Due: Wednesday, February 19, 2014 at classtime
Please submit a hard copy of this assignment in class. If you can't be in class that day, send an electronic copy to the TA.
Note you can work with one other student on this project. Be sure to identify both members of the team and include a short paragraph explaining the contributions of each. There is no specific page limit; take as much space as you need to convey the information. You will be graded on the quality of your thought, not on your grammar or spelling. Nevertheless, you are expected to take care with those aspects.
The Assignment: Imagine that your proposal from Assignment 1 was accepted and you have been hired by MegaWazoo Corp. (though the nature of the organization doesn't really matter much) as an information assurance consultant. The company buys a variety of COTS software applications from numerous sources. Some vendors are questionable and some may even be controlled or influenced by parties hostile to your mission. One of your tasks is to put in place a "networthiness" program for applications. That is, before any particular application is deployed on the agency network, it is your task to certify that it is adequately secure. Is it even possible to know if it is absolutely secure?
It is infeasible to imagine thoroughly examining the code of all such applications; for many you may not even have the source code. So you need some automated tools to help with the task. There are a large number of tools available. Visit SecTools.org for one list of the top 125 security tools. This is an excellent source for information about available tools.
Your specific task for this assignment is to suggest a toolkit of 5 tools that your company should acquire from among the many possible tools in this marketplace. You should write a report to the agency's IT manager to justify your selection. You should assume that your reader will be technically literate but not an expert in security or in these tools. Your report should have the following sections: