Order from us for quality, customized work in due time of your choice.
Template and pdf attached for assignment
Overview
In this case study assignment,
Template and pdf attached for assignment
Overview
In this case study assignment, we will continue to investigate the
Fundamental Security Design Principles at work in a real-world scenario.
Through the lens of data protection, we will analyze the following
principles:
Least Privilege
Layering (Defense in Depth)
Fail-Safe Defaults / Fail Secure
Modularity
Usability
Note: You will be engaging with this scenario again in the Module Three discussion.
Case Study Scenario
You are a cybersecurity analyst working at a prominent regional
hospital. On Monday morning, the organization’s technology help desk
received a call from Dr. John Beard, a long-time resident physician. Dr.
Beard called them to report that his company laptop was stolen from his
car after he stopped to work out at a local gym on his way home from
the office.
A representative from the help desk informed you of the theft and
also mentioned that Dr. Beard stated that his laptop case contained a
USB thumb drive that he purchased to “back up” important patient files
he saved onto his laptop. Dr. Beard also revealed that his daily planner
“might have” been in the bag and that the planner had his hospital
computer user name and password written on the back cover. Prior to
ending the call, Dr. Beard told the representative that he would call
her back if his daily planner turned up.
As your conversation with the help desk representative wound down,
she commented that Dr. Beard has many different computer “issues” that
keep her team busy. She recalled talking to Dr. Beard about the
hospital’s policy against accessing patient files remotely and his
annoyance with her inability to help him “get work done” while away from
the hospital. And just a week ago, a junior member of her team
completed a service ticket to reconfigure Dr. Beard’s laptop to grant
him administrative rights. The service request stuck out because it did
not have a “reason” indicated (a company policy requirement) but was
still approved by James Davis, the hospital’s senior system
administrator and close personal friend of Dr. Beard.
Prompt
After reading the scenario above, complete the Fundamental Security
Design Principles mapping table in the Case Study Template and answer
the short response questions. You’ll notice that the listed Fundamental
Security Design Principles differ from those presented in previous
activities. In the cybersecurity trade, there are many different design
principles and frameworks. Successful practitioners learn to work with
many different (but conceptually similar) principles to achieve their
security goals.
Specifically, you must address the critical elements listed below:
Fundamental Security Design Principles Mapping: Fill in the table in
the Module Two Case Study Template by completing the following steps
for each control recommendation:
Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X.
Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation.
Explain your choices in one to two sentences, providing a selection-specific justification to support your decision.
Short Response Questions:
How might you work with someone like Dr. Beard to cultivate a security mind-set
that is more in line with the organization’s ethical norms? Hint:
Consider his attitude, his past behaviors, and his opinion about
organizational policies.
How would you help the hospital better secure its
patient files? Make sure to incorporate at least one data state
(data-at-rest, data-in-use, or data-in-motion) and one of the control
recommendations from your completed table in your response.
What to Submit
Submit your completed Fundamental Security Design Principles map and
short response answers in the Module Two Case Study Template. Your
submission should be 1–2 pages in length (plus a cover page and
references, if used) and written in APA format. Use double spacing,
12-point Times New Roman font, and one-inch margins. Use a filename that
includes the course code, the assignment number, and your name—for
example, CYB_100_1- 4_Neo_Anderson.docx.
Module Two Case Study Activity Rubric
Criteria Proficient (100%) Needs Improvement (65%) Not Evident (0%) Value
Mapping: Fundamental Security Design Principle Specifies which Fundamental Security Design Principle applies to at least 8 of the control recommendations Specifies which Fundamental Security Design Principle applies to fewer than 8 of the control recommendations Does not address critical element, or response is irrelevant 20
Mapping: Security Objective Indicates which security objective (CIA) best applies to 8 or more control recommendations Indicates which security objective (CIA) best applies to fewer than 8 control recommendations Does not address critical element, or response is irrelevant 20
Mapping: Explain Explains choices with relevant justifications for at least 8 of the control recommendations Explains choices with relevant justifications for fewer than 8 of the control recommendations Does not address critical element, or response is irrelevant 25
Short Response: Cultivating Mindset Explains how you might work with
someone like Dr. Beard to cultivate a security mindset that is more in
line with the organization’s ethical norms Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10
Short Response: Better Secure Explains how you would help the
hospital better secure its patient files incorporating at least one data
state (data-at-rest, data-in-use, or data-in-motion) and one of the
control recommendations from your table Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 20
Articulation of Response Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors
related to citations, grammar, spelling, or organization that negatively
impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 5
Total: 100%
Order from us for quality, customized work in due time of your choice.