciplinary and/or legal action leading up to and including termination of employment. Employees may also be held personally liable for damages caused by any violations of this policy. All employees are required to acknowledge receipt and confirm that they have understood and agree to abide by the rules hereunder: a. Company employees are expected to use the Internet responsibly and productively. Internet access is limited to job-related activities only and personal use is not permitted Job-related activities include research and educational tasks that may be found via the Internet that would help in an employee's role. b. All Internet data that is composed, transmitted and/or received by PharmaKiln computer systems is considered to belong to PharmaKiln and is recognized as part of its official data. c. The equipment, services and technology used to access the Internet are the property of Pharmakiln and the company reserves the right to monitor Internet traffic and monitor and access data that is composed, sent or received through its online connections Emails sent via the company email system should not contain content that is deemed to be offensives. d. All sites and downloads may be monitored and/or blocked by PharmaKiln if they are deemed to be harmful and/or not productive to business. Many thanks and kindest regards, Shree. svenugopalan_Practicum Module 2 - 03-15-2015 - Acceptable Use Policy.docx Reply Recommend Edit DeleteShow Less Jia Zhuang 3/16/2015 10:41:01 PM Acceptable Use Policy_Jack Hello Team, Attached please find the AUP for your review and comments. Thank you, Jack Zhuang Acceptable Use Policy-jzhuang.docx Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Jia Zhuang 3/17/2015 7:43:05 PM RE: Acceptable Use Policy_Jack Hello Jack, This is a good Acceptable Use Policy and I quite liked reading it. Very informative. Reply Recommend Edit DeleteShow Less Larry Hodge 3/17/2015 5:19:22 PM Larry Hodge: Acceptable use Policy At first, my trajectory was to lock the place down because everyone was focused on PRAD protection and I didn’t want to inadvertently cause a data breach. At the end after multiple e-mails to Teresa, I went with a more lax approach. I did allow a lot more flexibility. When I worked at Toyota and even now with State Farm, we were not allowed to use personal email or social media. State Farm went further and employees in our operation center as well as team members and agents have to download State Farm approved applications through MyPod; USB and CD ROM are disabled from the workstations. State farm allows news sites and such but Youtube is forbidden. Safe application means that instead of configuring the firewall to allow / deny access- it is configured for privileged users with a business need only. Which is understandable and much more flexible. Some of the disadvantages would be employee disdain that team member A can access certain URL’s that Employee B feel that they too should be able to access. I was very specific in approaching my AUP. I tried to cover all bases. I incorporated a lot of past experience in my policies and what I felt best for the company. In the end I think I written too much. It could be a snore fest at best for anyone attempting to read it. Pharmakiln security policy.docx Reply Recommend Edit DeleteShow Less Larry Hodge 3/17/2015 5:45:38 PM Implementation plan Here is my slide- It is incomplete because I didn't think to include the security training portion from my AUP into it and it was too late to send out emails asking for feedback from the Pharmakiln team. It was the only portion of the module that the professor came down on me for and I whole-heartily agreed with his feedback. Pharmakiln Module 2.pptx Reply Recommend Edit DeleteShow Less Ian Weir 3/15/2015 11:22:42 PM PharmKiln Acceptable Use Policy - Ian Weir Hello, please see the attached file. Discussion post to follow. PharmaKiln-Acceptable_Use_Policy.docx Reply Recommend Edit DeleteShow Less Jia Zhuang 3/17/2015 11:04:52 PM RE: Acceptable use: How much lockdown is too much lockdown? It's interesting to think about from different standpoints of how much lockdown is too much. From IT Security, it's probably good to lockdown as many stuffs as they can to minimize the risks. However, from the users' standpoint, it would heavily restrict their flexibility and availability when picking and choosing applications. It may significantly impacted users' preferences and behaviors as well. Therefore, it can be true in real life, but the context is crucial. I recently joined a multinational manufacturing corporation, which has a very strict IT Policies and rules. We have a pre-installed list of Apps which are only work related. As for PharmaKiln, a Pharmaceutical Company, a strick IT policies is a must! The PRAD and other important data have to be well protected for sure. As for the employee morale, it will have some impact for sure. I guess for most of the users, they will just accept the fact that they can't use certain favorite tools. However, there must be some IT guru would like to find an alternative path to circumvent the security. It would be cool to do something special with company's devices. Safe Application Enablement will help researchers, sales team, HR, executive members to work more effectively in their roles. For example, basic social social media features (FB, Twitter, Pinterest) will help sales team to better promote their products. LinkedIn would help HR to recruit talents... Obviously, Safe Application Enablement will help employees' work in certain ways but make sure the high level of security. It will allow certain activities, but not all. So it blocked some potential risks and vulnerabilities. A comprehensive zero trust policy as a basis plus safe applications enablement will fit PK's need in my opinion. