ANALYSIS: 1. Project topic AND description: In preparation for a network security inspection there were multiple deficiencies noted making the system non-compliant with Department Of Defense standards. These deficiencies included the lack of an approved SSP for any servers. This project will cover all of the changes and documentation that are needed to bring the system back into compliance.
2. Project purpose and goals: The purpose of the project is to achieve system security compliance with both Windows server 2012R2, MSSQL 2014 and IIS while maintaining functionality of both public and private facing websites and databases. Any deviation from security checks must be documented and approved.
DESIGN and DEVELOPMENT: 1. Explain why the problem and technological solution you have proposed are worthy of study: If the system is not brought into compliance standards it will be shutdown which will have a direct and significant impact on training in the Army. The sites hosted cover unclassified intelligence community training, IT training and Communications training. There are instructional videos being hosted that are used worldwide and by deployed forces that aid in set up configuration and maintenance of equipment needed to support warfighters.
2. Projected outcomes and deliverables: Projected outcomes are to have a system that is secure to the maximum extent possible with proper documentation to allow for continued operations. The SSP will be submitted for approval. All server, website and database names will be removed from the documentation. In addition the checklists used will be the publicly available DISA checklists to ensure there is no “Official Use Only” material included.
3. Estimated number of hours for the following: i. Planning and design: The initial assessment to gauge current level of compliance takes 16 hours per database server and another 16 hours for each Webserver. With 4 webservers and 1 database server it will take 80 hours to plan out what steps are needed to achieve compliance. Some of these tasks can be run concurrently between two administrators with assessment being completed on 2 servers at a time. Therefore 80 man-hours would be 40 work hours. ii. Development: Because there are no additional contractors or supplies needed this phase should be relatively quick. Collecting the requirements together will take an additional 24 hours. The biggest portion is assigning specific tasks between the two administrators which should be accomplished within another 8 hours. iii. Documentation: Making necessary changes and documenting those changes will take another 80 man-hours. Creating the SSP and having it ready for submission should take an estimated 40 hours. iv. Total: 232 man-hours.
4. Projected completion date: 10 January 2019 IMPLEMENTATION and EVALUATION: 1. Describe how you will approach the implementation of your project: Project will be completed by completing publicly available checklists to verify settings in IIS, MSSQL and Windows Server 2012R2 conform to set standards. Once those checks are made then those products will be set to conform to the standards to the maximum extent possible with an exceptions being documented in the SSP. The final evaluation of successful implementation will be an outside organization inspecting the system for compliance IAW DOD standards.
The following are the requirements for the
A. Write an abstract (suggested length of 200–250 words) of the project you have selected. Include each of the following:• an IT business problem under investigation• a proposed solution• the project management concerns of concurrently managing multiple projects and how you plan to allocate resources• the project stakeholders and an explanation of the needs of each stakeholder group• the key points of your implementation proposal• the metrics you will use to measure the proposed and actual outcomes of this project
B. Write a needs analysis for the project design and development phase. Include each of the following:• the problem and its causes• the impact of the problem on each identified stakeholder group• how the solution aligns with industry standards, laws, and regulations
C. Write a cost analysis for project design and development. Include each of the following:• the itemized costs for hardware, software, licensing, time, labor, and total costs• a justification of these costs using research to support your claims
D. Perform a risk assessment to include each of the following:• the quantitative and qualitative risks associated with your solution• a cost/benefit analysis for each risk• a completed “MSITM Capstone Risk Register” template attachment• an explanation how you would mitigate each of these risks
E. Justify your approach to the problem you are solving.
F. Write a project management plan to manage multiple projects concurrently. Include each of the following:• the resources needed to design and execute the project• a justification of each resource used in the project• your plans for allocating resources• the existing gaps that a successful project plans to fill and how this will impact other active projects
G. Write a project plan to design, develop, test, and implement the solution that you chose. Include each of the following:• scope• assumptions• project phases• timelines• dependencies• risk factors• important milestones• details of the project launch• an explanation of your strategy for implementation• documentation deliverables• hardware and software deliverables• how the final output will be assessed within an evaluation framework of industry standards, regulations, or other accepted criteria
H. Acknowledge sources, using APA-formatted in-text citations and references, for content that is quoted, paraphrased, or summarized.
I. Demonstrate professional communication in the content and presentation of your submission.