CYB 220 Module Five Technology Evaluation Criteria Worksheet Michael Lara

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

220

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

7

Uploaded by JudgeMoonKingfisher28

Report
CYB 220 Technology Evaluation Criteria Worksheet For each section of this worksheet, fill in the empty cells with the required information. Technology Evaluation Criteria Table Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Effectiveness Ability to identify network-connected systems 1.a. 2.a.i. What are the organizational attributes? 150 - 200 employees Four network segments exist with controlled access among them, plus remote IT segment accessibility. What is the level of concern about who’s on (or off) the network? High priority on identifying individuals with malicious intentions is essential. Ability to discern operating systems of network-connected systems 1.b. 2.a.ii. What are the organizational constraints? Business progression necessitates uniform operating system usage across all hosts. What is the level of concern about detailed information relating to specific assets on (or off) the network? Implement detailed tracking of asset access through IP and MAC addresses to detect potential insider threats.
Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Ability to discern specific software applications based on their unique data flows 1.a. 1.b. 2.a.iii. 2.a.v. What are the organizational attributes? With four distinct segments/departments, pinpointing unique data becomes straightforward. What are the organizational constraints? Uniform software usage across all segments What is the level of concern about the ability to defeat secure communications? Protecting communications is critical; any breach could significantly compromise the system. What is the level of concern about potential for harm? The integrity of data flow is paramount; unauthorized access or interception poses a high risk of compromise or disruption. Ability to handle encrypted data flows 1.b. 2.a.iii. 2.a.v. What are the organizational constraints? Finical aspects of keeping systems upgraded What is the level of concern about the ability to defeat secure communications? Very High concern, encryption is key What is the level of concern about potential for harm? High, encryption is key Reliability under stress 1.b. 2.a.iv. What are the organizational constraints? Amount of employees What is the level of concern about resilience? High, due to low volume of IT support personnel with some having little experience
Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Potential to cause individual network- connected system outage 1.b. 2.a.iv. 2.a.v. What are the organizational constraints? Low, enough employees to cover tasking with support form IT What is the level of concern about resilience? High, limited IT department dependent on host uptime around the clock and minimize downtime What is the level of concern about potential for harm? Low, if one host goes down there is to be little to negative impact Potential to cause individual network- connected system disruption/slowdown 1.a. 2.a.i. 2.a.v. What are the organizational attributes? There are enough hosts to cover all employees also expansion What is the level of concern about who’s on (or off) the network? Low, there are enough hosts that if one is interrupted is coverage What is the level of concern about potential for harm? Concern is low, since one host going down causes minimal issuses Potential cause of network outage 1.a. 2.a.i. 2.a.iii. 2.a.iv. What are the organizational attributes? There are four segmented networks with 150-200 hosts What is the level of concern about who’s on (or off) the network? Medium, ensuring traffic can be handled is paramount What is the level of concern about the ability to defeat secure communications? High, unauthorized access can lead to a network outage/downtime What is the level of concern about resilience? High, with limited staff in the IT department their workload can easily sky rocket
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Potential cause of network disruption/slowdown 1.a. 2.a.i. 2.a.iii. 2.a.iv. What are the organizational attributes? There are four segments one for each department with 150-200 hosts What is the level of concern about who’s on (or off) the network? Medium, the network would need to be able to handle traffic What is the level of concern about the ability to defeat secure communications? High, unauthorized access leads to downtime What is the level of concern about resilience? High, with limited staff in the IT department their workload can easily sky rocket Potential cause of excessive alerts 1.b. 2.a.i. 2.a.iii. What are the organizational constraints? There are 4 departments with each their own segment along with 150-200 employees What is the level of concern about who’s on (or off) the network? Medium, traffic can hamper operations What is the level of concern about the ability to defeat secure communications? Low, secure communication won’t be affected
Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Cost Software 1.a. 1.b. 2.b.i. 2.b.ii. What are the organizational attributes? 150-200 hosts all together with 4 segments one for each department What are the organizational constraints? The network would need to accommodate for all hosts and maintain one host for every employee Can we afford the investment? Yes Do we have the right people to implement? Yes, there is ample employees Personnel (training) 1.a. 1.b. 2.b.i. 2.b.ii. What are the organizational attributes? 5 in all What are the organizational constraints? Minimal or none since the experienced members can train others Can we afford the investment? Yes, it will be required and provided to all employees Do we have the right people to implement? Yes, with thorough training of personnel
Evaluation Factor Evaluation Criteria Manager’s Questions— Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Deployment (time to implement) 1.a. 1.b. 2.b.ii. 2.b.iii. 2.b.iv. What are the organizational attributes? Four segmented networks with a total of 150-200 hosts What are the organizational constraints? Changes must be done in the shortest amount of time with system maintenance set for every Sunday. Do we have the right people to implement? More IT personnel are needed Will it take too much time? With the reallocations yes it will take time Is the tech/activity too complex? A complete network reconfiguration is too complex Deployment (complexity) 1.b. 2.b.ii. 2.b.iv. What are the organizational constraints? To reduce downtime upgrades would need to be performed every Sunday evening Do we have the right people to implement? Additional IT staff are required in order to be implemented effectively Is the tech/activity too complex? Fully reconfiguring is too complex to complete quickly
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Evaluation Criteria Priority List 1 . Network Monitoring for Outages Monitoring the network to prevent outages is essential, especially with 150-200 hosts active daily. Continuous surveillance helps in early detection and mitigation of issues before they escalate into significant 2. Managing IDS/IPS False Positives Addressing potential false positives from IDS/IPS systems ranks lower because, despite the challenge they present, the primary function of these systems, to detect and prevent security threats, remains vital. 3. Implementing Upgrades on Sundays System upgrades and changes occur on Sundays to minimize operational disruptions. This timing is critical because it allows for maintenance when network usage is presumably at its lowest, reducing the impact of potential downtime on daily operations. Justification Scheduling upgrades and changes for Sundays is crucial to reduce operational disruptions during peak activity periods, ensuring a smoother transition and less downtime. Network monitoring becomes indispensable with 150-200 active hosts daily, as it's key to detecting and addressing potential outages or disruptions early, maintaining operational stability. While managing false positives from IDS/IPS is necessary to maintain security effectiveness, it is a lesser priority compared to ensuring network reliability and the strategic timing of system updates. Fundamental Security Design Principles 1. Continuous system enhancement and adaptation are essential for maintaining security, highlighting that a system's current security posture is never sufficient. Emphasizing stricter access controls, implementing the principle of least privilege by assigning minimal roles and permissions to users can significantly enhance defense mechanisms 2. Diversifying security measures across the network can restrict an attacker's access, preventing them from compromising the entire infrastructure, embodying the concept of defense in depth. Explanation of Correlation The principles of continuous system enhancement and least privilege, along with diversified security measures, directly correlate to maintaining a robust security posture. Continuous improvement ensures systems adapt to new threats, while least privilege minimizes potential breach impacts by limiting user access. Diversifying security measures, embodying defense in depth, reduces the risk of a complete system compromise, demonstrating how layered security strategies are crucial for comprehensive network protection. These principles work together to create a resilient and adaptable security framework, essential for countering evolving cybersecurity threats.

Related Documents

CYB_200_Project_Three_Milestone_Owen_Capak.docx
Module 5 FOR 565 writing .docx
Module 6 writing assignment for 550.docx
IRB FAQ_Pilot Study vs Field Test_V8.9.23(1).docx
CYB 240 Vulnerability Summary Report Michael Lara.docx
CYB 230 Module Four Lab Worksheet Michael_Lara.docx
IT 202 Project Two Knowledge Base Document Template (1).docx
final project 2.docx
Ankit Patel- Case Study#1.docx
Note Aug 31, 2025.pdf
Networking Assignment.docx
annotated-Hw7assignment.docx.pdf