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Jia Zhuang 3/17/2015 11:41:11 PM RE: Acceptable use: How much lockdown is too much lockdown? Hello Jack, I agree with you and I have made this point before in a few of my other posts that a strict lock-down does affect the moral of the employees. The multinational manufacturing corporation experience that you talk is something that I have experience in IBM when I did my time there with them. While it is not a manufacturing company, they still do have a lot of the same structure that IT companies go through and do have a strict IT policy and set of rules in place. I am sure that the PharmaKiln experience will not be that different. The PRAD that other important data that they have will be well protected and I am sure the lessons we learn in this course are sure going to be of great help. The post and the questions that you raise are very interesting in that it helps the various teams, the zones that they can access, the policies applicable and all the checks and balances that we have to put in place to be extremely precise. Thanks for this interesting perspective. Reply Recommend Edit DeleteShow Less * Times are displayed in (GMT-06:00) Central Time (US & Canada) Module 3 Home ****** Live Group Discussion for Module 3 will occur at 8pm CST on Wed April 8: Wed, Apr 8, 2015 8:00 PM - 10:00 PM Central Daylight Time https://global.gotomeeting.com/join/461768157 United States : +1 (872) 240-3212 Access Code: 461-768-157 ****** We've made it through our first audit, congratulations, and thanks for all of your hard work helping us get there! Hopefully things will calm down a bit now, with the audit past us, so we can get on to optimizing our operations and preparing for growth. Now that our gear has been installed, I want you to focus on refining your security policy in the NGFW. Let's get the most use possible from our expenditure. Enable as many of the countermeasures available to you as you feel are necessary to secure us, but be sure that it does not inhibit production work flow around here. Our product development researchers are the lifeblood of this company- if they cannot get their work done, we don't make any money. To help you get the most out of the IPS/Security functionality, I have again called on my friend over at Palo Alto Networks to provide you access to their Ultimate Test Drive Threat Prevention lab. Similar to the last lab in function, this one will focus on security countermeasures and their configuration. You should see an email in your inbox providing you access to the lab, if its not already there. When you've completed the Threat Prevention lab, meet me down in the data center. I want you to look at something with me. [It is recommended that you complete the Ultimate Test Drive Threat Prevention LAB before proceeding to the Scenarios] Module 3 Scenario 1 HTML <div style="text-align: center;"><font face="Verdana" size="2"><span style="font-weight: bold; fontstyle: italic;">[It is recommended that you complete the </span><a href="/ec/crs/default.learn?CourseID=10750058&47=30362447&dt=1%2f11%2f2015 8%3a09%3a21 PM&UnitNumber=3&COID=11&UDPK=612082775&UPK=66817096" target="_top" style="font-weight: bold; font-style: italic;">Ultimate Test Drive Threat Prevention LAB </a><span style="font-weight: bold; font-style: italic;"> before proceeding to the Scenarios]</span><br /> <br /> <br /> <span style="font-weight: bold; font-style: italic;"> <img src="/CurrentCourse/pharmakiln_logo.jpg" alt="PharmaKiln logo" title="PharmaKiln logo" /> </span><br /> <br /> <br /> </font> <div style="text-align: left;"><font face="Verdana" size="2">The CIO has asked that you join him in the datacenter to review a report.<br /> <br /> </font></div> </div> <font face="Verdana" size="2"><br /> <iframe width="560" height="315" src="//www.youtube.com/embed/q0zGonT5_gg" frameborder="0"></iframe><br /> <br /> <strong><a href="https://drive.google.com/a/udallas.edu/file/d/0ByrvfMA_6zkRRHhzcm1vTkN6cnM/view?usp=sha ring" target="_new">Click here to download the AVR report. </a><br /> </strong><a href="https://drive.google.com/a/udallas.edu/file/d/0ByrvfMA_6zkRRHhzcm1vTkN6cnM/view?usp=sha ring" target="_new"></a><br /> Let me know if any of the threats in the latter sections of this report should be of concern. There may be correlations between the application, URL, and threat traffic. <br /> <br /> We want to start this department with good habits - so please document your efforts, analysis, methods, findings, and resolution- if any. If you find evidence of anything critical, you may want to produce an incident response report. <br /> <br /> </font> <div style="text-align: center;"><em><strong><font face="Verdana" size="2">[Examine the <a href="/ec/crs/default.learn?CourseID=10750058&47=30362447&dt=1%2f11%2f2015 8%3a26%3a19 PM&UnitNumber=3&COID=11&UDPK=612082775&UPK=66817096" target="_top">Deliverables section </a>for guidance on documentation, and what will be expected at the end of week 3]</font></strong></em></div> <font face="Verdana" size="2"><br /> <br /> <br /> </font> Module 3 Scenario 2 HTML <div style="text-align: -webkit-center;"><strong><em><font face="Verdana" size="2">[Complete Scenario 1 before proceeding to Scenario 2]</font></em></strong></div> <font face="Verdana" size="2"><br /> </font> <div style="text-align: center;"><font face="Verdana" size="2"> <img src="/CurrentCourse/pharmakiln_logo.jpg" alt="PharmaKiln logo" title="PharmaKiln logo" /> </font></div> <font face="Verdana" size="2"><br style="text-align: -webkit-center;" /> <br style="text-align: -webkit-center;" /> </font> <div style="text-align: left;"><font face="Verdana" size="2"><br /> Something suspicious is going on. Talk with the CIO in the datacenter and review this fresh report.</font></div> <font face="Verdana" size="2"><br /> <br /> <br /> <iframe width="560" height="315" src="//www.youtube.com/embed/POYGfZEq3Tk" frameborder="0"></iframe><br /> <br /> <strong> </strong><a href="https://drive.google.com/file/d/0ByrvfMA_6zkRdEoxQ2JIX1NFX3c/view?usp=sharing" target="_new"><strong>Download the newly pulled AVR report. </strong></a><br /> <br /> <br /> </font> Module 3 Scenario 3 HTML <div style="text-align: center;"><strong><em><font face="Verdana" size="2">[This is the final Scenario complete Scenarios 1 and 2 first]</font></em></strong></div> <font face="Verdana" size="2"><br /> <br /> </font> <div style="text-align: center;"><font face="Verdana" size="2"> <img src="/CurrentCourse/pharmakiln_logo.jpg" alt="PharmaKiln logo" title="PharmaKiln logo" /> </font></div> <font face="Verdana" size="2"><br /> <br /> The evidence is mounting, pointing to a targeted attack. This moment in time could make or break your career at PharmaKiln - and forever define you as a CISO. The entire organization is looking to you for answers. Meet the CIO in the datacenter to discuss strategy. <br /> <br /> <br /> <iframe width="560" height="315" src="//www.youtube.com/embed/e1j9RJ0RGjk" frameborder="0"></iframe><br /> <br /> <strong><a href="https://drive.google.com/file/d/0ByrvfMA_6zkRSFdOTnVzUFFkaGM/view?usp=sharing" target="_new">Download the third AVR report. </a><br /> </strong><br /> <br /> </font> Module 3 Deliverables Module 3: Deliverables PharmaKiln has been under attack. It is up to you to stop the attacks, protect PharmaKiln's valuable intellectual property, and ensure that the ongoing risk to PharmaKiln is reduced to an acceptable level. The CIO must present the state of our information security to the executive staff and legal team very soon (on April 8th) - prepare him. Ultimate Test Drive Lab - Threat Prevention: Similar to the first