Cyb 200 Module Two Case Study Template After Reviewing

Cyb 200 Module Two Case Study Template After Reviewing The Scenario

After reviewing the scenario in the Module Two Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps for each control recommendation: 1. Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X. 2. Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation. 3. Explain your choices in one to two sentences, providing a selection-specific justification to support your decision.

Control Recommendations include: Automatically lock workstation sessions after a standard period of inactivity; Close and lock office door when leaving the computer; Use technology to ensure only authorized software executes; Use automated tools to inventory administrative accounts; Reapply configuration settings regularly; Maintain inventory of sensitive information; Use whole-disk encryption software; Configure systems to limit external removable media access; Encrypt data on USB devices; Protect information stored on systems with access control lists; Require multifactor authentication for all accounts.

Paper For Above instruction

The implementation of comprehensive security controls within an organization is essential to safeguarding information assets and ensuring operational resilience. This essay explores various control recommendations aligned with fundamental security design principles, emphasizing their relevance to achieving specific security objectives, primarily confidentiality, integrity, and availability.

Control Recommendation 1: Automatic Locking of Workstation Sessions

Applying the layering (defense in depth) principle, this control adds an additional security barrier by automatically locking sessions after a period of inactivity, protecting confidentiality and preventing unauthorized access to unattended workstations (Kim & Solomon, 2013). This safeguard ensures that even if an individual leaves their workstation momentarily, sensitive information remains secure from potential breaches.

Control Recommendation 2: Locking Office Doors

This physical control exemplifies the layering principle by complementing digital security measures, thereby managing confidentiality and reducing the risk of physical intrusion (Tjaden, 2015). Closing and locking office doors when absent decreases the likelihood of unauthorized individuals gaining access to sensitive data or hardware.

Control Recommendation 3: Authorized Software Execution

Utilizing the fail-safe defaults principle, implementing technology that restricts execution to authorized software ensures that only approved applications run on organizational assets, maintaining integrity and limiting malicious software introduction (Bishop, 2003). This control minimizes attack vectors by enforcing strict software policies.

Control Recommendation 4: Inventory of Administrative Accounts

Reinforcing the principle of complete mediation, automated inventory management ensures that only authorized personnel have elevated privileges, which preserves integrity by preventing privilege creep or unauthorized privilege escalation (Kim & Solomon, 2013). Regular inventory updates enable prompt detection of unauthorized accounts.

Control Recommendation 5: Regular Reapplication of Configuration Settings

This control aligns with the modularity principle, promoting manageable and repeatable security configurations. Reapplying settings periodically ensures that security standards are maintained, thus supporting availability and confidentiality by preventing configuration drift that might introduce vulnerabilities (Tjaden, 2015).

Control Recommendation 6: Sensitive Information Inventory and Encryption

Combining the principle of abstraction, this control involves maintaining comprehensive inventories and applying encryption to protect data at rest, particularly on mobile devices. Encryption ensures confidentiality and integrity of sensitive data, especially during storage (Kim & Solomon, 2013).)

Control Recommendation 7: External Media Access Controls

Following the fail-safe defaults and layering principles, configuring systems to restrict and encrypt external media protects data during transit and at rest, addressing confidentiality and integrity concerns associated with data-in-motion coming from removable devices (Tjaden, 2015).

Control Recommendation 8: Access Control Lists (ACLs)

Using the principle of least privilege, ACLs enforce that only authorized users access specific data, enhancing confidentiality and integrity by controlling access rights (Bishop, 2003). Properly managed ACLs prevent unauthorized modifications or disclosures.

Control Recommendation 9: Multifactor Authentication

This recommendation embodies the principle of simplicity and least privilege, requiring multiple authentication factors to verify user identities, thus strengthening security without overly complicating user access processes (Kim & Solomon, 2013). It effectively addresses confidentiality and availability issues by preventing unauthorized access while maintaining usability.

Conclusion

In conclusion, aligning security controls with fundamental security design principles ensures a balanced approach to safeguarding organizational assets. Each control reinforces specific security objectives, with layered defenses providing comprehensive protection across physical, technical, and administrative domains. Consistent evaluation and implementation of these principles foster a security-driven culture that adapts effectively to emerging threats.

References

  • Bishop, M. (2003). Computer security: Art and science. Addison-Wesley Professional.
  • Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security (2nd ed.). Jones & Bartlett Learning.
  • Tjaden, B. C. (2015). Appendix 1: Cybersecurity first principles. Retrieved from https://example.com/cybersecurity-principles
  • Sons, S., Russell, S., & Jackson, C. (2017). Security from first principles. O'Reilly Media.
  • PC Magazine. (2018). Encyclopedia of security principles. Retrieved from https://www.pcmag.com/encyclopedia/security
  • National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST Cybersecurity Framework.
  • Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems. Wiley.
  • Stallings, W. (2017). Cryptography and network security: Principles and practice. Pearson.
  • Schneier, B. (2015). Data and Goliath: The hidden battles to collect your data and control your world. W.W. Norton & Company.
  • ISO/IEC 27001:2013. Information Security Management Systems — Requirements.

Related Assignments