Team Formation and Division of Work

As described in the scenario, you will be working in a small team (usually five members). Your instructor has provided an area for your group discussions, collaboration, and file sharing. Take some time to learn about your teammates (introductions, LinkedIn profiles and bios) to understand the experience and expertise of the team members.

Studies on teamwork outline the typical team stages of forming, storming, norming, and performing (see Tuckman, Bruce W. (1965), “Developmental sequence in small groups,” Psychological Bulletin, 63, 384–399.) This guidance on teamwork may be helpful.

In order to do well, you and your team members must start communicating or “forming” immediately and discuss how you will divide the work. Review the project and if you have portions of the work that play well to your strengths, make this known to your team members. Then, develop a project plan and schedule to get the work done.

Finally, agree on a communications plan, which allows your team members to know where the project stands. During this stage, you may have disagreements or differences of opinion about roles and division of work. This is a normal aspect of “storming.”

Once you start agreeing on roles and tasks, you are well on your way to “norming.” You should settle on a collaboration space and share drafts of your work in your classroom team locker so your team members and the instructor can see the work progression. All team members must contribute, but the deliverables need to be cohesive. Therefore, each of you will need to review each other’s work and help each other.

While you may have to use collaborative tools outside the classroom, maintain the key documents in the respective team project locker in the classroom. Your team will use this area to establish ground rules for communication and collaboration. Team members will gain an overview of the entire project, establish roles, agree on the division of work, and complete and sign the Team Project Charter.

If you decide to use Google Docs for your collaborative work, you could also choose a Google drive with appropriate sharing with your team members and your instructor, and provide information on this in your team locker. Part of teamwork is looking at each other’s work and providing constructive feedback and improvements.

If you sense problems during your team communications sessions, discuss risk management and project adjustments your team may need to make. If you sense trouble, contact your instructor and request intervention as soon as you recognize issues.

After the plan is completed, elect one person to attach or link the final document to the team project locker. This step should have been completed early in the term between Weeks 2 and 4.

Setting up the team roles and expectations is an important part of this project and completing the charter is critical to the project’s success. When you have completed this important step, move to the next step.

Software Development Life Cycle

Technology development and implementation usually follow a software development life cycle (SDLC) methodology. This approach ensures accuracy of information for analysis and decision making, as well as appropriate resources for effective technology management.

You and your team members will use components of the SDLC methodology to develop a life cycle management report for the cloud computing architect of a company. This is a group exercise, representing the kind of collaboration often required in the cybersecurity technology community.

There are 11 steps to lead you through this project. Similar steps are typically used in organizational SDLC projects. Most steps should take no more than two hours to complete, and the entire project should take no more than three weeks to complete. Begin with the workplace scenario, and then continue with Step 1: “Initiating the Project.”

Deliverables

• Life Cycle Management Report: A 10- to 15-page double-spaced Word document on data protection techniques for a cloud-based service with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of six references. Include a reference list with the report.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
• 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
• 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
• 2.1: Identify and clearly explain the issue, question, problem under consideration.
• 2.2: Locate and access sufficient information to investigate the issue or problem.
• 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
• 4.1: Lead and participate in a diverse group accomplish projects and assignments.
• 4.2: Plan and execute a project, articulating clear objectives and goals for the team.
• 4.3: Contribute to projects, assignments, or goals as an engaged member of a team.
• 4.4: Demonstrate diversity and inclusiveness in a team setting.
• 7.6: Possess knowledge of the secure principles, methods, and tools used in the software development life cycle.

Step 1: Initiating the Project and Defining Its Scope

As the cloud security architect, you must understand the security development life cycle process. Review the following resources to learn about the security development life cycle process:

• security development life cycle
• software development methodologies

Click the following links to learn more about critical infrastructure sectors:

• Critical Infrastructure Sectors. Read their descriptions and consider which sector you support in your role.
• Process Control Systems: Cybersecurity and Defense

To be completed by a designated team member:

You will begin your Life Cycle Management Report now.

1. Choose a fictional or actual organization. Describe the mission of the organization and the business need to move to a cloud environment.
2. Identify the scope of the security architecture and include a topology. To narrow your scope, focus on issues that application security engineers can control. Avoid discussing resilience and business continuity issues, physical security issues, traditional best practices for software development, or underlying infrastructure security. Examples of topology include Amazon Web Services, Generic Hadoop, Map-r, Cloudera, or Microsoft Azure.
3. In your report, you will combine security development life cycle and software development life cycle methodologies. When you are considering the software development life cycle approach, consider what model you are following. SDLC examples include Waterfall, Spiral, Agile, and Extreme Programming.
4. Address confidentiality, integrity, and availability requirements for data at rest and data in transit.
   1. Think like an attacker exploiting software vulnerabilities and the likelihood of those vulnerabilities being exploited.
   2. Think about data in use in the memory of the processing systems. Where in the system are the data most vulnerable?
5. Describe the concepts and products you chose and explain why these were chosen.
6. Include in your descriptions possible software and hardware components as well as an operating system and the security protections needed for those components.
7. Include a discussion of interoperability among the solutions you choose.

Provide your rationale for your strategy.

Click the link to review the resources on threat modeling. Explain threat modeling and describe how it is used in determining risk.

After defining the project and scope, move to the next step. As part of functional analysis and design, the team will now use the SQUARE method for gathering information requirements.

Step 2: Begin Functional Analysis and Design—Use SQUARE for Requirements Information Gathering

In the previous step, the team initiated the project. In this step, team members will focus on the functional design of the project.

To be completed by a designated team member:

Click the following link to learn more about software quality requirements engineering (SQUARE). Then, identify the SQUARE process and provide an overview of how to collect requirements for the security technology and/or techniques that are being proposed.

This information will be added to the group report.

In the next step, the team will learn how to secure data in the cloud.

Step 3: Learning Different Ways to Secure Data in the Cloud

The team has successfully examined the phases of a software development life cycle, defined the scope, and analyzed requirements for the project. Now, you must begin your research into the Hadoop cloud environment to better understand what it takes to secure data in the cloud. To learn more about databases, review the following: Database Models

In the next step, the team will provide the basis for evaluating technologies with analysis and planning.

Step 4: Provide Analysis and Planning for Evaluating Technologies

Once the team members have understood various ways to secure data in the cloud, the team will analyze and develop a plan to use technologies and/or techniques to meet the functional requirements developed earlier for protecting client data protection in transit.

To prepare, click the following links and learn more about virtualization and cloud computing:

• Server Virtualization
• Benefits and Features of Cloud Computing
• Mobile Cloud Computing

To be completed by a designated team member:

Compare different technologies and techniques, including encryption, access control, and other techniques. Consider their efficiency, effectiveness, and other factors that may affect the security of the data in the cloud. Include your reasoning and conclusions in your evaluation. Conclude which is generally a better, stronger technique and why.

You will include this summary in your report.

In the next step, the team will work on system design specifications.

Step 5: Create System Design Specifications

In the last step, the team completed an analysis of technologies and techniques. In this step, the team will provide system design specifications for a data-in-transit protection model.

To be completed by a designated team member:

Conduct independent research on system design specifications and propose a set of design specifications that meet the design requirements.

You will include these system design specifications in your report.

For the next step, the team will explain the software development plan.

Step 6: Explain the Software Development Plan

Now that the team has identified system specifications, provide an explanation of the software development need and the plan for software development, if any.

To be completed by a designated team member:

Identify different design and development considerations for the system.

Include this explanation in the final report.

In the next step, the team will outline plans for testing and integration.

Step 7: Provide a Plan for Testing and Integration

In the previous step, the team explained the software development plan. In this step, the team will develop a plan for testing and integration.

To be completed by a designated team member:

Include test plans for the various devices that will be used to access the system. The following should be included in the plan:

1. Include testing for software functions as well as compatibility with other software that may exist on those devices.
2. Include cloud data transactions as well as data transactions outside the cloud.
3. Provide research and justification for applying data confidentiality and data integrity protections.
4. Consider examples of technologies and/or techniques that can be used to protect the data in transit.
5. Provide the expected results from implementing these technologies and/or techniques.

Include the plan in the final report.

In the next step, the team will discuss how to adapt and deploy the technology appropriate for software as a service (SaaS) in the cloud.

Step 8: Adapt and Deploy Software as a Service

Once the team has successfully developed a testing and integration plan, it is time to adapt and deploy software as a service (SaaS) in the cloud model.

To be completed by a designated team member:

Provide a description of the SaaS adaptation and deployment strategy in the final report. Include a deployment strategy for the SaaS cloud infrastructure.

Include the following in the deployment strategy:

1. Cloud topology where these techniques are employed.
2. Various techniques used by various components.

Include this description in the final report.

In the next step, the team will account for operations and maintenance.

Step 9: Provide a Plan for Operations and Maintenance

In the previous step, the team adapted SaaS. In this step, the team will plan for operations and maintenance.

To be completed by a designated team member:

Prepare a plan for operations and maintenance of the system. The plan should also include:

• An auditing plan to assess the strength of the security controls for the data in transit.
• A process for continuous monitoring of the data in transit.

Include this plan in the final report.

In the next step, the team will create a disposal plan.

Step 10: Create a Disposal Plan

In the previous step, the team developed a plan for operations and maintenance. In this step, the team will create a disposal plan.

To be completed by a designated team member:

Prepare a disposal plan for the system including tools and techniques used for disposal.

Include this disposal plan in the final report.

Step 11: Final Report Review and Submission

To be completed in collaboration with all team members:

By now, the team should have completed all sections of the final report. The team leader may assign one team member to review all sections and compile them into a single report. When this is done, the team leader will submit the final report to the cloud computing architect of the company.

Deliverables

• Life Cycle Management Report: A 10- to 15-page double-spaced Word document on data protection techniques for a cloud-based service with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of six references. Include a reference list with the report.