StudyDaddy Information Systems 7-1 Final Project: CyberLeet Training ManualInstructionsBased on the feedback provided in the first two milestones, revise Sections One through Three and complete Section Four to finish your training

7-1 Final Project: CyberLeet Training ManualInstructionsBased on the feedback provided in the first two milestones, revise Sections One through Three and complete Section Four to finish your training

IT 380 Final Project Guidelines and Rubric

Overview

The world we live in is increasingly networked. So much of our vital information exists in digital networks —from financial transactions to social media, criminal

records to private emails —that we cannot consider protecting them optional. The Global Risks 2 015 report, published by the World Economic Forum, gives this

unsettling observation: “Ninety percent of companies worldwide recognize they are insufficiently prepared to protect themselv es against [cyberattacks].” With

this in mind, it is not surprising t hat businesses and governments alike are continuing to seek better cyberdefense strategies, including hiring cybersecurity

specialists. In this course, you learned the foundational principles and practices applied by these in -demand professionals to keep n etworked information secure.

For this project, you will assume the role of a training manager at a cybersecurity firm who decides to create a new -hire training manual for current and future

information security analysts. The training manual will include a discussion of the purpose and value of cybersecurity, illuminate core tenets of cybersecurity,

and illustrate best practices for addressing common cyberthreats.

The project is divided into two milestones , which will be submitted at various points through out the course to scaffold learning and ensure quality

final submissions. These milestones will be submitted in Modules Two and Five. The final product will be submitted in Module Seven.

In this assignment, you will demonstrate your mastery of the followi ng course outcomes:

 Articulate the value of cybersecurity principles for effectively assessing and mitigating risk within business environments

 Illustrate the core tenets of cybersecurity as they relate to balancing information security needs with functio nal business requirements

 Select general network defense policies and practices for safeguarding the confidentiality, integrity, and availability of in formation for users and

organizations

 Compare and contrast methods for detecting, controlling, and mitigating specific types of malicious cyberattacks

Prompt

Scenario: You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity service s to other businesses. CyberLeet’s core

customer base is sole proprietorships and other mom -and -pop shops that are too small to have their own IT departments and budgets. Generally speaking, your

clients have a reasonably high risk tolerance, and put a pre mium on the functionality of their IT systems over stringent security measures. However, you also

have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLe et supports a few small public -

accounting firms that need to maintain important tax -related information, as well as several day -care businesses that must keep children’s health records

private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experie nced rapid growth, which means you can no longer

personally provide one -on -one training to every new information security analyst as they are hired. Therefore, you have decided to create a training ma nual

that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their

role as information security analysts at CyberLeet.

Your training manual should address the following prompt: What are the essential cyberse curity principles and practices that an information security analyst

must know and apply in order to be successful in their role? Make sure to use your Final Project Template for your milestones and final submission.

Specifically, the following critical elements must be addressed:

I. Introduction: Welcome to CyberLeet

A. Explain the value of CyberLeet Technologies as a provider of cybersecurity services to its client businesses. Why is there demand for information

security in a business environment? How do cybersecurity issues impact business resources, including finances, people, and time?

B. Describe the overall role of the new hire as an information security analyst. What are the main functions of the job? What should be their

ultimate goal once they are assigned to clients?

C. Finally, explain the purpose for this manual . Why is it important that information security analysts apply the principles and practices outlined in

this manual? What is at stake if they do not appropriately apply their training and provide high -quality services to the client businesses?

II. Core Tenets of Cybersecurity

A. Explain the significance of confidentiality as a core tenet of cybersecurity. Be sure to define the term and use specific details and examples to

illustrate its meaning in a business context.

B. Explain the significance of integrity as a core tenet of cybersecurity. Be sure to define the term and use specific details and examples to illustrate

its meaning in a business context.

C. Explain the significance of availability as a core tenet of cybersecurity. Be sure to define the term and us e specific details and examples to

illustrate its meaning in a business context.

III. How to Develop Cybersecurity Policies

A. What principles should the information security analyst apply in order to develop appropriate password policies for their clients? Make sure you

address confidentiality, integrity, and availability of information, as well as each of the following aspects:

i. Password length and composition of the password (e.g., uppercase, numbers, special characters)

ii. Time period betwe en resets and ability to reuse a prior password

iii. Differentiated policies for different types of users (e.g., administrator vs. regular user)

B. What principles should the information security analyst apply in order to develop appropriate acceptable use policie s for the client? Make sure

you address confidentiality, integrity, and availability of information, as well as each of the following questions:

i. What should users generally be allowed to do with their computing and network resources? When and why would eac h example be

allowable?

ii. What should users generally be prohibited from doing with their computing and network resources? When and why would each

example require prohibition?

iii. When and why should users be aware of acceptable use policies and how can organizations keep track of these policies?

