Unit 10 IT595

Unit 1 Assignment 1

Unit 1 Assignment 1

Unit 1 IT595

Clifford Shells

Purdue University Global

IT595: Master’s Capstone in Cybersecurity Management

December 8, 2024

Introduction

As cyber threats continue to evolve and become more pronounced, higher levels of security in organizational contexts have become relevant. Organizations must proactively manage employee stress, persistent skills shortages, budgetary constraints, and rising cyber risks as cyber threats increase in complexity and frequency. The cybersecurity landscape is changing more quickly than ever, according to ISACA's 2024 State of Cybersecurity report, which compiled opinions from 1,868 cybersecurity experts globally. Endpoint security has become an issue of concern since most endpoints- laptops, smartphones, workstations, and others are central to most breaches (McKinsey & Company, 2022). This proposal provides a broad plan to address a core goal of the organization, the protection of endpoint devices through a zero-trust security design. Identity verification, micro-segmentation, and advanced threat vector identification are proposed as innovative principles to reduce risks associated with topping and data leakage to reflect modern approaches to cybersecurity.

Background of Organization

The proposed project will be based on a mid-sized financial services company with around 500 employees following a hybrid working modality. The described organization's efficiency correlates with the need to protect confidential financial information exchanged between employees, clients, and partners. The company’s most recent penetration test established serious weaknesses in its endpoint protection, especially in client devices (Kamruzzaman et al., 2022). These security gaps can lead to an elevated risk towards data integrity, non-compliance with regulations such as the GDPR, and a profound impact on the organization's reputation.

Problem

Conventional security based on the perimeter has not been adequate to guard organizations against new cyber threats. Devices ranging from laptops and tablets to wearables and smart speakers are now susceptible to endpoint security hazards, and network-connected printers can even be dangerous for businesses.

The increase in flexible work arrangements has contributed to the proliferation of endpoint devices. The prevalence of remote work has increased, and companies depend more on software solutions to collaborate with outside partners. However, because of their weaknesses, these endpoints are increasingly popular targets for hackers. As a result, IT teams now prioritize monitoring and mitigating endpoint security threats. Endpoint security used to be extremely easy: businesses would set up a secure network perimeter, assign and monitor devices, and keep a patching procedure in place to keep systems updated (Chandel et al., 2019).

However, the proliferation of linked devices, whether personal or company-issued, presents unique security challenges for enterprises today. Along with the expansion of devices, there is a persistent threat to IT environments. Even the biggest teams entrusted with monitoring and eliminating these threats are overwhelmed by the hundreds of thousands of new malware varieties that are discovered every day. Remote access to organizational resources and the increased use of BYOD policies only increases these weaknesses. Several gaps in endpoint security management have exposed the organization to APT, phishing, and ransomware threats. The lack of efficient, centralized, trust-based access control is an added problem that cannot be addressed without migrating to a stronger security paradigm.

Purpose of Project

This project aims to mitigate the endpoint security risks mentioned by deploying the Zero Trust security model. This approach, which follows the motto “never trust, always verify,” will require tight identity checks and continuous monitoring of all endpoint devices. Through adopting advanced tools like the MFA and EDR, the project seeks to establish a strong security posture that checks and validates users and endpoints continuously accessing organizational resources.

Endpoint Detection and Response (EDR), sometimes referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that offers ongoing user device monitoring to detect and stop cyber threats like malware and ransomware (Karantzas & Patsakis, 2021). EDR is described as a system that "records and saves endpoint-level activities, employs various data analysis methods to spot suspicious behavior, offers contextual insights, prevents harmful actions, and suggests ways to recover affected systems." Furthermore, by demanding several pieces of identity upon account registration, multi-factor authentication improves security (Suleski et al., 2023). This data is stored by the system so that it can validate the user on future login attempts.

Stakeholders

The project's success will also depend on the full involvement of many stakeholders. Internal stakeholders include the IT department, security departments, directors/CEOs, and others who rely on the end-user devices to perform their activities. External stakeholders, including technology vendors and cybersecurity consultants, will be pivotal in delivering the tools and expertise as the implementation occurs. Regulatory agencies are also helpful for the project since the completed work must conform to the existing norms and standards of the field.

High-Level Costs Associated with the Project

Introducing the Zero Trust security model will cost a budgetary estimate of ninety-five thousand US Dollars. This includes Risk assessment costs ($15000), cost of acquisition of Security tools and technologies including EDR and IAM ($40000), costs in deployment and testing ($25000), and lastly, costs in training employees and documenting procedures ($10000) (Homeland Security, 2023). An additional $ 5000 has also been provided under contingency to meet any unanticipated expenses during the fiscal year. Although the expenses may seem high initially, the long-term advantages of avoiding cyber risks and maintaining compliance overshadow it.

