Abstract
The goal of this thesis is to structure and present the complete process involved in implementing a security assessment. Our objective is to capture the essence of a successful security assessment. We will not only document best practices, but will outline such an assessment for a project underway in the School of Education and funded by the State of Indiana. That project promotes improved evaluation of special needs students.
The result of this work has been a concrete example of a security assessment methodology as well as a documented process that can be utilized as a template in future assessments.the assessment techniques we recommend in this thesis include project examination, threat analysis, modeling of data flows, and development of a security architecture.
Other topics we will address throughout the document include fundamental security precautions, such as ensuring confidentiality, integrity, and availability.
We will offer insight on dissemination of results to project sponsors and users to encourage the effectiveness of the deliverales produced during a security assessment.