Srinivasan, Sriram, Jr.

At the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a network, subsequently building an effective system following the "Defense in Depth" strategy. This is done by first choosing an efficient Risk Analysis model which suits the process of creating Firewall policies, and then applying it to a particular case study. A network within Florida Atlantic University is used as an experimental test case, and by analyzing the traffic to which it is subject while behind a single Firewall layer, a specific Security Policy is arrived at and implemented.