Network Security Project 2 – Tools for 20 Critical Controls Successful deployment of the 20 Critical Controls will require a sophisticated suite of automated tools to support timely operations. This project is designed for you to survey the available tools and evaluate the tools ability to perform. Survey of Tools For each control Identify the features and requirement for automated tool Find a commercial product that supports this requirement Describe the operation of the tool Demonstrate the operation of the tool if possible Download and experiment with the tool if possible B Integration of tools 1.Identify where in your network architecture these tool would be configured Identify an operational schedule for use of this tool and management of results, alarms, etc What set of tools can be bundled together? Identify such tool sets Report your work Summary of your work Gaps in tools needed to support the 20 Critical Control Overall analysis and conclusions Grading (Team Project) Demonstrates Understanding of the 20 Critical Controls 50% Sound Approach to the Project 20% Sound Results 20% Quality of the analysis and presentation 10%

Network security is a crucial aspect of any organization’s operations, particularly in today’s digital age. The 20 Critical Controls provide a framework to ensure the security of network infrastructure. However, successfully deploying and monitoring these controls require the use of sophisticated, automated tools. This project aims to survey the available tools and evaluate their ability to support the 20 Critical Controls effectively.

The first step of this project is to survey the features and requirements for automated tools that align with each of the 20 Critical Controls. Each control will be examined individually to determine the specific functionalities and capabilities needed from a tool. For example, Control 1 focuses on inventory of authorized and unauthorized devices. An automated tool that supports this requirement would need features such as device discovery, vulnerability scanning, and asset management.

Once the requirements for each control are identified, the next step is to find a commercial product that supports these requirements. This product should have a proven track record and be widely recognized in the industry. The operation of the chosen tool should be described in detail, explaining how it supports the corresponding control and what functionalities it offers.

Ideally, the operation of the tool should be demonstrated, either through a live demonstration or a video recording. This will provide a visual understanding of how the tool works and its effectiveness in fulfilling the identified requirements. If possible, the tool should also be downloaded and experimented with to gain firsthand experience of its capabilities and limitations.

Integration of the tools is a crucial aspect of this project. It is important to identify where in the network architecture each tool would be configured. This will ensure that the tools are strategically placed to monitor and enforce the 20 Critical Controls effectively. Additionally, an operational schedule should be created to outline when and how these tools will be used, along with the management of results, alarms, and other outputs generated by the tools.

Bundling together a set of tools that complement each other is another important consideration. Some tools may have overlapping functionalities, while others may have unique features that enhance the overall network security posture. Identifying these tool sets and explaining the rationale behind them will provide a comprehensive approach to deploying the 20 Critical Controls.

In the summary of the project, a report should be presented that includes a detailed description of the work conducted, including the survey of tools, operation demonstrations, and experimentation results. Gaps in the available tools needed to support the 20 Critical Controls should be identified, highlighting areas where further research or tool development may be required.

Overall analysis and conclusions should be drawn based on the findings of the project. This includes a critical evaluation of the tools surveyed, their appropriateness for supporting the 20 Critical Controls, and any limitations or challenges encountered during the project.

The grading for this team project will be based on several factors. Demonstrating a sound understanding of the 20 Critical Controls will carry the most weight, accounting for 50% of the grade. A sound approach to the project, including the methodology and organization of the work, will account for 20%. The results obtained from the survey, demonstration, and experimentation will contribute 20% to the grade. Lastly, the quality of the analysis and presentation will account for 10% of the overall grade.