CYB 200 Module Three Case Study V. Thibodeaux
docx
keyboard_arrow_up
School
CUNY John Jay College of Criminal Justice *
*We aren’t endorsed by this school
Course
BDHDB
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
10
Uploaded by VET0003
CYB 200 Module Three Case Study Template
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting X
Confident
iality
As part of the confidentiality objective, minimizing the trust
surface helps restrict access and prevent unauthorized transfers.
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
information security professionals.
Monitor all traffic leaving the organization to detect any unauthorized use.
X
Integrity
Monitor and prevent unauthorized access
to data by minimizing trust surfaces.
Use an automated tool, such as host-
based data loss prevention, to enforce X
Confident
iality
The objective of confidentiality can be achieved by reducing the trust
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
access controls to data
even when data is copied off a system.
surface, which restricts unauthorized access.
Physically or logically
segregated systems should be used to isolate higher-risk software that is required for business operations.
X
Confident
iality
Software isolation contributes to confidentiality by protecting higher-
risk software.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
Make sure that only the resources necessary to perform daily business tasks are assigned to the end
users performing such tasks.
X
Availabili
ty
Access to only necessary resources
is maximized by minimizing the trust
surface.
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
Install application firewalls on critical servers to validate all traffic going in and out of the server.
X
Integrity
Validating traffic and minimizing trust surfaces contribute to data integrity.
Require all remote login access and remote workers to authenticate to the network using multifactor X
Confident
iality, Integrity
Authentication with
multiple factors enhances both confidentiality and integrity objectives.
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
authentication.
Restrict cloud storage access to only the users authorized to have access, and include authentication verification through the use of multi-factor
authentication.
X
Confident
iality, Integrity A proper access control and authentication strategy reduces the
trust surface and aligns with confidentiality and integrity principles.
Make sure all data-in-
motion is encrypted.
X
Confident
iality
The confidentiality objective is aligned with minimizing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
trust surface by encrypting data-in-
motion.
Set alerts for the security team when users log into the network after normal business hours, or when users access areas of the network that are unauthorized X
Integrity
Monitoring and maintaining the integrity of the network is made easier by minimizing the trust
surface.
Control
Recommendations
Isolatio
n
Encapsulatio
n
Complet
e
Mediatio
n
Minimize
Trust
Surface
(Reluctance
to Trust)
Trust
Relationship
s
Security
Objectiv
e
Alignme
nt (CIA)
Explain Your
Choices
(1–2 sentences)
to them.
After you have completed the table above, respond to the following short questions:
1.
Is it possible to use DataStore and maintain an isolated environment
? Explain your reasoning.
It is possible to use DataStore and maintain an isolated environment by implementing proper isolation mechanisms. DataStore can be configured to restrict access to authorized users and systems, ensuring data isolation and security. Moreover, DataStore can also be used to encrypt data at rest, protecting it from unauthorized access. Finally, DataStore can also be used to back up data, ensuring that it is available when needed.
2.
How could the organization have more effectively applied the principle of minimizing trust surface
with DataStore to protect its confidential
data? Explain your reasoning.
Authentication and access controls could have been implemented within DataStore to ensure that only authorized users had access. The organization could enhance the protection of its confidential data stored in DataStore by enforcing strict permissions and minimizing unnecessary trust relationships. Furthermore, the organization could implement regular security audits and reviews to ensure security measures are up-to-date and effective. Regular training of all employees on security protocols should also be conducted to ensure everyone knows the policies. Finally, the organization should have a plan in place to deal with potential security incidents.
3.
How can the organization build a more security-aware culture
from the top down to prevent mistakes before they happen? Explain your reasoning.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
The organization can create a more security-aware culture by fostering a top-down approach where leaders emphasize the importance of security. Providing regular security training, promoting awareness campaigns, and incorporating security considerations into organizational policies can all contribute to this process. Leadership's support and prioritization of security increases employee adoption of security best practices, reducing the risk of security mistakes. Organizations should also evaluate their security posture regularly to ensure that all security measures are current. Regular security audits should be conducted to identify potential vulnerabilities and areas for improvement. Finally, organizations should develop a crisis response plan to ensure that staff have the necessary resources to respond to a security breach.