To complete this assignment, review the prompt and grading rubric in theProject Three Milestone Guidelines and Rubric PDFdocument. You will also need to access the following:
1 CYB 220 Project Three Milestone Guidelines and Rubric Overview A critical skill for you to have as a cybersecurity practitioner is to prioritize criteria, requirements, and data to determine the best course of action. The factors that influence your decisions can vary from cost to complexity, effectiveness to available resources, or best-practice to executive viewpoint. How can you evaluate the issues to determine what elements of your environment are most important? In this assignment, you will begin analyzing information related to selecting and recommending a network protection technology solution to your manager. The final evaluation and recommendation will be submitted as Project Three in Module Seven; however, in this milestone, you will examine organizational information, consider how various factors influence the decision-making criteria, and fill in a technology evaluation of your own based on your manager’s questions. Scenario Your instructor will provide you with the scenario for this project in an announcement. The scenario will provide you with the beginning of a security plan that documents areas of relevance to your decision making for the project. Additionally, a fellow analyst is completing an evaluation of network protection technologies, specifically intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), to help you with your decision-making process. You will be provided with the completed evaluation matrix in Module Seven for use in completing Project Three. Your manager has also provided a list of questions that they would use to evaluate the organizational needs in an IDS or IPS. The technology evaluation criteria and your manager’s questions can be found in the Technology Evaluation Criteria document. For your submission, you will download and fill out the Technology Evaluation Criteria Worksheet. Both of these documents can be found in the Project Three Milestone task in Module Five of your course. Based on your analysis of the technology evaluation criteria, the details provided in the scenario, and your manager’s guiding questions, you will identify the highest priority criteria and select Fundamental Security Design Principles related to your prioritization. Prompt Submit a completed Technology Evaluation Criteria Worksheet, which includes a filled-out table, your prioritized list, and two Fundamental Security Design Principles that best encompass your list. You will also need to justify and explain your selections. 2 Specifically, you must address the critical elements listed below. A. Using the manager’s questions and the evaluation criteria, identify relevant information from the organizational security plan material in the scenario to complete the blank column in the technology evaluation criteria table in the provided worksheet. B. Based on your assessment of the relevant information from the organizational security plan, provide a prioritized list of the three most essential evaluation criteria. Justify your rationale for determining the priority of your selected elements. C. Select two Fundamental Security Design Principles that best encompass the priority list. Explain the correlation between your priority list and the principles you identified. Rubric Guidelines for Submission: Download, fill out, and submit the Technology Evaluation Criteria Worksheet, which includes the technology evaluation criteria table, your prioritized list, and your chosen Fundamental Security Design Principles. Use a filename that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Exemplary (100%) Proficient (80%) Needs Improvement (65%) Not Evident (0%) Value Technology Evaluation Criteria Table Identifies relevant company profile information for 14 evaluation criteria Identifies relevant company profile information for 10 to 13 evaluation criteria Identifies relevant company profile information for 6 to 9 evaluation criteria Identifies relevant company profile information for fewer than 6 evaluation criteria 35 Prioritized List Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Provides a prioritized list of the three most important evaluation criteria with appropriate justification Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Fundamental Security Design Principles Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Selects two Fundamental Security Design Principles that best encompass the priority list, and explains the correlation Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 25 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% CYB 220 Technology Evaluation Criteria Manager’s Questions The image and questions below have been provided by your manager to demonstrate the breakdown of components and considerations involved in the decision concerning a network protection approach. 1. Operational Frame (Business Context) a. What are the organizational attributes? b. What are the organizational constraints? 2. Operating Environment (Network and System Profile) a. Effectiveness Essential Questions i. What is the level of concern about who’s on (or off) the network? ii. What is the level of concern about detailed information relating to specific assets on (or off) the network? iii. What is the level of concern about the ability to defeat secure communications? iv. What is the level of concern about resilience? v. What is the level of concern about potential for harm? b. Cost Essential Questions i. Can we afford the investment? ii. Do we have the right people to implement? iii. Will it take too much time? iv. Is the tech/activity too complex? Technology Evaluation Criteria Evaluation Factor Evaluation Criteria Manager’s Questions—Aligned to Criteria Effectiveness Ability to identify network-connected systems 1.a. What are the organizational attributes? 2.a.i. What is the level of concern about who’s on (or off) the network? Ability to discern operating systems of network-connected systems 1.b. What are the organizational constraints? 2.a.ii. What is the level of concern about detailed information relating to specific assets on (or off) the network? Ability to discern specific software applications based on their unique data flows 1.a. What are the organizational attributes? 1.b. What are the organizational constraints? 2.a.iii. What is the level of concern about the ability to defeat secure communications? 2.a.v. What is the level of concern about potential for harm? Ability to handle encrypted data flows 1.b. What are the organizational constraints? 2.a.iii. What is the level of concern about the ability to defeat secure communications? 2.a.v. What is the level of concern about potential for harm? Reliability under stress 1.b. What are the organizational constraints? 2.a.iv. What is the level of concern about resilience? Potential to cause individual network- connected system outage 1.b. What are the organizational constraints? 2.a.iv. What is the level of concern about resilience? 2.a.v. What is the level of concern about potential for harm? Potential to cause individual network- connected system disruption/slowdown 1.a. What are the organizational attributes? 2.a.i. What is the level of concern about who’s on (or off) the network? 2.a.v. What is the level of concern about potential for harm? Evaluation Factor Evaluation Criteria Manager’s Questions—Aligned to Criteria Potential cause of network outage 1.a. What are the organizational attributes? 2.a.i. What is the level of concern about who’s on (or off) the network? 2.a.iii. What is the level of concern about the ability to defeat secure communications? 2.a.iv. What is the level of concern about resilience? Potential cause of network disruption/slowdown 1.a. What are the organizational attributes? 2.a.i. What is the level of concern about who’s on (or off) the network? 2.a.iii. What is the level of concern about the ability to defeat secure communications? 2.a.iv. What is the level of concern about resilience? Potential cause of excessive alerts 1.b. What are the organizational constraints? 2.a.i. What is the level of concern about who’s on (or off) the network? 2.a.iii. What is the level of concern about the ability to defeat secure communications? Cost Software 1.a. What are the organizational attributes? 1.b. What are the organizational constraints? 2.b.i. Can we afford the investment? 2.b.ii. Do we have the right people to implement? Personnel (training) 1.a. What are the organizational attributes? 1.b. What are the organizational constraints? 2.b.i. Can we afford the investment? 2.b.ii. Do we have the right people to implement? Deployment (time to implement) 1.a. What are the organizational attributes? 1.b. What are the organizational constraints? 2.b.ii. Do we have the right people to implement? 2.b.iii. Will it take too much time? 2.b.iv. Is the tech/activity too complex? Deployment (complexity) 1.b. What are the organizational constraints? 2.b.ii. Do we have the right people to implement? 2.b.iv. Is the tech/activity too complex? CYB 220 Technology Evaluation Criteria Worksheet For each section of this worksheet, fill in the empty cells with the required information. Technology Evaluation Criteria Table Evaluation Factor Evaluation Criteria Manager’s Questions—Aligned to Criteria Relevant Organizational Security Plan Information (From Scenario) Effectiveness Ability to identify network-connected systems 1.a. 2.a.i. Ability to discern operating systems of network-connected systems 1.b. 2.a.ii. Ability to discern specific software applications based on their unique data flows 1.a. 1.b