In this case study assignment, we will continue to investigate the Fundamental Security Design Principles at work in a real-world scenario. Through the lens of data protection, we will analyze the...

1 answer below »
In this case study assignment, we will continue to investigate the Fundamental Security Design Principles at work in a real-world scenario. Through the lens of data protection, we will analyze the following principles:  Least Privilege  Layering (Defense in Depth)  Fail-Safe Defaults / Fail Secure  Modularity  Usability Note: You will be engaging with this scenario again in the Module Three discussion. Case Study Scenario You are a cybersecurity analyst working at a prominent regional hospital. On Monday morning, the organization’s technology help desk received a call from Dr. John Beard, a long-time resident physician. Dr. Beard called them to report that his company laptop was stolen from his car after he stopped to work out at a local gym on his way home from the office. A representative from the help desk informed you of the theft and also mentioned that Dr. Beard stated that his laptop case contained a USB thumb drive that he purchased to “back up” important patient files he saved onto his laptop. Dr. Beard also revealed that his daily planner “might have” been in the bag, and that the planner had his hospital computer user name and password written on the back cover. Prior to ending the call, Dr. Beard told the representative that he would call her back if his daily planner turned up. As your conversation with the help desk representative wound down, she commented that Dr. Beard had many different computer “issues” that keep her team busy. She recalled talking to Dr. Beard about the hospital’s policy against accessing patient files remotely, and his annoyance with her inability to help him “get work done” while away from the hospital. And just a week ago, a junior member of her team completed a service ticket to reconfigure Dr. Beard’s laptop to grant him administrative rights. The service request stuck out because it did not have a “reason” indicated (a company policy requirement), but was still approved by James Davis, the hospital’s senior system administrator and close personal friend of Dr. Beard. Prompt After reading the scenario above, complete the Fundamental Security Design Principles mapping table in the Case Study Template and answer the short response questions. You’ll notice that the listed Fundamental Security Design Principles differ from those presented in previous activities. In the cybersecurity trade, there are many different design principles and frameworks. Successful practitioners learn to work with many different (but conceptually similar) principles to achieve their security goals. Specifically, you must address the critical elements listed below: I. Fundamental Security Design Principles Mapping: Fill in the table in the Module Two Case Study Template by completing the following steps for each control recommendation: A. Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X. B. Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation. C. Explain your choices in one to two sentences, providing a selection-specific justification to support your decision. II. Short Response Questions: A. How might you work with someone like Dr. Beard to cultivate a security mind-set that is more in line with the organization’s ethical norms? Hint: Consider his attitude, his past behaviors, and his opinion about organizational policies. B. How would you help the hospital better secure its patient files? Make sure to incorporate at least one data state (data-at-rest, data-in-use, or data-in-motion) and one of the control recommendations from your completed table in your response. Guidelines for Submission: Submit your completed Fundamental Security Design Principles map and short response answers in the Module Two Case Study Template. Your submission should be 1–2 pages in length (plus a cover page and references, if used) and written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a filename that includes the course code, the assignment number, and your name—for example, CYB_100_1-
Answered 3 days AfterMay 13, 2021

Answer To: In this case study assignment, we will continue to investigate the Fundamental Security Design...

Deepti answered on May 17 2021
153 Votes
CYB 200 Module Two Case Study Template
After reviewing the scenario in the Module Two Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps for each control recom
mendation:
1. Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X.
2. Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation.
3. Explain your choices in one to two sentences, providing a selection-specific justification to support your decision.
    Control Recommendations
    Least Privilege
    Layering (Defense in Depth)
    Fail-Safe Defaults / Fail Secure
    Modularity
    Usability
    Security Objective Alignment (CIA)
    Explain your Choices (1-2 sentences)
    Automatically lock workstation sessions after a standard period of inactivity. (Completed as an example)
    
    X
    
    
    
    C
    I chose layering because it adds another layer of protection for the confidentiality of our data.
    If possible, close and lock your office door when leaving your computer.
    
    
    X
    
    
    C
    I choose Fail secure because it ensures confidentiality of the data by securing the location
    Use technology to make sure that only authorized software executes, and unauthorized software is blocked from executing on assets.
    
    
    X
    
    
    C,I
    I choose Fail Safe Defaults as it ensures that only authorized software is allowed. Integrity is maintained as information is accessible only to authorized user for execution.
    Use automated tools to inventory all administrative accounts to ensure that only authorized individuals have elevated privileges.
    
    
    X
    
    
    A
    Administrative accounts are inventoried and access is restricted through Fail Safe Defaults principle. Confidentiality is maintained by providing only authorized individuals with privileges.
    Use system configuration management tools to automatically reapply configuration settings to systems at regularly scheduled intervals.
    
    
    X
    
    
    C
    Configuration settings shall remain updated using fail-safe principle on the tool used. Confidentiality is maintained when...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here