Ultimate Test Drive, you will receive a separate email with instructions on how to access the lab and the lab exercise workbook. This one focuses on configuring the threat prevention elements in the next-generation firewall. Do not log in until you are prepared to complete the entire lab exercise. This lab will expire 6-hours after initial log-in. The workbook is a PDF document. I suggest you PRINT the lab exercise workbook such that you can view the lab screen independently of the workbook, without having to switch back and forth. If you have dual-monitors this would work as well- where one monitor would display the lab and the other the PDF workbook. o Although this is a required assignment, there is nothing to turn in. Your instructor can extract your activity in the lab from the reporting provided by the lab hosting platform Cloudshare. Three (3) Incident response documents (one for each Scenario): MS Word format. Written document describing your analysis, findings, conclusions, remediation actions taken, and any other suggestions you have for each of the three threat response scenarios. You may make use of the form templates on the X: drive, produce your own format, or use some combination of the two. o The student workshop lab environment is not yet mature enough to simulate these attacks for you - so your incident responses will have more creative license than you have had thus far in this class. This means you may 'invent' or 'make up' certain missing elements that would in fact have been available to you in a simulated attack lab. o This exercise requires that you communicate with your co-workers concerning their observations or findings, with whatever systems they might have control over, to gather more details or evidence about the attacks. o As you review the AVR reports given to you in each scenario, use Google to uncover the nature of each threat you are looking at. o Always consider the fact that a reported threat may in fact be a 'false positive' meaning the conditions exist to trigger the signature, but the source of those conditions are not necessarily malicious. It is absolutely IT Security's job, and in this case you the CISO's job, to distinguish between real threats and false positives. You do not want to 'sound the alarm bells' if in fact there is no real attack. An example, a mis-configured server could be making multiple LDAP calls inside of a short period of time- this could trigger a brute force threat signature, as brute force attacks do rapidly, repeatedly request something as a technique to overload the target. Severity is a good indicator of the likelihood that a logged threat is a false positive. A Low or Informational level severity brings serious doubt to whether that threat log should be concerning...since at that level, there could be many natural functions of your network that could trigger this result. Stick to examination of Critical, High, or Medium severity threats for this work, and only use Low or Informational severity threats if they correlate with Critical/High/Mediums. These higher severity threats have a greater likelihood of being real attacks of some sort. Keep in mind, if an attack (even a high severity attack) is designed to exploit a specific type of system, but you do not run that type of system, it is NOT a threat to you. If you have Lotus Notes vulnerability exploits flying at you, but you don't run Lotus Notes, you have nothing to fear. Those are examples of threats sprayed across the internet, hoping to find the vulnerable system out there somewhere...or 'nondirected attacks'. o The AVR reports are divided into sections. For Module 3, you will want to focus on the threat related sections, starting with Application Vulnerabilities Discovered (page 12 on the first one). Spyware and Viruses, Most Common Viruses, and Modern Malware sections are the other threat related sections. o Please ignore the inconsistencies on the application and URL sections of the report. The assumption is that you just implemented various policies to block o certain apps, and the story-line in the role-play thus far has PharmaKiln using certain specific systems...but the AVR reports will show all sorts of traffic types that were never discussed. There are many missing details in these reports- like source and destination of the attack, time stamps, and other forensics. Use role-play emails to uncover those details you feel would contribute to your analysis. Revised NGFW configuration(s) (student workshop): MS PowerPoint format. o Use the same username and password that you were issued during Module 2 to access your 'production firewall' (pwshop) NGFW instance. o Build upon, and modify, your Initial NGFW configuration from Module 2, focusing now on threat prevention functionality. Create Security Profiles, including one that will enable WildFire functionality. AntiVirus, Anti-Spyware, Vulnerability Protection, and File Blocking (for WildFire) policies should be created. It is NOT required to create Data Filtering or DOS Protection profiles. Look for Zone Protection Profiles (Network tab>Network Profiles) - those would be the preferred defense against volumetric attacks, over DOS protection profiles. Put Security Profiles 'in line' by adding them to your firewall allow rules, in the Security Policies. No need to place security profiles against Deny rules, as those rules are already terminating any packets/sessions according to their deny parameters. Research, and enable, any other threat-prevention specific elements in the NGFW as you see fit. o Insert screen shots to MS PowerPoint of your specific security configurations in response to the threats faced. These slides will go into your summary slide deck. o Your final configuration will reflect your security enhancements after Scenario 3. Meaning, I do not need a separate configuration per Scenario. By the time you have finished Scenario 3, your security settings should provide defense against all 3 scenarios, and their various threats...so only ONE configuration required as the deliverable. o As in Module 2, technical accuracy is important, but especially for any nontechnical students, conceptual accuracy is more important. Your configuration will be graded on its effectiveness, and the effort made to match security enforcement to your Incident Response findings. Any questions on specific feature related settings that cannot be answered through web searching, should be asked in role-play. Summary Slide Deck: MS PowerPoint format. Your slides should include: o Single slide for each Scenario summarizing your incident response. o Summary/Executive slide with your recommendations moving forward. o NGFW threat prevention configuration slides at the end of the deck to support group discussion and provide evidence of actions taken. Use screen shots of the relevant threat prevention configuration areas that you configured in the student workshop. Module 3 deliverables are due April 7, 2015 by Midnight. It is critical that you submit your assignment on time, to be able to participate in the Week 4 Group Discussion. Group Discussion time slot preferences must be submitted by April 5, 2015 by Midnight. Please pick your available times using this DOODLE POLL. Whether you are not available to attend the date/time assigned for the live meeting, you must also participate in the Group Discussion online. Module 3 Group Discussion Module 3: Weeks 9-12 - Group Discussion Content Toolbox Introductory Text (appears above all topics) Edit Topics Hidden Post first Edit Delete Reorder gag-order No No vectors of attack No No Final thoughts, as you head toward graduation No No Add Topic gag-order If anyone bought and read the recommended reading 'Illusion of Due Diligence', you would have found a former-CISO telling his tales about having been squashed...for trying to do his job. When the hint of data breach hits the air, the execs and lawyers get nervous. The immediate reaction tends to be to bury this information- try to fix or recover- but to minimize the damage as perceived by the public. Sometimes this can very much get in the way of the actual mission of the CISO, because it can leave the security department isolated in its efforts to recover from an attack. If you have any personal stories where you have seen this happen, share them here. Respond Topic responses Discussion Collapse All More Sort By: Larry Hodge 4/8/2015 8:00:29 AM gag-order I have not personally had this experience per-say BUT I have worked in an environment where the Managers of the IT department were very 'Twitchy' and knee jerky when anything (even minute events) occurred. Their first reaction is to over react What happened? Why did it happen? Who caused it to happen? And it doesn't really matter if it was caused by actual malice or inadvertently- They would prohibit what ever caused the incident immediately. As an example- the whole company was able to use personal email and for years and years we all understood the risk of attachments (this was the early 2000's) and a vast majority knew you don't click on the attachments and download anything at work- it's common senseIt was a large company and we had interns and contractors as well as employees (young and old)One time an attachment was clicked and a virus was introduced into our network- it was contained with NO damage or incidentBut from that day forward- personal email was bannedKnee jerk reaction and a catering to the lowest denomination is almost a pre-requisite for any management level position. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Larry Hodge 4/12/2015 8:21:25 PM RE: gag-order Larry, this kind of reaction stems from either not having a strong enough security leader in the company, or not having tech's whose voice is respected... because if either had been consulted, potentially this over-reaction would have been avoided Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Larry Hodge 4/12/2015 2:23:27 AM RE: gag-order Hello Larry, Having worked in IBM before starting the MBA/MS program here, I must admit I have seen my share of managers who have not been very level headed and practical. While I can see how an errant e-mail with a malicious attachment can cause the managers at your company to make a decision like what they did regarding personal e-mails, my problem extends beyond that. I think you really need to have vision and leadership qualities to be a manager and anything above that, as a manager is a low-level leader of sorts, managing people. The fact that they have these kind of over-reactions is testimony of the fear that drives managerial decisions these days. Your analysis and real life experience is really valuable and interesting. Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Larry Hodge 4/9/2015 11:14:42 PM RE: gag-order Hi Larry, I like you put "Knee jerk reaction" to describe the quick but superficial solutions. It's too much to ban the personal email... Although I haven't get a chance to really work in the front line, I basically knows that we should make an analysis before taking an hasty decision. We had an interesting meeting today after newly merged into IT department. Previously, I worked in Digital Marketing as Sr. Database Coordinator. Henry, our CIO, cast a question to us: Do you think we should ask technical people to coach business minds? Or do it in the other way, business guys to teach tech guys? I think that's the meaning of this course that helped us to understand the business needs beyond technology. In my opinion, gag-order definitely will help the company to contain the risks, especially from the legal liability standpoint. At the same time, it will slow down the response and address to the core of recovery. Additionally, depends on the nature and servility of the breach, FBI or other 3rd party may also involve in the investigation. To protect the chain of custody rather than jump into recovery seems more important. Anyway, Gag-order has its significance for companies to contain the damage. But how and when to use it should not only decided by execs and legal lead, but also should include CIO/CISO in the decisionmaking process. What do you think? Reply Recommend Edit DeleteShow Less Venkat Sundararaj 4/9/2015 10:18:56 AM Gag-Order I can share one incident that happened last year. We do provide a hosting service for some of the internal employees, users started complaining about performance degrade on certain clusters hosts. Further investigation we noticed that one of the user consuming high memory/CPU cycle from his machine. Then we noticed that he was running an application that provide compute resource to make bitcoins. We were in the middle of taking ownership of his VM for further forensic investigation. Unknowingly, one of my peer contacted this person asked him if he is running any memory/CPU intensive application. The user refused that he is running any kind of application like that and started to delete his virtual machines. We were lucky to capture portion of them already. User was under the impression that he deleted everything. Later, I was called for a discussion with my directors and other security forensic experts to keep this confidential. Even my peers were told to keep this confidential until proven. In this case, the user intention was to make money using the corporate compute resources and no data was comprised. I wouldn't comment on what happen to the employee performing this action. I would still think keeping the breach confidential until relevant evidence about the breach/attack is important. In addition, making CIO/CISO responsible for breaches like these may not be appropriate in case of rouge employees intentionally violating the policies and performing illicit acts. Reply Recommend Edit DeleteShow Less Jia Zhuang reply to Venkat Sundararaj 4/9/2015 11:22:48 PM RE: Gag-Order Venkat, Many thanks for sharing your story with us. I agree your idea that CIO/CISO should the scapegoat and take the full responsibilty. Also, I think it's fine to keep silence and do not make any comments to your co-worker if your boss would ok to keep it in the dark. It's not a serious issue so gag-order triggered here. But how could that guy install an App to do mining for profit? Do you think Security team can do a better job to only approve certain number of Applications on the white list? Still room to improve, right? Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Venkat Sundararaj 4/12/2015 8:20:26 PM RE: Gag-Order Interesting- but the bitcoin scenario adds a whole new wrinkle to an AUP doesn't it? The idea that you set some idle computer to work, mining bitcoin...something that might need to be specifically added to AUPs of the future Reply Recommend Edit DeleteShow Less Ruth Olugbodi 4/9/2015 9:11:52 PM Gag-order I do not have any personal experience of data breach and the mitigation process, I have read news articles of major data breaches with companies and how they try to downplay the severity of the attacks. It's understandable how corporations will like to protect their bottom line but I now see how this can obstruct the work of the CISO. Reply Recommend Edit DeleteShow Less Bob Chiang 4/10/2015 12:54:38 PM Get the facts My experience with "gag orders" with respect to damage control have been executed with sound ethics and full disclosure. That sounds contradictory, but let me explain. In my industry, we are responsible for providing full disclosure of defects and non-conformances to our customer. Failing to do so in a timely manner is met with severe penalties. However, it is is equally painful for crying wolf. Therefore, the "gag order' is time bound, 24 hours), so that relevant facts can be gathered and we can hold a meaningful discussion with stakeholders. After the time period has expired, the facts will tell you if there is sufficient reason to be alarmed and stakeholders are informed of the situation. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Bob Chiang 4/12/2015 8:22:37 PM RE: Get the facts Nice counterpoint there Bob- its not all about 'sweeping things under the carpet' but in fact, to give time for a more substantiated response Reply Recommend Edit DeleteShow Less Royce Humpert 4/10/2015 2:59:06 PM Gag order Post Attack A gag order is often a response by legal to stop the negative talk and rumor mill. I have been under three of these in my life. All were lifted when the truth of the situations came to light. I have not been under a cyber attack gag order, however I understand the issues and why the attitudes and information must be contained. Target, Barnes and Noble, TJ Maxx – these are the tip of the iceberg. The one I mentioned on the class call is the only one that comes close, when a certain telecom had it’s information hacked. We were ordered not to discuss anything, with anyone, about the breach. It really limited my ability to reach out to certain teams to get work done. This was a topic in the break room, the hallways, but not to customers and not when legal was around. My view of “Gag orders” is they only work when there is a financial motivation such as the one provided in this class. I kept silent or changed the subject because I wanted to stay employed. I hope that any of you that are placed under these in the future do as I did, stay quiet and only give information when asked by the CSO or legal. It’s the smart way to stay part of the company and keep your job. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Royce Humpert 4/12/2015 8:23:57 PM RE: Gag order Post Attack True enough, unless there are criminal activities happening, then there's no reason be the one who leaks information detrimental to your company Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Royce Humpert 4/12/2015 6:56:04 PM RE: Gag order Post Attack Well said Royce I think remaining silent until unless asked for information or asked to involve by CSO/Legal is the best solution I this scenario.... Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo 4/10/2015 9:33:59 PM Gag-order experience I never had a 'gag-order' related to security data breach but I had one recently that was nearly as catastrophic as a data breach. This happened during the Affordable Care Act Implementation of October 2013. I work for one of the major contractors responsible for the development and implementation although I did not partake in any of it. However when the implementation was somehow botched, my company sent out a company wide email instruction us not to talk to the media if we were stopped and requested to be interviewed. The atmosphere was very tensed in the office. We were even given the talking points and the name of the company's spokesperson in the event that we had to talk about it. I imagine that similar situations must have happened to those employees of Target and other companies that suffered major data breaches. It's all about damage control, minimizing the liabilities and protecting the image of the companies involved. Reply Recommend Edit DeleteShow Less Matthew Price 4/10/2015 9:42:27 PM Gag Order Experience I have not had any experience with a gag-order. I think that CISO needs to fight the gag-order and show what can happen if the breach is not publicly disclosed. Executives understand money and showing them that a fine gets bigger if a breach is covered up should be an incentive to report. Additionally the breach can be found because it will be the common vector and a cover up does not look good to auditors. TJ Maxx was one of the largest breaches at the time it occurred. Nobody outside of cyber security talks about the breach anymore. There stock price has recovered, and the company is still profitable. This is one example of how publicly reporting is not a death sentence for a company. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar reply to Matthew Price 4/12/2015 6:52:33 PM RE: Gag Order Experience I also believe so Matthew. It is up to the CISO and he needs to take that decision and fight for the same. Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala 4/11/2015 12:29:29 PM Gag Order In my experience, I had an experience of how things get weird when Gag order comes in play. I was working with a financial institution where they had a data breach and on the day without clear notice our emails were blocked which we could understand that the action was related the breach. On the very next day production deployments were freeze, this created confusion and on the very same day evening deployments on every environment were at freeze. Nothing much was told other an email stating that it was a management decision for the same. Two to three days after that everything came in control. Gag order in a way is a good deal because making the breach public they might give a chance to lose the evidence or some cases it might get destroyed. At the same time we also have to remember that more that the effected customers the media and the social activists would add on fire to the incidents which will make the issue blown out of proportion. Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar 4/12/2015 4:34:25 AM Gag-Order Gag-orders may be used to keep legitimate trade secrets of a company, to protect the integrity or to protect the privacy of the company’s data and information. I do not have any direct experience involving a gag-order. But, I am aware that a gag order is kind of a suppression order and is a formal directive that disallows individuals from discussing something publicly. A gag-order can obligate employees to obey the intricacies associated with the gag-order as part of the terms of employment. Here’s the latest example of a gag order. Almost three years ago, the U.S. government ordered Google to turn over a vast amount of information it was holding about people connected to WikiLeaks. Google complied but didn’t get permission to notify its users until recently. Recently, these individuals found out and they were enraged at both the scope of the government’s sweep and what they perceived as Google’s beyond tardy notification. They made their displeasure clear in a letter to the company. Google was under a gag-order, it turned out instructed by the government not, under any circumstances, to tell the targets of it’s spying. The benefit of a gag-order is that no pretrial publicity can occur, and there will not be facts before the public that could make them take sides or be influenced about the case Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Lankappa Prasanna Kumar 4/13/2015 7:51:17 AM RE: Gag-Order So sounds like y'all have hit the point of debate: business needs come first? or moral/legal requirement to disclose? It is typically the lawyers who decide when that right time to fullfill the latter comes...despite all the cries from both the public and the IT security staff. Reply Recommend Edit DeleteShow Less Module 3 Group Discussion – course feedback Module 3: Weeks 9-12 - Group Discussion Content Toolbox Introductory Text (appears above all topics) Edit Topics Hidden Post first Edit Delete Reorder gag-order No No vectors of attack No No Final thoughts, as you head toward graduation No No Add Topic Final thoughts, as you head toward graduation First, I want to thank everyone who signed up for this first run class, heading off into the unknown with me. I think everyone enjoyed the class on some level, and was challenged by it. Congratulations on completing your degree requirements, and I certainly hope to find each of you in the industry some day, doing something marvelous. I now must start thinking about v2 of this class, to run this summer. I would like to poll the class here on an enhancement I am considering. I would like the build out the student workshop such that each student has a firewall like you do now, a windows workstation VM that you can generate traffic from, and some pre-recorded network traffic to push through at different parts of the course. Easy enough to simply reply here 'sounds good- do it', but especially for those non-technical students that I will always have, will this make things too technical? Meaning, now, IP schemes will come into play, and now firewall policies would actually have to work to be graded well. Decryption would have to successfully, actually, decrypt. So to my non-technical students, was the level of technical in the course as it is, 'just enough', 'almost too much', 'too much' or 'easily manageable'? Could you handle going one step further in the short time frame of this class? Maybe with some more direct instruction around those technical parts? A parting thought, I was trained early in life that leaders lead from the front, and you cannot be a leader until you first learn how to follow. In IT Security, I liken this to saying, you cannot lead an IT Security team or department, unless you have walked in their shoes for a time- fought on the front lines. As much technical know-how as one can amass, there is always someone smarter- and the best managers surround themselves with those smarter than themselves. So if IT Security is your chosen field, your area of specialty, strive to gain both technical and practical/managerial experience wherever you can, constant learning, such that you can always be effective with what is ultimately a heavy responsibility. Regards to all, Matthew Ancelin Adjunct Professor, CYBS 8395 Respond Topic responses Discussion Collapse All More Sort By: Larry Hodge 4/9/2015 10:10:27 AM Final Thoughts Hi Matt, If you do consider these changes, remember, this is an online class and some students simply are not in that work environment and not familiar enough with the NGFW to perform on such a level - I know working at Toyota, when ever a vendor came in with a new product, there was an extensive training course for the end users- it was a few weeks and the vendor was right there looking over their shoulder and walking them through each step and process- If you do choose to go down this path - there would probably need more Youtube type video instruction and the Lab packet would need to include more extensive and technical tasks. I say 'Go for it' - anything to help the students become more fluent in these NGFW the better! I know that I would have appreciated a little more instruction regarding how to properly configure the NGFW to get my policies to work in real time - I just set them up as best as possible - but without the ability to go out and see if files / sites were actually being blocked would have been helpful. I say maybe include a voucher for a NGFW boot camp with each enrollment in the course ;) But I enjoyed the class very much- I really liked the hands on approach and role playing aspectsafter I got used to it lol Creating the security plan and configuring the NGFW in alignment with them was exceptionally helpful in Module 2 I also liked the scenarios and role play surrounding Module 3 as well! overall I give the experience a 8/10- more video instructions