StudyDaddy Computer Science Cyber Security Project

Cyber Security Project

ISE 510 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a security breach analysis and recommendations . The relevance of risk assessment cannot be over emphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Or ganizations seek to understand their compliance status for current r egulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploit ed. For your final project , you will analyze an information security breach that has already occurred. This will place you in the role of a risk assess ment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such r oles will continue to gain relevance as organizations and governmen ts continue to move sensitive financial information, personal health information (PHI), and personally identifiable informati on (PII) across publicly accessible networks and storage devices. For the final project for this course , you will analyze an infor mation security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec ) you will play in Module Three . In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach , and applicable regulations to the organization. Then, you will develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur. The project is divided i nto three milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven . The final product will be submitted in Mo dule Nine . This assessment addresses the following course outcomes:  Determine how cyber security attacks occur in organizations throug h analysis of security breaches  Evaluate incident response processes for their effectiveness in ensuring business continuity in support of organizational goals  Assess the impact of cyber security regulations on the inform ation security of organizations  Create security test plans for networks, applications, or physical security assessment proj ects based on established c yber security standards  Develop risk mitigation strategies for addressing application, websi te, and network vulnerabilities  Recommend methods to reduce the impact of organizational culture and communication challenges that could affect cybersecurity risk assessment in a diversified world Prompt Your security breach analysis and recommendations should answer the following prompt : Using your Final Project Scenario and g ameplay from the educational video game Agent Surefire: Info Sec that you will complete in Module Three, a nalyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and recommendations that reduce the impact of organizati onal culture and communication challenges. Specific ally, the following critical elements must be addressed: I. Introduction : Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your p rofile, you could consider the industry in which the busine ss or organization operates and the product or service that is the focus, for example. II. Security Breach : In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breac h and explaining how the breach occurred. Specifically, you should: A. Attack Location : Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For exampl e, was the network attacked? Or was the company website hacked? B. Attack Method and Tools : Analyze the security breach to d etermine the method and tools that were used to effect the attack. In other words, how did the attack occur? C. Vulnerabilities : Based on your analysis, what vulnerabilities of the bus iness or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer? III. Incident Response : In this section, you will evaluate the incident response proce sses that were initiated in response to the breach. Specifically, you should: A. Actions : What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business o r organization do to address the vulnerabiliti es and resume normal system operations after the breach? B. Business Continuity : Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals? IV. Impact : In this section, you will discuss the possi ble impacts of applicable cyber security regulations to the business or organization. Specifically, you should: A. Application : Describe the government and industry regulations that apply to the business or organization in relation to the security bre ach. For example, what legislation, directives, and policies relate to the security breach? B. Impact : How do these regulations impact the business or organization and its information security? Support your response with specific examples. C. Financial and Legal Implications : Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example? V. Security Test Plan : In this section, you will develop a security test plan for the breached system, basing your plan on yo ur analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST) . Specifically, you should: A. Scope : Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed? B. Resources : Document the resources required for th e risk assessment. In other words, what do you need to actually do the assessment? C. Hardware and Software : Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing? D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created. VI. Risk Mitigation : In this section, you will create security controls to ensure that the breach will not reoccur. Specif ically, you should: A. Security Controls : Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. Th ese controls can be technical, administrative, or personnel security controls, for example. B. Vulnerabilities : How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities? C. Evaluation : What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated? VII. Conclusion : In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Sp ecifically, you should: A. Communication : Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved? B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization. C. Recommendations : What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments? Milestones Milestone One : Kickoff Agenda In Module Three , you will submit a k ickoff agenda. This milestone will be graded with the Milestone One Rubric. Milestone Two : Test Plan In Module Five , you will submit a test plan . This milestone will be graded with the Milestone Two Rubric. Milestone Three : Incident Response Plan In Module Seven , you will submit an incident response plan . This milestone will be graded with the Milestone Three Rubric. Final Submission : Security Breach Analysis and Recommendations In Module Nine , you will submit your final project . It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. It should also be structured to follow the outline presented in the Prompt. This submission will be graded with the Final Project Rubric (below) . Deliverables Milestone Deliverables Module Due Grading One Kickoff Agenda Three Graded separately; Milestone One Rubric Two Test Plan Five Graded separately; Milestone Two Rubric Three Incident Response Plan Seven Graded separately; Milestone Three Rubric Security Breach Analysis and Recommendations Nine Graded separately; Final Pro ject Rubric (below) Final Project Rubric Guidelines for Submission: Your security breach analysis and recommendations should adhere to the following formatting requirements: 10 –15 pages, double - spaced, using 12 -point Times New Roman font, and one -inch margins. You should use current APA style guidelines for your citations and reference list, if applicable. Instructor Feedback : This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more in formation, review these instructions . Critical Elements Exemplary (100% ) Proficient (90% ) Needs Improvement (70% ) Not Evident (0% ) Value Introduction Meets “Proficient” criteria and profile expertly balances necessary detail with brevity Provides brief profile of business or organization that has been attacked and its organizational goals Provides brief profile of business or o rganization that has been attacked and its organizational goals but with gaps in clarity, detail, or accuracy Does not provide brief profile of business or organization that has been attacked and its organizational goals 5.36 Security Breach: Attack Location Meets “Proficient” criteria and response demonstrates keen insight into how cybersecurity attacks occur in organizations Determines what part of business or organization was attacked by analyzing security breach Determines what part of business or organization was attacked by analyzing security breach, but with gaps in accuracy or logic Does not determine what part of business or organization was attacked by analyzing security breach 5.36 Security Breach: Attack Method and Tools Meets “Proficient” criteria and response demonstrates keen insight into how methods and tools influence cybersecurity attacks in organizations Determines method and tools used to effect attack by analyzing security breach Determines method and tools used to effect attack by analyzing security breach, but with gaps in accuracy or logic Does not determine method and tools used to effect attack by analyzing security breach 5.36 Security Breach:

Vulnerabilities Meets “Proficient” criteria and response demonstrates keen insight into the vulnerabilities cybersecurity attackers exploit Explains which vulnerabilities were exploited and how they were discovered, based on analysis of security breach Explains which vulnerabilities were exploited and how they were discovered, but explanation is not based on analysis of security breach or has gaps in clarity, detail, or accuracy Does not explain which vulnerabilities were exploited and how they were discovered 5.36 Incident Response: Acti ons Meets “Proficient” criteria and description demonstrates nuanced understanding of use of incident response processes Describes incident response actions that were initiated to minimize impact of breach Describes incident response actions that were initiated to minimize impact of breach, but with gaps in clarity, detail, or accuracy Does not describe incident response actions that were initiated to minimize impact of breach 5.36 Incident Response:

Business Continuity Meets “Proficient” criteria and evaluation demonstrates keen insight into effectiveness of incident response processes in ensuring business continuity Evaluates incident response actions for their effectiveness in allowing the business to resume normal system op erations after the breach Evaluates incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach, but with gaps in clarity, detail, or logic Does not evaluate incident response actions for t heir effectiveness in allowing the business to resume normal system operations after the breach 5.36 Impact: Application Meets “Proficient” criteria and description demonstrates nuanced understanding of cybersecurity regulations Describes government and industry regulations that apply to business or organization in relation to security breach Describes government and industry regulations that apply to business or organization in relation to security breach, but with gaps in clarity, detail, or accuracy Does not describe government and industry regulations that apply to business or organization in relation to security breach 5.36 Impact: Impact Meets “Proficient” criteria and assessment demonstrates keen insight into relationship between cybersecurity regulations and information security of organizations Assesses impact of regulations on business or organization and its information security, supporting response with specific examples Assesses impact of regulations on business or organization and its information security but assessment is cursory, inaccurate, or has gaps in support Does not assess impact of regulations on business or organization and its information security 5.36 Impact: Financial and Legal Implications Meets “Proficient” criteria and response demonstrates deep understanding of cybersecurity regulations Discusses possible financial and legal implications of security breach for business or organization Discusses possible financial and legal i mplications of security breach for business or organization but with gaps in clarity, detail, or accuracy Does not discuss possible financial and legal implications of security breach for business or organization 5.36 Security Test Plan: Scope Meets “Proficient” criteria and response demonstrates nuanced understanding of using established cybersecurity standards in developing the scope of security test plans Determines scope of risk assessment, based on analysis of security breach a nd established cybersecurity standards Determines scope of risk assessment, but response has gaps in accuracy or detail or is not based on analysis or established standards Does not determine scope of risk assessment 4 Security Test Plan: Resources Meets “Proficient” criteria and response demonstrates nuanced understanding of using established cybersecurity standards in developing security test plans and assigning resources Documents resources required for risk assessment, based on analysis of security breach and established cybersecurity standards Documents resources required for risk assessment, but response has gaps in accuracy or detail or is not based on analysis or established standards Does not document resources required for risk assessment 4 Security Test Plan: Hardware and Software Meets “Proficient” criteria and response demonstrates nuanced understanding of using established cybersecurity standards in determining hardware and software within target of risk assessment Creates list of system hardware and software within target of risk assessment, based on analysis of security breach and established cybersecurity standards Creates list of system hardware and software within target of risk assessment, but respon se has gaps in accuracy or detail or is not based on analysis or established standards Does not create list of system hardware and software within target of risk assessment 4 Security Test Plan: Tools Meets “Proficient” criteria and response demonstrates nuanced understan ding of using established cybers ecurity standards in developing security test plans with appropriate tools Determines necessary tools for risk assessment, based on list of system hardware and software, analysis of security bre ach, and established cybersecurity standards Determines necessary tools for risk assessment but response is not based on list of hardware and software, breach analysis, or established standards or has gaps in accuracy or detail Does not determine necessary tools for risk assessment 4 Risk Mitigation:

