Total 20 Pages For All Four Projects In This Course

Total 20 Page Thisall Four Projects For This Course Will Be Completed

Total 20 page this All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by me as your instructor. Here are the organizations/industries I have to assign: 1. A research extensive public university in the higher education sector. 2. A private hospital in the healthcare sector. 3. A public K-12 public school district in the education sector. 4. A private retail bank in the finance sector. 5. A local state municipality in the government sector. 6. A federal defense contractor in the public-private sector. 7. A national commercial retail superstore chain in the private consumer goods sector.

Project 1: Security Models Start Here Security Models [Music] You have just taken a position as the chief information security officer at your organization. John Williams, the chief technology officer and your new boss, stops at your office door. “I know you’re busy, but I’d like you to come by my office when you get a chance.” Excited about the prospect of something new, you grab a pen and paper and walk to John’s office. John says, “Thanks for coming over so quickly. I’ll get right to the point.

As the CISO, I’m sure that you’re aware of the recent Office of Personnel Management breach, and the impact that this has had on our industry." John continues, “I’m sure that you also realize the heavy burden on our department to protect our organization’s assets and information. I would like to make sure that a similar situation doesn’t happen here. My first step toward preventive measures is to develop new policies and procedures that better protect our data.” John sits at his desk and begins typing while he says, “That brings me to why I asked you here. While I begin my review of current policies and procedures, I would like you to help me by drafting a custom security plan that best fits our organization.” He continues, “You should start by analyzing our security weaknesses, or vulnerabilities, then continue with reviewing existing security models and analyzing which attributes are best suited for our organization.

You will look at the pros and cons of each model, which attributes are best suited for us, and the reasoning behind your conclusions. You will need to submit your completed report to me with a drafted security plan in two weeks.” As a new employee, you realize that this is a great opportunity to show your new boss how you can make a positive contribution to your organization. You know you have enough time to complete your analysis if you start right away. [Music] Most companies and agencies implement security models to protect the confidentiality, integrity, and availability (CIA) of information and data. As security vulnerabilities and threats continue to evolve, security systems need to adapt to effectively protect data and systems.

This is the first of four sequential projects for this course. In this project, you will evaluate existing security models and their attributes and ultimately recommend a custom security plan to your assigned organization. You will also evaluate the pros and cons of implementing particular model attributes based on the type of organization and employees in relation to CIA. To complete the project, you will write a report on the importance of security models in organizations like yours and identify the vulnerabilities of the organization. There are 14 steps in this project.

Begin by reviewing the project scenario and then proceed to Step 1. Competencies Your work will be evaluated using the competencies listed below. 5.1: Define and appropriately use basic cybersecurity concepts and terminology. 6.2: Create an information security program and strategy, and maintain alignment of the two. 7.3: Evaluate enterprise cybersecurity policy. 9.2: Vulnerability Assessment: Rank the vulnerabilities of a system from a disaster-management perspective. Step 1: Review the Assigned Organization All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by the instructor. If you do not know your assigned organization, contact your instructor immediately.