C. What principles should the information security analyst apply in order to develop appropriate user training policies for the client? Make sure

you address confidentiality, integrity, and availability of information, as well as each of the following:

i. How to determine who would be trained

ii. How to determine how often trainings would occur

iii. How to determine whether certain sta ff receive additional training or whether they should be held to higher standards

D. What principles should the information security analyst apply in order to develop appropriate basic user policies for the client? Make sure you address

confidentiality, inte grity, and availability of information, as well as each of the following questions:

i. When and why should users have to display some type of identification while in the workplace?

ii. What types of physical access (with or without ID) to company areas is accepta ble? Why?

iii. When and why should employees with identification be allowed access to all areas of the company?

iv. When and why should employees be allowed to take work home or bring guests into the workplace?

IV. Threat Mitigation Scenarios: For each of the hypothet ical scenarios listed below, illustrate for the new hires the strengths and weaknesses of the

different approaches. This will help new hires gain a more practical understanding of how to deal with these types of issues that they are likely to face in

their day -to-day job.

A. Theft: In the last month, two break -ins have occurred at a client’s office, which resulted in the theft of employee laptops during both incidents.

The first incident occurred in the evening when the thieves broke through a ground -floor window. The second incident occurred during the day

when the thieves walked right into the business area and removed two laptops. What physical and technical controls would be h elpful to

address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to

mitigate the given threat.

B. Malware: Recently, one of your client’s staff has been inundated with phishing emails that are targeted at individuals and related to current

business opportunities for th e company. These messages are linked to malware and sent by known threat actors. What physical and technical

controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods

tha t could be used to mitigate the given threat.

C. Your choice: Create your own illustrative scenario of a common threat that an information security analyst may face. Explain what physical and

technical controls would be helpful to address your chosen issue an d prevent that type of vulnerability in the future, and compare and contrast

the different methods that could be used to mitigate the given threat.

Milestone One : Training Manual Introduction

Milestones

In Module Two , you will assume the role of a training manager at a cybersecurity firm needing to create a training manual for new informat ion security analyst hires.

You will complete the introduction and core tenets of cybersecurity sections of the manual. This milestone will be graded with the Milestone One Rubric.

Milestone Two : Policy Development

In Module Five , you will complete the cybersecurity policy section of the manual. Remember, use the same template you used to complete Mile stone One. This

milest one will be graded with the Milestone Two Rubric.

Final Submission : CyberLeet Training Manual

In Module Seven , you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should

reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Project Rubric. Final Project Rubric

Guidelines for Submission: Your training manual should be 4 to 6 pages in length using 12 -point Times New Roman font and double spacing. While not required,

if you do use TestOut or outside sources in your training manual, cite these sources using the latest APA guidelines.

Critical E lements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value

Introduction: Value of Meets “Proficient” criteria and Explains the value of Explains the value of Does not explain the value of 8

Cybersecurity demonstrates deep cybersecurity services for cybersecurity services for cybersecurity services for

appreciation for the value of businesses using specific businesses but is lacking in businesses

cybersecurity within business supporting examples necessary detail or fails to use

environments specific supporting examples

Introduction: Role of Meets “Proficient” criteria and Describes the role and ultimate Describes the role and goals of Does not describe the role and 8

the New Hire demonstrates keen insight into goals of an information an information security analyst goals of an information security

the role of cybersecurity within security analyst using specific but with gaps in accuracy or analyst

business environments detail necessary detail

Introduction: Purpose Meets “Proficient” criteria and Explains the purpose of the Explains the purpose of the Does not explain the purpose of the 8

of the Manual demonstrates deep training manual in terms of training manual but fails to training manual

appreciation for the value of what is at stake for a business clearly illustrate what is at

cybersecurity within business if it does not have appropriate stake for a business if it does

environments cybersecurity policies and not have appropriate

practices cybersecurity policies and

practices

Core Tenets: Meets “Proficient” criteria and Defines and explains the Defines and explains the Does not define and explain the 8

