See Attached
CYB 250 Module Two Short Response Guidelines and Rubric Breach Analysis Simulation One CYB 250 Module Two Short Response Guidelines and Rubric Breach Analysis Simulation One Overview In cybersecurity, data protection should be the first priority. There are two basic concepts: data at rest and data in transit. Each version of data is protected slightly differently. It may be sufficient to protect data at rest with some type of encryption that is difficult to crack over a long period of time, while the data in transit needs to be protected only until it gets past the entity that is trying to decipher it. In either case, it is important to know what to do when a breach or incident occurs. Having a strong computer incident response team (CIRT) is a valuable resource for any company. The premise behind incident response is: What is the shortest amount of time it can take to restore the system to a safe state? The shortest amount of time might not be the most cost-effective; therefore, the company must prioritize its actions and make sure that in trying to fix the cyber incident it doesn’t cause the company more harm. There are many vulnerabilities that the CIRT needs to be ready for, so having a well-practiced and itemized incident response plan is important for the company’s well-being. Having the proper resources, whether they are personnel or information technology related, can play a role in how fast the company recovers from the incident. Being prepared for the worst possible cases; having a strong understanding of the influences of the confidentiality, integrity, and availability (CIA) triad; and knowing how the company will react to those situations could mean the difference between company survival and company closure. Having the proper CIRT is about having the right people for the job. This does not mean that all of senior management needs to be on the CIRT. This does mean that the company must figure out what the proper makeup of the team should be. The team members must be good at what they do because they have to be sure that the decisions they make are in the best interests of the company. Prompt After reviewing Breach Analysis Simulation Scenario One, address the critical elements below: I. Reflection on CIA and Data Protection A. Select a tenet of the CIA triad and explain how the principle applies to the scenario. Justify your response with details or examples from the scenario. B. Explain the issues with Secure Sockets Layer (SSL) that facilitated its deprecation and how Transport Layer Security (TLS) remedies those issues. 1 II. Incident Response Plan A. In small organizations, there typically isn’t a large membership to form the CIRT. Explain how organizations with a small IT department assure that the CIRT is prepared to handle all possible situations. CYB 250 Short Response Rubric Guidelines for Submission: Your submission should be one to two pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. All sources must be cited using APA format. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Reflection on CIA and Data Protection: Tenet of CIA Triad Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Selects a tenet of the CIA triad and explains how the principle applies to the scenario, including details or examples from the scenario Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Reflection on CIA and Data Protection: Issues with SSL Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Explains the issues with SSL that facilitated its deprecation and how TLS remedies those issues Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Incident Response Plan: Form the CIRT Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Explains how organizations with a small IT department assure that the CIRT is prepared to handle all possible situations Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 2 CYB 250 Module Two Short Response Guidelines and Rubric Breach Analysis Simulation One Overview Prompt CYB 250 Short Response Rubric Published by Articulate® Storyline www.articulate.com CYB 250 Module Two Short Response Breach Analysis Simulation Scenario One Breach Analysis Simulation Introduction Read through the following scenario. You will then be asked to make choices based on your experience as a security analyst. While there is a best path through the simulation, many of the other options are viable. You are encouraged to explore all of the options to enhance your knowledge and to prepare you for future breaches. The purpose of this simulation is to develop your systems thinking mindset and mature your cyber defense strategies. Published by Articulate® Storyline www.articulate.com Breach Analysis Simulation: Scenario One You are a security analyst working for a company that provides an e-commerce website. Over the last year, you have had discussions with your supervisor about updates to the systems, including a transition to Transport Layer Security (TLS) from Secure Sockets Layer (SSL). The changes have not been implemented due to budgetary constraints. While performing file system maintenance, you notice low disk quota on the web server. 1. Challenge One 1.1 Challenge One What is this low disk quota? This is odd; last audit, there was sufficient space. Normal business operations wouldn’t cause this. What should you do next? Below are the possible answers: Published by Articulate® Storyline www.articulate.com ● Try to diagnose the source of the breach ● Consult the incident response plan ● Notify your supervisor 1.2 Try to diagnose the source of the breach Good thought, but beware! Breaches are complex issues. Many additional obligations beyond solving the breach need to be addressed. For instance, evidence gathering must be considered, and communications to stakeholders must be drafted. Finding the source of the breach may be time-consuming; consequently, other entities can be working on remediation actions during this time. Try selecting a different response. 1.3 Consult the incident response plan Published by Articulate® Storyline www.articulate.com Although technically this response is the correct process, all employees should know that alerting their supervisor is the first step; this results in faster action in initiating the proper response. When you consult the incident response plan, it directs you to immediately contact your supervisor. Where should the incident response plan be located? Below are the possible answers: ● Stored digitally on the network ● Each employee should have a hard copy at his/her desk ● Printed out and stored in one specific location 1.3.1 Stored digitally on the network No, this is not the ideal selection because the network could be compromised or otherwise inaccessible. Try selecting a different response. Published by Articulate® Storyline www.articulate.com 1.3.2 Each employee should have a hard copy at his/her desk Not quite! Although organizations might choose to do this, it represents an overuse of resources and creates potential issues related to the frequent updating necessary to this document. Try selecting a different response. 1.3.3 Printed out and stored in one specific location Correct! This is standard practice; a single hard copy that is always up to date with the most current actions prevents issues. It is