If you want to use another organization than the one assigned you or one not listed, contact your instructor as well. Familiarize yourself with the organization and breach your instructor has assigned by reviewing the details at The descriptions include an overview and key information about the organization on the internet, as well as information about a breach or attempted breach. For the purposes of this course, you will assume this organization is your employer. You may wish to briefly research your assigned organization to gather additional information about the organization and its security posture. Career Connections The breach you have been assigned is a matter of historical fact. Your scholarly research into this matter can and should inform your approach to cybersecurity management. Your ability to fluently converse on past cyber breaches is one way of demonstrating to potential employers that you have the necessary knowledge, skills, and abilities to be a valuable addition to their team. Take notes as you read about this breach—feel free to search for other major breaches—and pay attention to the mistakes that were made that and what actions were taken afterward. As a part of the interview process, you might be asked to apply this knowledge to a new situation. You will use this information throughout the project as you work to develop a security plan for your organization. In the next step, you will compile a cybersecurity overview. Step 2: Write a Cybersecurity Background Summary In Step 1, you familiarized yourself with your assigned organization. Now, it is time to write a cybersecurity overview. Write a three-page background summary that includes a general overview of cybersecurity and a section on enterprise cybersecurity. Include the following items in the general overview of cybersecurity: - Compare and contrast cybersecurity and computer security. - Discuss data flows across networks. As part of this discussion, it may help to review the following topics: binary digits, nontextual data, ASCII, hexadecimal, computer networks, network devices and cables, and network protocols. - Discuss basic cybersecurity concepts and vulnerabilities, including flaws that can exist in software. As part of this discussion, it may help to review the following topics: systems, utilities, and application software, software, interaction of software, and creating a program. - Discuss common cybersecurity attacks. Helpful topics include protocols, web sessions, and security issues, servers and firewalls, a closer look at the World Wide Web and web markup language, cyberattacks, and attack vectors. - Discuss penetration testing. - Discuss how to employ network forensic analysis tools (NFAT) to identify software communications vulnerabilities. Include the following items in the enterprise cybersecurity section: - List and discuss the major concepts of enterprise cybersecurity, including confidentiality, integrity, and availability (CIA) - Discuss the principles that underlie the development of an enterprise cybersecurity policy framework and implementation plan. - List the major types of cybersecurity threats that a modern enterprise might face. You will attach this cybersecurity background summary to the security assessment in a later project step. Submit the cybersecurity background summary for feedback. Step 3: Analyze Security Weaknesses After writing the cybersecurity background summary, you are ready to analyze the security weaknesses of your assigned organization. When analyzing cybersecurity weaknesses, there are several areas to consider. Analyze the organization’s security from the following perspectives: 1. a technology perspective 2. a people perspective 3. a policy perspective You will include this information in the security assessment. In the next step, you will consider risk factors. Step 4: Compile a Risk Summary Now that you have looked at security weaknesses, it’s time to identify areas that should be improved or strengthened, including potential risks associated with maintaining the current security posture. Discuss how you would employ network analysis tools to identify software communications vulnerabilities. Make sure to include the following information: 1. Classify risks according to relevant criteria. 2. Explain system and application security threats and vulnerabilities. 3. Prioritize risks from internal and external sources. 4. Assess the cybersecurity threats faced by your entity. You will include this information in the security assessment, which you will compile in the next step. Step 5: Submit a Security Weakness Assessment From the information that you gathered in the previous steps, develop a two-page summary of your organization’s security weaknesses. Identify threats, risks, and vulnerabilities to achieve a holistic view of risk across the entity. Consider areas that should be improved from a technology perspective, a people perspective, and a policy perspective. Also note potential risks associated with maintaining the current security posture. You will reference this security assessment later when you make your business case and final recommendation. Submit the security assessment for feedback. Step 6: Begin a Security Models Summary Confidentiality, integrity, and availability (CIA triad), as well as authentication and non-repudiation, are fundamental security concepts that must be considered when assessing and developing security options. Cybersecurity models have been developed to address some or all of these security concepts. While these models were generally created to address a specific business case, each of the models has attributes that could be used to assemble a custom security plan. In this step and the following step, you will develop a short summary for each of the security models listed. These reports will serve as an Appendix A to the final memo and will document the security models and their attributes in advance of the memo that you will deliver with your recommended approach. Each summary should include a descriptive and evaluative paragraph on the following attributes: Include the origins of the model (who developed it, when was it developed, and the context under which it was developed), main characteristics of the model (details on the business, sector, industry for whom the model was developed), and key features of the model. Write summaries for the following common models: - Bell-LaPadula - Biba’s Strict Integrity Policy - Clark-Wilson - Chinese Wall When you have completed these summaries, continue to the next step, where you'll write a summary for the next four security models. Step 7: Continue the Security Models Summary Continue summarizing the various cybersecurity models, as in the previous step. Again, identify key features, weaknesses, and targeted sectors/infrastructures and develop a short summary for each of the security models listed below. These reports will be added to Appendix A for the final memo and will document the security models and their attributes in advance of the memo that you will deliver with your recommended approach. Each summary should include a descriptive and evaluative paragraph on the following attributes: Include the origins of the model (who developed it, when was it developed, and the context under which it was developed), main characteristics of the model (details on the business, sector, industry for whom the model was developed), and key features of the model.