CYB 300 Milestone Three Worksheet

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

300

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by LieutenantGoosePerson210

Report
CYB 300 Milestone Three Worksheet I. Security Analysis Table 1
Security Analysis Table Fundamental Security Design Principles Describe how the FSDPs relate to PKI (2–3 sentences) Describe how the FSDPs relate to the CIA triad (2–3 sentences) Isolation In relation to PKI and isolation the example, I have the uses of a token for the authentication process. This token is what the grants the user access of the protected areas in the network. Authentication is linked to isolation, so that would lead into the CIA’s isolationist triad. With that in mind it would need to have and maintain the highest levels of confidentiality and integrity. Modularity Modularity relates to PKI in being that receiving a certificate is an example of modularity. Once the certificate is acquired, it’s uploaded to the database and sent to a server, in turn letting the server inside the subnet you chose. With how similar they are nodes in a network can act independently. This technique can be reused indefinitely. When designing with modularity, ease of use is a must. Minimization of Implementation Minimizing the amount of code needed to handle particular situations can be achieved with other methods such as having set credentials that can operate on any device. Essentially meaning nobody else would be able to log onto the user’s account. Minimizing time and effort used to implement a change is a private principle. This restricts access to your account and the contents within it for only authorized users. Layering Layering connection with a PKI would be along the lines of using a biometric scanner and using something like login credentials. This is a prime example of layers, adding other things onto this would be adding more layers. The concept of layering is connected to the triad through confidentiality. Using the combinations of multiple security methods including authentication ensure authorized access is allowed or authorized individuals may receive access. Least Privilege The least privilege method is by far my Least privilege plays into all 3 roles in 2
II. Scenario-Based Short Response Questions A. Temporary Contractor : The use of CAs as part of PKI provides a mechanism for key management and secure communications. If you were asked to provide access to information systems to a temporary contractor, what areas of a PKI and CIA triad would you be concerned with? Which of the FSDPs most applies here? My biggest concern with bringing on temporary contractors concerning the CIA triad would be availability. With temp users coming into the PKI, I believe that a strict approach to access would be absolutely necessary. This ensures they wouldn’t be able to access any information or places they don’t need or could do harm to. I would use least privilege and ensure that the temp worker would only have what is necessary for his job and that is it. So using B. Cryptography : As part of PKI, a cryptographic system is established. Explain how cryptography is used and what forms of implementation can be accomplished. Cryptology is used as a method to protect data converting it into unreadable information, which can be transported and or properly stored. Cryptography is a way to provide information confidentiality. Cryptology has two methods symmetric cryptology both keys private and asymmetric cryptology public keys and private. For symmetric the document is sent to the receiver who would unlock the document and encrypt it again using an encryption key. For asymmetric using one key each time, this causes a key in turn to be generated every time something is sent or modified and moved. But using two different keys allows for faster decryption and encryption as each person has their own separate private key to unlock the data and everyone using the same public key to encrypt the data. This allows for safer transmission and maintaining security., 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References: PKI Trust Model . Docs.progress.com. (n.d.). https://docs.progress.com/bundle/openedge-security-and-auditing/page/PKI-trust- model.html#:~:text=To%20help%20ensure%20trust%2C%20a,is%20a%20strict%20hierarchical%20model . Computer and information handbook. (2009). Cryptology . Cryptology - an overview | ScienceDirect Topics. https://www.sciencedirect.com/topics/computer-science/cryptology#:~:text=Cryptology%20is%20the%20science %20of,messages%20to%20recover%20their%20meaning . Cryptography: Public key infrastructure (PKI) . Freeman Law. (2022, December 29). https://freemanlaw.com/pki-cryptography/ 4

Related Documents

week 8.pdf
ethical hacking - assignment 1.pdf
ITNW 1354 Module 1 Mastery Assessment Lab v22-4.pdf
ITM550 CASE 3.docx
ITM550 SLP 2.docx
Course Project Milestone 1.docx
Cyb 300 4-4 Milestone two paper.docx
CYB 240 Project One Vulnerability Summary Report.docx
CYB 240 Module Four Lab Worksheet.docx
CYB 240 Project One Milestone.docx
CYB 240 Module Five Lab Worksheet.docx
CYB 300 4-4 Milestone Two Checklist.docx