Haleigh Duguay CYB 200 Module Two Case Study

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

7

Uploaded by MinisterDuckMaster1030

Report
CYB 200 Module Two Case Study Template After reviewing the scenario in the Module Two Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps for each control recommendation: 1. Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X . 2. Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation. 3. Explain your choices in one to two sentences, providing a selection-specific justification to support your decision. Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) Automatically lock workstation sessions after a standard period of inactivity. (Completed as an example) X C I chose layering because it adds another layer of protection for the confidentiality of our data. If possible, close and lock your office door when leaving your computer. X C Fail-Safe Defaults/Fail Secure will ensure that access is given only to the person intended to have access to prevent unnecessary exposure to confidential data. Use technology to make sure that only X A Usability would
Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) authorized software executes, and unauthorized software is blocked from executing on assets. limit the type of software able to be used on the device. This would allow accessibility to complete a job function but block unnecessary or unacceptable usage. Use automated tools to inventory all administrative accounts to ensure that only authorized individuals have elevated privileges. X I Implementing automated least privilege will ensure there is no conflict of interest when it comes to personal relationships in the workplace. Having an automated machine control accesses prevents one employee putting pressure on someone in IT to grant them
Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) accesses they don’t need to have. Use system configuration management tools to automatically reapply configuration settings to systems at regularly scheduled intervals. X A Having automatic updates to configuration settings makes accessibility possible and modularity can make the process easier by mitigating human error. By updating regularly, this can prevent unintentional downtime if configuration settings are not compliant with policies or laws, causing the computer to deny access. Maintain an inventory of all sensitive information stored or transmitted by the organization's technology systems, including those located on site or at a X C Layering confidential data will maintain
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) remote location. confidentiality by implementing multiple layers of defense. Use approved whole-disk encryption software to encrypt the hard drive of all mobile devices. X C Encryption of data keeps it secure by adding an extra layer of protection to it, making it more difficult for unauthorized users to access. If USB storage devices are required, software should be used that can configure systems to allow the use of specific devices. X C/I Fail-safe defaults/fail- secure will prevent confidential data from getting into the wrong hands by only allowing access to objects needing access. This can also protect the integrity by keeping it out of the wrong
Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) hands. Configure systems not to write data to external removable media, if there is no business need for supporting such devices. X I Denying access to external devices is essential unless business need is provided. Integrity of the data being downloaded is at stake since it could be being downloaded with malicious intent. If USB storage devices are required, all data stored on such devices must be encrypted. X C Encryption adds a layer of protection to confidential data by making it harder to access. Protect all information stored on systems through the use of access control lists. These access control lists enforce the principle that only authorized individuals should have access to the information based on approved business need. X C/I Controlling who has access based on business need maintains confidentiality and integrity of data by only
Control Recommendations Least Privilege Layering (Defense in Depth) Fail-Safe Defaults / Fail Secure Modularity Usability Security Objective Alignment (CIA) Explain your Choices (1-2 sentences) giving those who need access to those with a legitimate business need. Require multifactor authentication for all user accounts, on all systems, whether managed on site or by a third-party provider. X I Multifactor authentication for user will keep information safe because it is verifying that the person logging on to access the information is who they say they are by confirming with multiple means of confirmation. After you have completed the table above, respond to the following short questions: 1. How might you work with someone like Dr. Beard to cultivate a security mind-set that is more in line with the organization’s ethical norms? Hint: Consider his attitude, his past behaviors, and his opinion about organizational policies. a. Considering Dr. Beard uses his title and seniority to his advantage to gain unauthorized access, it is important to reiterate the importance of maintaining patient privacy. I would explain that it is understandable that he is busy and would like to access files away from the hospital. However, this is unethical practice and can expose patients to private health information breaches which violates HIPPAA. This could result in a suspended license and other legal repercussions. Since he is a doctor, I would like to assume that he cares about his patient’s safety and would
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
like to continue practicing medicine. If my assumptions are correct, I would reiterate how detrimental the effects of identity theft are and would be to his patients if the information fell into the wrong hands. While I know he sees nothing wrong with accessing files remotely, I would try to explain my job as simply as possible. Keeping the hospital records secure should be a top priority for Dr. Beard. Hopefully, a simple conversation reiterating the importance of cybersecurity will be a wake-up call, along with the theft of his work property. 4. How would you help the hospital better secure its patient files? Make sure to incorporate at least one data state (data-at-rest, data-in-use, or data-in- motion) and one of the control recommendations from your completed table in your response. a. Hospital data is typically in motion which can make the data vulnerable. Layering would be the best way to go about keeping the in-motion data secure. First, the hospital should implement and enforce policies that refuse access to patient data outside of the hospital walls. Human error is a huge risk to confidentiality and integrity of private information. Next, I would implement multi-factor authentication for anyone attempting to access the data. This would ensure that only the intended users of the data have access. I would also create a VPN to be used on all hospital computers to create another layer of defense by keeping it encrypted. Lastly, all passwords must be difficult to guess and changed regularly. It will be a violation of policy to have usernames and passwords written anywhere. If a password is forgotten, they must reset by using the multifactor authentication system. By having all of these layers of defense in place, it will keep the data-in-motion a lot safer than if these policies and procedures were not there.

Related Documents

INTL 440 W1 FORUM.docx
Haleigh Duguay IT 200 Module 3-2 Activity.docx
Jordan, T - DefenseEd Marketing Plan.docx
Haleigh Duguay CYB 200 Project One.docx
Haleigh Duguay CYB 200 Project Three Milestone Decision Aid.docx
Venn diagram questions .pdf
Haleigh Duguay CYB 200 Project Three.docx
cgs1540-lab2.docx
FSE 301_CustomerProfile_Rich Adams-1.pptx
BIS101_Exam2_PracticeExam_v3_KEY.pdf
LWebb Customer Profiles-1.pptx
Haleigh Duguay CYB 200 Project Two.docx