First Advisor

Bowles, Robert

Second Advisor

Lupo, James A.

Third Advisor

Likarish, Daniel M.


College for Professional Studies

Degree Name

MS Information Assurance


School of Computer & Information Science

Document Type

Thesis - Open Access

Number of Pages

218 pages


Business is increasingly dependent on information systems to allow decision makers to gather process and disseminate information. As the information landscape becomes more interconnected, the threats to computing resources also increase. While the Internet has allowed information to flow, it has also exposed businesses to vulnerabilities. Whereas large businesses have information technology (IT) departments to support their security, small businesses are at risk because they lack personnel dedicated to addressing, controlling and evaluating their information security efforts. Further complicating this situation, most small businesses IT capabilities have evolved in an ad hoc fashion where few employees understand the scope of the network and fewer if any sat down and envisioned a secure architecture as capabilities were added. This paper examines the problem from the perspective that IT professionals struggle to bring adequate Information Assurance (IA) to smaller organizations where the tools are well known, but the organizational intent of the information security stance lacks a cohesive structure for system development and enforcement. This paper focuses on a process that will allow IT professionals to rapidly improve their organizations' security stance with few changes using tools already in place or available at little or no cost. Starting with an initial risk assessment research provides the groundwork for the introduction of a secure system development life cycle (SSLDC) where continual evaluation improves the security stance and operation of a networked computer system.

Date of Award

Spring 2011

Location (Creation)

Denver, Colorado

Rights Statement

All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations.