Introduction You work for a small firm that specializes in infrastructure security assurance. You have just received notice of an opportunity to compete for a small security assessment and remediation contract to be let by the South by Southwest Consolidated School District (SSCSD). The school district operates the Palo Duro Adult Education Center (PDAEC). This center provides short courses on a range of practical topics of interest to the local community. The school district has requested a proposal from your firm and others to perform a security assessment of the information systems network operated and maintained by the PDAEC by assessing the current security environment, proposing security improvements, implementing approved security remediation, and then passing an inspection of the remediation. This document constitutes the formal "Request for Proposal." Client Background Your prospective client, the PDAEC is located in the Texas Hill Country. The PDAEC operates and maintains an information systems network that includes an internet accessible web site, central file serving and email in a domain based network. Since the PDAEC must also manage registration and fiscal operations, the network is equipped with a centralized application that provides for management of accounts receivable, finance and payroll, and student registration and scheduling. The infrastructure hardware consists of 20 workstations for faculty and administrative staff, 20 workstations in a computer classroom, cabling, a switch and a router/firewall combo that provides always-on internet connectivity for multiple internet hosts. The border routers also double as wireless access points. The goal of the PDAEC is to provide opportunities for life-long education and to improve the quality of life in the local community. Statement of Work 1.0 Project Management The contractor shall initiate, plan, execute, monitor, control and close a formal project to perform a security assessment and remediation of the PDAEC information system network. The contractor shall perform on-going project management activities to include the conduct of regular team meetings and status briefings. The contractor shall provide monthly project performance reports that address cost, schedule and technical performance. 2.0 Baseline the Current Operating Environment The contractor shall baseline the current operating environment to determine the current access patterns, system performance, hardware configurations, services, installed applications and user behaviors. The contractor shall analyze the results of the baseline analysis to identify the operational and maintenance security needs of the system. The contractor shall document and deliver the baseline information and resultant analysis in a formal baseline assessment report to be used to troubleshoot the system and establish a disaster recovery path to ensure system availability.3.0 Audit and Assess the Network. The contractor shall plan and execute security audits of the operational environment against the previously established baseline. The contractor shall rely upon both manual tasks and automated tools to execute the audits. The contractor shall assess the results of the audit in terms of technical configuration and business needs. 4.0 Design Security Improvements (Remediation) The contractor shall perform a risk analysis to weigh trade-offs between security and business needs. The contractor shall compile a complete list of the potential vulnerabilities identified through the audits and assessments. Based upon the risk analysis, the contractor shall develop a remediation proposal that recommends which vulnerabilities should be remediated. The remediation proposal should prioritize the top ten recommendations. The contractor will submit the remediation proposal for evolution by PDAEC. 5.0 Secure the Environment Through Implementing the Remediation Proposed Plan Following approval of the remediation proposal by PDAEC, the contractor shall implement the approved remediation proposed. The remediation effort shall include technical changes to the environment as well as policies or procedures that govern the management and use of all IT resources. 6.0 Inspection and Evaluation of the Remediated System The contractor shall host a comprehensive security inspection by PDAEC (or their representative) to evaluate the results of the remediation effort to ensure the configuration and policy changes implemented actually remediate the assessed threats and vulnerabilities while the functional business needs were not adversely impacted by the changes implemented. Any deficiencies identified will be addressed by the contractor. The contractor shall adapt and integrate implemented changes to establish standards to be used throughout SSCSD. The contractor shall prepare and deliver a system evaluation report to document the results obtained through the remediation effort. The project must be scheduled to start January 1, 2023. And the Network Assessment and Remediation must be finished by June 30, 2023.Exercise 4 (Module 4) - Work Breakdown Structure Your task is to develop a Work Breakdown Structure for this project. The Work Breakdown Structure shall decompose the effort to level 3. Since Level 1 is "PDAEC Network Security Assessment and Remediation Project", use the six description sections in this RFP on pages 2 and 3 for Level 2 of the WBS. Then decompose down to Level 3 to produce work packages appropriate for your project (at least 1, but not more than 2 work packages for each Level 2 section (label each Level 3 work package by name and number). Finally, for each Level 3 work package, identify the major activity(s) and deliverable(s) for that work package (you must have at least one activity and the resulting deliverable in a work package, but you can have more than one activity or deliverable for a work package). In actuality, one would likely decompose a WBS for a network security project lower than three levels on some branches, but for an academic exercise, three levels is sufficient (even though the work in some of the Level 3 work packages might seem excessively large and in need of further decomposition). You can use either a traditional tree or an indentured structure format (as shown in Slide 12 of Episode 4-4 and Appendix A of the RFP) for your WBS. You can use a facsimile of the WBS as shown in Appendix A, or a drawing tool (like Visio or Word's capability) or just sketch it by hand (and then scan it and insert into MS Word), but however you produce the sketch/image, it must be embedded in a MS Word document or pdf document for submission in Deliverable 1. Limit your diagram and any description to one page. And the WBS must be readable (no text smaller than font size 10, and any drawing/chart must be of high contrast [use black ink or dark lead if manually sketching] for readability).Traditional "Tree" Work Breakdown Structure Level 1 PDAEC Network Security Assessment & Remediation Project Level 2 1.0 Project 2.0 Baseline 3.0 Audit & 4.0 Design 5.0 Secure 6.0 Final Management Current Assess Network Security Environment Inspection of Environment Remediation Remediation Level 3 3.1 Plan and 4.1 Perform a 5.1 1.1 Planning 2.1 Analyze execute risk analysis and Implement 6.1 Comprehensive the Project the results security identify the security inspection of the audits potential remediation by PDAEC to evaluate baseline against the vulnerabilities once results 1.2 Monitor established approved by the status of 2.2 Document baseline the PDAEC 6.2 the project and report the 4.2 Develop a Implement baseline 3.2 Assess remediation changes information the results proposal with throughout of the audit suggested fixes SSCSD and and submit to prepare an PDAEC evaluation report