would have been beneficial and the instructor gets a big 10 for being understanding and compassionate toward us -medium level techies! Reply Recommend Edit DeleteShow Less Venkat Sundararaj 4/9/2015 6:00:18 PM Final thoughts Hello Matt, Thank you so much for teaching us this course! Since I am working professional, I allocate certain time of my day for school work. I would assume many others attending this course in future may be from similar background. In addition, we take multiple classes. Since certain activity on this course depend on role play, we have to wait for the response to move forward and complete the assignment. Many instance, I had the time but not the response and vice versa. Other than that, I really enjoyed all other aspect of course like playing with the firewall and configuring various features. Best Regards Venkat Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Venkat Sundararaj 4/12/2015 8:28:23 PM RE: Final thoughts Venkat, that part was intentional- to help folks 'stay ahead' of the time line, as in real life, you don't always get the answers you need to move forward in the perfect time you would like them. The only way to get it all done, is to start early, and stay diligent. Reply Recommend Edit DeleteShow Less Ruth Olugbodi 4/9/2015 9:02:59 PM Final thoughts It was a great experience for me personally, this is the first time I have anything to do with any kind of firewall. The role play was a challenge for me because I really don't know the right questions to ask but as the module progress, I got better with it. More technical guide or direction will be helpful for students like myself who are not familiar with firewall configuration. Above all it was a good learning experience. Thanks Professor for all the help in this class. Reply Recommend Edit DeleteShow Less Jia Zhuang 4/10/2015 12:38:43 AM RE: Final thoughts, as you head toward graduation Distinguished Prof. Ancelin, Many thanks for offering me a great chance to have a real trial of PA NGFW and "think like a CISO" in the role-play. The course design is perfect and aligns quite well with the purpose of coaching and intriguing students to learn more Techie stuffs. I like your course as well as the Pen-testing one, because I got some "real meat" from the CyberSecurity Program. The overall design of the 3 Modules is logical and thoughtful. I think the current one is fine. But if you need to evolve the CYBS Practicum to Ver 2.0, I suggest that some more hands-on instructions (ppt, pdf or video) would be quite helpful for non-techie students. Although the PA OS Manual explains the configuration very well, students may not have a sense to start from where... Besides, the requirements could be divided even and assigned to each week, so students will not be procrastinate to the last week of each Module and attempt to grasp all the gist and finish the works. The UTD and the PA online workshop are both awesome, and more importantly --FREE. I bet all of us appreciate your efforts to let us enjoy such a platform without paying a penny. Again, a big thank-you should be granted to your professional, dedicated and passionate coaching. Your understanding of my personal difficult time in my life is highly appreciated as well. I think others students who have full-time job, family and kids would share the same feelings. All in all, I finished this course without backing off. You helped me to seek the true beauty of the NGFW. Jack Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Jia Zhuang 4/13/2015 8:09:03 AM RE: Final thoughts, as you head toward graduation I agree with the weekly push bit- having the 3 week 'open work' period was an experiment, to see who would stay ahead of the work, and who would procrastinate...but I think I might add some weekly requirements or deadlines, to ensure people are tracking and not cramming last minute Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Jia Zhuang 4/12/2015 2:13:07 AM RE: Final thoughts, as you head toward graduation Hello Jack, I agree that the simulation was indeed a great part of the learning. I feel that a lot of things that we did in the previous classes came together here in a way that we could approach Cybersecurity with a great depth. That fact that the Ultimate Test Drive and the paloalto Threat Prevention Lab Firewall Configuration exercise were free made it a lot easier to handle. I must admit that I really enjoyed it a lot. Reply Recommend Edit DeleteShow Less Bob Chiang 4/10/2015 12:36:18 PM Sounds good, do it! :) Matt, I enjoyed the overall structure of the course. It was a fantastic learning experience. I definitely think having the firewall, VM, and pre-recorded network traffic would be a great addition to the course. This gives the student more time to really work with the NGFW outside of the ultimate test drive. One of the main reasons I chose the virtual degree plan was because I don't have much bulk free time (> 2 hours). Thus I couldn't take full advantage of the ultimate test drive. Having a VM and pre-recorded network traffic would give the student more time to checkout the NGFW configuration by replaying the same network traffic and monitoring the changes. That would have helped me understand whether my configuration was doing what I wanted, instead of what I configured. Again, this was a great learning experience. I would have like more time to really get into the role play. I think I missed out on some of the fun due to other commitments. Thanks again for teaching the course. I think future students will really enjoy it! Reply Recommend Edit DeleteShow Less Royce Humpert 4/10/2015 3:22:32 PM Final Thoughts, to graduation and beyond Matthew, This course has been a fantastic challenge. I am thankful that the level of technical deliver was not too far beyond my reach and it made me go look at new things. My advice for improvement is to keep the level of difficulty but change the situation. There are so many different situations just ripe for this kind of class. To the class, Thank you all for putting up with me and making me better with your comments on the things I presented from slide shows to opinions. I feel as we head towards graduation we have all presented a different view of this situation to the professor and each other. I look forward to my future I invite all of you to connect with me on LinkedIn. Overall this has been a great challenge and one that I am glad to have taken on and seen all of us make it thru. Thanks, Royce E. Humpert Jr. Reply Recommend Edit DeleteShow Less Ravi Kumar Pannala 4/10/2015 5:26:30 PM Final thoughts Hello Professor, Thank you so much for the way you have led the class, I really like the idea of giving walk through document before the production