Security Controls Meets “Proficient” criteria and security controls demonstrate nuanced understanding of risk mitigation Creates at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur Creates at least five security controls, but not all controls mitigate future risks by ensuring that the security breach will not reoccur Does not create at least five security controls 5.36 Risk Mitigation: Vulnerabilities Meets “Proficient” criteria and response demonstrates keen insight into using security controls to address application, website, and network vulnerabilities Explains how security controls will mitigate risks by redu cing application, website, and network vulnerabilities Explains how security controls will mitigate risks by reducing application, website, and network vulnerabilities, but with gaps in clarity, detail, or accuracy Does not explain how security controls will mitigate risks by reducing application, website, and network vulnerabilities 5.36 Risk Mitigation: Evaluation Meets “Proficient” criteria and explanation demonstrates deep understanding of security controls Explains criteria for measuring controls to ensure they are properly implemented Explains criteria for measuring controls to ensure they are properly implemented, but with gaps in accuracy or logic Does not explain criteria for measuring controls to ensure they are properly imp lemented 5.36 Conclusion:

Communication Meets “Proficient” criteria and response demonstrates keen insight into relationship between communication challenges and risk assessment Documents interpersonal communication issues encountered within risk assessment team and explains how issues were resolved Documents interpersonal communication issues encountered within risk assessment team and explains how issues were resolved, but with gaps in clarity, detail, or accuracy Does not document interpers onal communication issues encountered within risk assessment team and explain how issues were resolved 5.36 Conclusion: Organizational Culture Meets “Proficient” criteria and response demonstrates keen insight into relationship between organizational culture challenges and risk assessment Describes challenges to organizational culture that occurred as a result of the security breach, addressing impact of security breach on reputation of business or organization Describes challenges to organizational culture that occurred as a result of the security breach, addressing impact of security breach on reputation of business or organization, but with gaps in clarity, detail, or accuracy Does not describe challenges to organizational culture tha t occurred as a result of the security breach, addressing impact of security breach on reputation of business or organization 5.36 Conclusion: Recommendations Meets “Proficient” criteria and recommended methods demonstrate nuanced understanding of impact of organizational culture and communication challenges on information security Recommends appropriate methods for reducing impact of communication and organizational culture issues in future risk assessments Recommends methods for reducing impact of communication and organizational culture issues in future risk assessments, but with gaps in appropriateness or applicability Does not recommend methods for reducing impact of communication and organizational culture challenges in future risk assessments 5.36 Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is prese nted in a professional and easy -to-read format Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, g rammar, spelling, syntax, or organization that prevent understanding of ideas 3.6 Total 100%

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!