CYB+200+Module+Three+Case+Study+Colby

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by DukeFog10607

CYB 200 Module Three Case Study Template After reviewing the scenario in the Module Three Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps: 1. Specify which Fundamental Security Design Principle applies to the control recommendations by marking the appropriate cells with an X . 2. Indicate which security objective (confidentiality, availability, or integrity) applies best to the control recommendations. 3. Explain your choices in one to two sentences with relevant justifications. Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals. X I This would be an example of using a resource as it was designed to be used while determining if unauthorized transfers are happening. This is integrity in the CIA Triad. Monitor all traffic leaving the organization to detect any unauthorized use. X C This would be an example of Complete Mediation as it monitors all the traffic to make sure there isn’t any issues, and that the data is safe. This is considered Confidentiality. Use an automated tool, such as host-based data loss prevention, to X I This would be an example of Encapsulation as it is

Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) enforce access controls to data even when data is copied off a system. using a tool as intended to enforce access control to data. This would be considered integrity. Physically or logically segregated systems should be used to isolate higher-risk software that is required for business operations. X A This would be considered isolation because it individualizes the processes or tasks running in their own space. Under CIA triad, it would be under Availability. Make sure that only the resources necessary to perform daily business tasks are assigned to the end users performing such tasks. X C This would be an example of minimizing trust surfaces as it reduces the degree in which the user or component depends on the reliability of another. This would fall under confidentiality. Install application firewalls on critical servers to validate all traffic going in and out of the server. X I This would be Complete Mediation because the firewalls are checking all traffic to verify its safe to

Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) enter. This falls under integrity. Require all remote login access and remote workers to authenticate to the network using multifactor authentication. X C Restricting all access to users not under certain access would be considered Complete Mediation as it only allows those who are fully vetted before entering the network. This is considered confidentiality. Restrict cloud storage access to only the users authorized to have access, and include authentication verification through the use of multi-factor authentication. X C Restricting access to only the users who are authorized to do so would fall under complete mediation as it only allows those who are authorized to access the network. This is another example of Confidentiality. Make sure all data-in- motion is encrypted. X C This would be an example of minimize trust surfaces because all the data is encrypted which

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) reduces the degree to which the user depends on the information. This would fall under Confidentiality. Set alerts for the security team when users log into the network after normal business hours, or when users access areas of the network that are unauthorized to them. X I This would be Trust relationships because it shows privileges being shared with another. This would fall under integrity.

After you have completed the table above, respond to the following short questions: 1. Is it possible to use DataStore and maintain an isolated environment ? Explain your reasoning. DataStore is a public, cloud-based platform that is used in the sharing of information with the public and customers. Employees can make mistakes and there is no way to use DataStore in an isolate environment since it is a shared platform. 4. How could the organization have more effectively applied the principle of minimizing trust surface with DataStore to protect its confidential data? Explain your reasoning. The organization could minimize trust surface by only letting certain users who are more vetted to upload information to the platform. For example, the employees or users trying to gain access can send info to the security team to make sure there is a review process prior to allowing access to upload. 5. How can the organization build a more security-aware culture from the top down to prevent mistakes before they happen? Explain your reasoning. By only allowing employees access to the information as needed and checking to make sure those employees are using encrypted devices that are authorized. Training for employees new and old on being aware of any potential security risks or issues. Also, with training on a regular basis, mistakes will tend to happen less.