firewall which helped us a lot to get into real stuff. I really have the way we dig into reports and finding the details of the issues and knowing about what they can do withthe data. Even though this is the first time that i have worked on firewall configuration, I thoroughly enjoyed and learned a lot from this. I like the waythe course contents are laid out. As far design for the second class i feel that making a student work on windows workstation VM to generate traffic is abit tough thing especially for non-technical students. The best part I liked about this course is the ROLE play which forces the students into thinking, communicates and designs the security. Thanks Ravi Pannala Reply Recommend Edit DeleteShow Less Matthew Price 4/10/2015 9:59:02 PM v2 of this class. PharamKiln was missing the manager that always blamed the new security tool for the latest IT problem/network problem. Bruce was close, but he was more bitter that he did not get the CISO job. In module 3 scenario 2 and 3 seem like that could have been combined into one scenario. Scenario 2 was the break in, and Scenario 3 was the heist. I was having a hard time keeping the two scenario's straight as I kept thinking it was one. Real data going through the Palo would have made for a better configuration in Module 2. I think that the UTD is not necessary if there is additional documentation on how to configure. Reply Recommend Edit DeleteShow Less Shree Venugopalan reply to Matthew Price 4/12/2015 2:07:02 AM RE: v2 of this class. Hello Matthew, That is an interesting though regarding the experience with the role plays. Yes, I guess we did have to fill in the role of the PharmaKiln CISO, the manager that they did not have or get to blame for everything. All the employees came with their unique traits I guess, with Bruce been give the most depth in character that we could identify with. The role plays, which seemed extremely difficult at first, came closest to actually working in a real life simulation, and was an amazing experience. Yes, I agree that real data would have made it more interesting, but then I wonder how much harder it would have made all this analysis, as that would possibly require more technical knowledge to know what to do with all that data. Reply Recommend Edit DeleteShow Less Joshua Olorunnisomo 4/11/2015 1:00:45 AM Final thoughts Hello Prof I will say overall that I have thoroughly enjoyed the class. I had several challenges that could have made me to drop out but thanks to your understanding and support and also to my wife and children for urging me on. First challenge was in Module 1 when I completely misunderstood the role play part. I did not get on board until week 3 or so when I received an email from you wondering why I had not participated and if I needed help to get started. Second challenge was in module 2 when I had to travel on a job assignment in week 1 and was severely ill in week 2. Through all this, you were very understanding and considerate. For this I say thank you. Now about the course. The design of the course is well in line and just perfect for the program. I think the level of the technical stuff in the course is just enough even for people like me who are just medium 'techy'. I think it just needs to be supplemented with more hands-on instructional video and step by step walkthrough on PA NGFW as we had in the other classes, it will help a long way to bring them up to speed. Even in the role play, non-technical people may not know what questions to ask. An example of such in a video could be very helpful as well. I think the 3 modules 4 week break down is just perfect for people like me who are always on the go due to job assignments. It gave me the much needed time to recover and catch up. Weekly assignments like the other classes would not have worked for me. Your parting thoughts are very applicable to all professions. Thanks for sharing them. To the Class, This being an online class, we really did not have a lot of interaction but as the Prof mentioned in our last online group discussion, we should somehow have a way to network among each other. LinkedIn is good way to do this. I will be looking forward to link up with you all via this medium. Joshua Olorunnisomo Reply Recommend Edit DeleteShow Less Lankappa Prasanna Kumar 4/11/2015 2:02:28 AM Final Thoughts Professor Matthew - thanks so much for providing us this wonderful opportunity to learn from you. This was the course I enjoyed the most. I feel very lucky to have been involved in this Practicum class which was new from the traditional or the older methods of practicum. Your thought of conducting the lab in this pattern/design has turned to be so meaningful. I am sure everyone feels the same way. We had so much to learn from this class. You are the BEST. In the form of role play, we had to open up ourselves and communicate with various teams as we do in the real world. The only difference was in this role play we are doing a time bound activity, thinking as a CISO, developing plan, sharing with teams, clarifying various technical issues, preparing presentations, dealing with vendors for quotes, etc. From the role play to the group discussion, you made us to experience and learn how to face things in a realistic environment, adding value to the Role we played and being ethical in any kind of decision making. Even in the day to day work (though being in IT for a couple of years) I don’t think everyone would have had an opportunity to experience this type of a role (all in one). The whole idea of running the Practicum in this way breaking into 3 modules and providing us a chance to work on the NGFW was an extraordinary approach. Each module was designed so well to provide ample learning, thinking, understanding, executing and delivering the results. I don’t think we can expect more than this from any other course. Especially Module 1 which was the most challenging to start with. I have really no suggestions for improvement or anything as such, because the course as it is now is so well organized and Professor you have been so prompt in all your responses to any of the issues that were brought up or in providing help with the technical aspects, etc. I am sure the future batches that will get to do this practicum course under you will have some additional new things added as you mentioned over the Group Discussion call on Wednesday. Thanks so much and I will remember this class forever……. Reply Recommend Edit DeleteShow Less Instructor Ancelin reply to Lankappa Prasanna Kumar 4/13/2015 8:12:15 AM RE: Final Thoughts Thanks everyone, for the detailed comments. This will definitely help me evolve this course. Reply Recommend Edit DeleteShow Less
© Copyright 2025 Paperzz