Confidentiality demonstrates nuanced significance of confidentiality significance of confidentiality significance of confidentiality as a

understanding of the core as a core tenet of as a core tenet of cybersecurity core tenet of cybersecurity

tenets of cybersecurity cybersecurity, including but fails to illustrate with

specific details and examples specific details and examples

to illustrate or contains inaccuracies

Core Tenets: Integrity Meets “Proficient” criteria and Defines and explains the Defines and explains the Does not define and explain the 8

demonstrates nuanced significance of integrity as a significance of integrity as a significance of integrity as a core

understanding of the core core tenet of cybersecurity, core tenet of cybersecurity buW tenet of cybersecurity

tenets of cybersecurity including specific details and fails to illustrate with specific

examples to illustrate details and examples or

contains inaccuracies

Core Tenets: Meets “Proficient” criteria and Defines and explains the Defines and explains the Does not define and explain the 8

Availability demonstrates nuanced significance of availability as a significance of availability as a significance of availability as a core

understanding of the core core tenet of cybersecurity, core tenet of cybersecurity but tenet of cybersecurity

tenets of cybersecurity including specific details and fails to illustrate with specific

examples to illustrate details and examples or

contains inaccuracies How To: Password Meets “Proficient” criteria and Identifies specific principles for Identifies principles for Does not identify principles for 6

Policies demonstrates keen insight into developing appropriate developing password policies developing password policies

best practices for defending password policies that address but fails to fully address all

the confidentiality, integrity, confidentiality, integrity, and relevant aspects or there are

and availability of information availability of information gaps in logic or accuracy

How To: Acceptable Meets “Proficient” criteria and Identifies specific principles for Identifies principles for Does not identify principles for 6

Use Policies demonstrates keen insight into developing appropriate developing acceptable use developing acceptable use policies

best practices for defending acceptable use policies that policies but fails to fully

the confidentiality, integrity, address confidentiality, address all relevant aspects or

and availability of information integrity, and availability of there are gaps in logic or

information accuracy

How To: User Training Meets “Proficient” criteria and Identifies specific principles for Identifies principles for Does not identify principles for 6

Policies demonstrates keen insight into developing appropriate user developing user training developing user training policies

best practices for defending training policies that address policies but fails to fully

the confidentiality, integrity, confidentiality, integrity, and address all relevant aspects or

and availability of information availability of information there are gaps in logic or

accuracy

How To: Basic User Meets “Proficient” criteria and Identifies specific principles for Identifies principles for Does not identify principles for 6

Policies demonstrates keen insight into developing appropriate basic developing basic user policies developing basic user policies

best practices for defending user policies that address but fails to fully address all

the confidentiality, integrity, confidentiality, integrity, and relevant aspects or there are

and availability of information availability of information gaps in logic or accuracy

Threat Mitigation Meets “Proficient” criteria and Compares and contrasts Compares and contrasts Does not compare and contrast 8

Scenario: Theft demonstrates nuanced different methods for methods for mitigating the methods for mitigating the given

understanding of the different mitigating the given threat, given threat but there are gaps threat

methods for detecting, using specific examples to in accuracy, logic, or necessary

controlling, and mitigating illustrate detail

threats

Threat Mitigation Meets “Proficient” criteria and Compares and contrasts Compares and contrasts Does not compare and contrast 8

Scenario: Malware demonstrates nuanced different methods for methods for mitigating the methods for mitigating the given

understanding of the different mitigating the given threat, given threat, but there are threat

methods for detecting, using specific examples to gaps in accuracy, logic, or

controlling, and mitigating illustrate necessary detail

threats

Threat Mitigation Meets “Proficient” criteria and Identifies a common threat and Identifies a common threat, Does identify a common threat and 8

Scenario: Your Choice demonstrates nuanced compares and contrasts and compares and contrasts compare and contrast methods for

understanding of the different different methods for methods for mitigating the mitigating the chosen threat

methods for detecting, mitigating the chosen threat, chosen threat but with gaps in

controlling, and mitigating using specific examples to accuracy, logic, or necessary

threats illustrate detail Articulation of Submission is free of errors Submission has no major errors Submission has major errors Submission has critical errors 4

Response related to citations (if related to citations (if related to citations (if related to citations (if applicable),

applicable), grammar, spelling, applicable), grammar, spelling, applicable), grammar, spelling, grammar, spelling, syntax, or

syntax, and organization and is syntax, or organization syntax, or organization that organization that prevent

presented in a professional and negatively impact readability understanding of ideas

easy -to-read format and articulation of main ideas

Total 100%

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!