SRA111 PROJECT 3 VIVEK

docx

School

Pennsylvania State University *

*We aren’t endorsed by this school

Course

111

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

6

Uploaded by DeanDog1430

Report
privacy Protection Case Study After reviewing the scenario in the Privacy Protection Case Study Activity Guidelines document, fill in the table below by completing the following steps: 1. Specify which Fundamental Security Design Principle applies to the control recommendations by marking the appropriate cells with an X . 2. Indicate which security objective (confidentiality, availability, or integrity) applies best to the control recommendations. 3. Explain your choices in one to two sentences with relevant justifications. Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) Deploy an automated tool on network perimeters becuase monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals. X I The reason why this comes under Complete Mediation is because it’s basically using a resource to know if some unauthorized transfer is happening live. This comes under Integrity in the CIA triad Monitor all traffic leaving the organization to detect any unauthorized use. X C The reason why this comes under Complete Mediation because by monitoring all traffic is basically checking to make sure that there are no data breaches and your
Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) data is completely safe. This comes under Confidentiality in the CIA triad Use an automated tool, such as host-based data loss prevention, to enforce access controls to data even when data is copied off a system. X I The reason why this comes under Complete Mediation is because by using this tool you are eliminating any human error which insures more security and integrity Physically or logically segregated systems should be used to isolate higher-risk software that is required for business operations. X A The reason why this comes under Isolation is that it’s basically an example of certain tasks running in their own designated places. This comes under Availability in the CIA triad Make sure that only the resources necessary to perform daily business tasks are assigned to the end users performing such tasks. X C The reason why this comes under Minimizing trust surface is because you are basically reducing the
Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) component power to that such a level that it has to be dependent on the other components to work. This comes under Confidentiality in the CIA triad Install application firewalls on critical servers to validate all traffic going in and out of the server. X I The reason why this comes under Complete Meditation as you do not have to do anything as the firewalls are constantly checking all the traffic allowing only the ones which are meant to enter. This comes under Confidentiality under the CIA triad Require all remote login access and remote workers to authenticate to the network using multifactor authentication. X X C The reason why this comes under Complete Mediation is that Multifactor authentication in return provides more security and keeps your data as safe as
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) possible. This comes under Confidentiality in the CIA triad Restrict cloud storage access to only the users authorized to have access, and include authentication verification through the use of multi-factor authentication. X C The reason why this comes under Complete Mediation is because you are protecting your data by only allowing users who really need access to cloud storage. This comes under Confidentiality in the CIA triad Make sure all data-in- motion is encrypted. X C The reason why this comes under Encapsulation is because one of the main reasons why data leaks occur is when they are sent from one point to other as they are not encrypted. This comes under Confidentiality in the CIA triad Set alerts for the security team when X C The reason why this comes under
Control Recommendations Isolation Encapsulation Complete Mediation Minimize Trust Surface (Reluctance to Trust) Trust Relationships Security Objective Alignment (CIA) Explain Your Choices (1–2 sentences) users log into the network after normal business hours, or when users access areas of the network that are unauthorized to them. Complete Mediation is because most of the attacks usually happen when the company is in a hibernation phase as someone acts as an imposter and helps the other side. By enabling this, the problem of such issues can be dealt with ease. This comes under Confidentiality in the CIA triad Short Answer Questions 1 Datastore is basically a public platform where you store information that can be used by anyone if they need it, which basically means that the user has to interact with the DataStore directly or indirectly which does not make it a perfectly isolated environment. The other reason for it not being a perfectly isolated environment is because it basically shares the characteristics of a shared platform. 2. When we say minimizing trust, it basically means increase in the security of system. By minimizing the number of employees linked with the datastore or minimizing the interaction with the datastore you are basically implying less number of interaction and associated employees to access it, which I consider the best way to minimize trust surface. 3 they are: To establish multi-factor authentication when accessing confidential data.
Allowing only reasonable employees to access certain data which is not meant for all. Conducting orientation for employees about how to be on the lookout if there is a security issue. Assigning AI bots that keep a weekly check if incase any 3rd party accessed their data in the past week. Proceed for an Immediate lockdown of the system when the office time is over.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Part B- Assessment Analysis .docx
Activity Template_ Project charter_Operations&Training Plan-Plant Pals_141123.docx
NP_WD19_2a_Mac_AvivLevy_Report_1.docx
PA Group Project.docx
Super_Teacher_Worksheets_Multiplication.pdf
Report - Responses.pdf
HW 2.docx
SRA 111 PROJECT 1.xlsx
DIM 3304_Assignment 3 - Instructions.docx
Bray Jasmine_ Operating System Features.docx
TestStrategies.docx
RFM ASSIGNMENT (1).docx