Expected Outcomes of the Project

It should also be noted that the proposed Zero Trust security framework will produce several tangible and intangible outcomes. Some outcomes include fewer security attacks that target endpoints, high compliance with regulatory requirements on data protection, and more effective and secure access controls for users. The project will also help strengthen the organization by establishing it as a pioneer in implementing innovative cybersecurity mechanisms for generating confidence among clients and partners.

Risks to Project Completion and Proposed Mitigations

Several risks may exist and function as obstacles to the successful completion of this project. Employees and stakeholders can also resist the change; hence, it is a challenge that can be managed through education and training and constantly informing them of the gains of the change. Interoperability issues with existing structures often require final checks to assess the congruence before implementation (Huang et al., 2020). Another risk includes the challenges of incurring costs beyond the budgeted amounts, but a competent monitoring of costs and having a contingency fund will minimize this. Last, security during the transition phase is critical and must be conducted by retaining the previous measures until the new system entirely takes shape.

Milestone 1: Project Launch

The first phase focuses on the project's initiation phase through planning and consulting with the stakeholders involved. This phase will initiate meetings to assess and describe the security vulnerabilities in the currently deployed endpoint architecture (Chandel et al., 2019). Each project shall have a clear charter, including the specific deliverables, goals, and expected results. The planning phase will also involve the development of a work schedule and responsibilities, as well as measures of checking the accomplishments made during its execution. This way, all the key stakeholders are on the same page regarding implementing the envisaged project, creating a platform for effective and efficient implementation.

Milestone 2: Risk Assessment & Architecture Design

The second model evaluates the risk and defines the dangerous areas and threats at the organization's endpoint. The assessment will include monitoring network traffic, reading the access logs, and regularly testing potential attack scenarios. Consequently, an appropriate Zero Trust architecture compatible with the organization’s settings will be developed. Some design features are micro-segmentation to reduce the possibility of lateral movement, implementation of MFA to enhance the access controls, and choosing EDR for accurate time threat identification. Scalability will also be considered in the architectural design to allow for growth within the organization in the future.

Milestone 3: Implementation and Testing

The third and final milestone is the implementation of Zero Trust as a security model and conducting tests to assess its efficiency. The steps will involve deploying and setting up some of the chosen tools and technology within existing systems. The system's security will also be assessed using the process referred to as penetration testing. Furthermore, there will be a User Acceptance Testing to capture feedback and fix some problems with the product's usability. This milestone emphasizes iterative testing and improvement that confirms that the deployed system is operational and technically functional.

Milestone 4: Describe in Detail

The last stage is assessing the deployed system's success and fine-tuning the system based on the actual information gathered from the field and consumers. Specific indicators, such as the depreciation of the attempts made by unauthorized personnel and the time required to identify and tackle threats, will be thoroughly monitored through continuous monitoring tools. Such training sessions will be necessary to introduce employees to the new system and to stress security problems and precautions. So, creating and submitting the comprehensive project report is an integral part of the project to describe the results and recommendations for further improvement. This project's last step leaves the organization ready to protect itself from increased threats with time.

Conclusion

The adoption of Zero Trust security architecture for endpoint protection is hailed as a milestone in mitigating cybersecurity risks that confront current businesses. As a result, risks would be reduced, and compliance would be improved by engaging in the latest technologies alongside promoting security awareness within this project. The specific tasks listed in this proposal make clear the steps that must be undertaken to implement the plan of action, guarantee the achievement of organizational goals, and comply with best practices. Lastly, the project aims to develop a long-term sustainable cybersecurity model to protect the organization’s assets and reputation.

References

Chandel, S., Yu, S., Yitian, T., Zhili, Z., & Yusheng, H. (2019). Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). https://doi.org/10.1109/cyberc.2019.00023

Homeland Security. (2023). FY 2024 Budget in Brief. https://www.dhs.gov/sites/default/files/2023-03/DHS%20FY%202024%20BUDGET%20IN%20BRIEF%20%28BIB%29_Remediated.pdf

Huang, C., Koppel, R., McGreevey, J. D., Craven, C. K., & Schreiber, R. (2020). Transitions from One Electronic Health Record to Another: Challenges, Pitfalls, and Recommendations. Applied Clinical Informatics, 11(05), 742–754. https://doi.org/10.1055/s-0040-1718535

Kamruzzaman, A., Ismat, S., Brickley, J. C., Liu, A., & Thakur, K. (2022, December 1). A Comprehensive Review of Endpoint Security: Threats and Defenses. IEEE Xplore. https://doi.org/10.1109/ICCWS56285.2022.9998470

Karantzas, G., & Patsakis, C. (2021). An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors. Journal of Cybersecurity and Privacy, 1(3), 387–421. https://doi.org/10.3390/jcp1030021

McKinsey & Company. (2022, March 10). Cybersecurity trends: Looking over the horizon | McKinsey. Www.mckinsey.com. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/cybersecurity-trends-looking-over-the-horizon

Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023). A Review of multi-factor Authentication on the Internet of Healthcare Things. Digital Health, 9(1). https://doi.org/10.1177/20552076231177144