CYB 200 Module Three Case Study Template
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by HighnessPowerRhinoceros30
CYB 200 Module Three Case Study Template
After reviewing the scenario in the Module Three Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps:
1.
Specify which Fundamental Security Design Principle applies to the control recommendations by marking the appropriate cells with an X
.
2.
Indicate which security objective (confidentiality, availability, or integrity) applies best to the control recommendations.
3.
Explain your choices in one to two sentences with relevant justifications.
Control
Recommendations
Isolation
Encapsulation
Complete
Mediation
Minimize
Trust Surface
(Reluctance to
Trust)
Trust
Relationships
Security
Objective
Alignment
(CIA)
Explain Your Choices
(1–2 sentences)
Deploy an automated tool on network perimeters that monitors for unauthorized transfer of
sensitive information and blocks such transfers while alerting information security professionals.
X
Confidenti
ality
Using an automated tool to ensure correct
authorization have access. Those who do
not have access will be denied permissions.
Monitor all traffic leaving the organization to detect any unauthorized use.
X
Confidenti
ality
A thorough overview of the contents of the
data should be analyzed before leaving the computer.
Use an automated tool, such as host-based data loss prevention, to enforce access controls to data even when data X
X
Integrity. Confidenti
ality
Safeguards the system while authorized personnel
copy data.
Control
Recommendations
Isolation
Encapsulation
Complete
Mediation
Minimize
Trust Surface
(Reluctance to
Trust)
Trust
Relationships
Security
Objective
Alignment
(CIA)
Explain Your Choices
(1–2 sentences)
is copied off a system.
Physically or logically segregated systems should be used to isolate higher-risk software that is required for business operations.
X
Availability
It is software that should be separated from the rest of the organizations network. Classified as
vital.
Make sure that only the resources necessary to perform daily business tasks are assigned to the end users performing such tasks.
X
X
Confidenti
ality/
Integrity
It will minimize insider threats by ensuring personnel have restrictive access to other departments.
Install application firewalls on critical servers to validate all traffic going in and out of the server.
X
X
Confidenti
ality/
Integrity
A dependable firewall services is a crucial element to a cybersecurity’s profession against threats.
Require all remote login
access and remote workers to authenticate
to the network using multifactor authentication.
X
Confidenti
ality
Enforcing authentication for remote users is a way
of layered security to prevent unauthorized
access.
Restrict cloud storage X
Confidenti
Implementing
Control
Recommendations
Isolation
Encapsulation
Complete
Mediation
Minimize
Trust Surface
(Reluctance to
Trust)
Trust
Relationships
Security
Objective
Alignment
(CIA)
Explain Your Choices
(1–2 sentences)
access to only the users authorized to have access, and include authentication verification through the use of multi-factor authentication.
ality
layered security involves restricting cloud access and storage to authorized
users, employing verification through multifactor authentication, ensuring that only authorized individuals have access to specific data aspects, and thereby lowering overall risk through restricted availability.
Make sure all data-in-
motion is encrypted.
X
Confidenti
ality
When data is encrypted in transit, it means that information meant for a particular user is
only accessible to that user, keeping it secure from others with similar permissions.
Set alerts for the security team when users log into the X
X
Confidenti
ality/
Integrity/
Establishing a security protocol involves providing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Control
Recommendations
Isolation
Encapsulation
Complete
Mediation
Minimize
Trust Surface
(Reluctance to
Trust)
Trust
Relationships
Security
Objective
Alignment
(CIA)
Explain Your Choices
(1–2 sentences)
network after normal business hours, or when
users access areas of the network that are unauthorized to them.
Availability
alerts to the security team when users log into the network outside of normal business hours, or promptly if unauthorized users attempt to access restricted areas.
After you have completed the table above, respond to the following short questions:
1.
Is it possible to use DataStore and maintain an isolated environment
? Explain your reasoning.
a.
Yes it is possible to use DataStore and also maintain an isolated environment. In the end I must add is that it also depends on how that technology is configured and the specifics of the software. Of course it can be modified to the users preference but also the security team members can control what users can and cannot access with granted permissions through cloud services. 2.
How could the organization have more effectively applied the principle of minimizing trust surface
with DataStore to protect its confidential data? Explain your reasoning.
a.
The organization could have included more tools and allow the organizations to use encryption to apply the MTS where information or data to where its only granted to users with high priority.
3.
How can the organization build a more security-aware culture
from the top down to prevent mistakes before they happen? Explain your reasoning.
a.
By adopting the following strategies: i.
Educating about potential threats and the do’s and don’ts of security and training to wnsure all users are competent.
ii.
Have a clear security policy and abide by it to reduce the number of incidences where unauthorized users won’t access sensitive data.
iii.
To cybersecurity, having a contingency plan is almost certain. Have clear guidance on how to report incidences and/or harmful threats.
iv.
Teamwork is what wins the day. Hacing active discussions with the IT team and security teams allow potential problems to be solved Implementing these strategies will embolden a security-aware culture that will identify mistakes or threats, neutralize the threat and protect against threats whether it be over the internet or from within.