Unit 10 IT595
Unit 3 Assignment 1
Unit 3 Assignment 1
Unit 3 IT595
Clifford Shells
Purdue University Global
IT595: Master’s Capstone in Cybersecurity Management
December 20, 2024
Milestone 1: Project Launch - Status Report
Milestone 1 of the cybersecurity project, titled "Project Launch," focused on initiating the project's foundational elements. This included plotting a vulnerability scan for the architecture at the endpoints, consulting with the stakeholders, and developing an elaborate charter for the project. Further, the job execution of activities requires assembling a comprehensive working map, defining roles and responsibilities, and formulating effective means of assessing work implementation (Cohen, Naseraldin, Chaudhuri, & Pilati, 2019). These endeavors assumed that caning stakeholders would lead to the successful implementation of technology in the following phases.
Evaluation of Cybersecurity Theories, Principles, and Best Practices
This milestone incorporated foundational cybersecurity theories and principles for effective planning and assessment. In its basic form, the Zero Trust Model entailed verifying every user and every device for an attempt to access certain resources to avoid intrusions (Daah, Qureshi, Awan, & Konur, 2024). This model fits modern cybersecurity requirements as those who rely on implicit trust and allow access only this way go through the authentication and authorization layers.
Figure 1: Zero Trust Core Principles (gartner, 2024)
This was followed by the Defense-in-Depth Strategy which was focused on a detailed security measure for the right protection of that important asset. This is another strategy in protection since it distributes the risk across the network and the system and endpoint; thus, irrespective of the system getting attacked, the rest of the layers protect the property.
Figure 2: Defense-in-Depth Strategy (wiz, 2024)
Recent cybersecurity strategies were explored and integrated into the planning phase to address endpoint security:
· Endpoint Detection and Response (EDR): Tools and strategies were identified to enhance visibility into endpoints, enabling rapid detection and mitigation of threats (Arfeen, Ahmed, Khan, & Jafri, 2021).
· Multi-Factor Authentication (MFA): Strengthening authentication processes became a priority to mitigate risks from compromised credentials (Cahyaningrum, 2024).
Figure 3: Multi-Factor Authentication (MFA) (nist, 2024)
· AI-Powered Threat Detection: Leveraging artificial intelligence for predictive analytics and real-time threat identification was incorporated as a best practice for long-term endpoint protection (Prince, et al., 2024).
These principles and strategies informed the vulnerability assessment process and laid the groundwork for a secure and effective implementation plan.
Work Breakdown Structure (WBS) Summary
A detailed Work Breakdown Structure (WBS) was created to monitor tasks, timelines, and dependencies. The following outlines the key tasks and their planned vs. actual durations:
|
Task |
Planned Duration |
Actual Duration |
|
Stakeholder Identification and Meetings |
5 days |
6 days |
|
Vulnerability Assessment |
7 days |
8 days |
|
Drafting the Project Charter |
4 days |
4 days |
|
Planning Work Schedule and Assignments |
3 days |
2 days |
The WBS, presented in a detailed table format as part of the evidence, shows slight deviations in some areas due to unforeseen challenges. These adjustments were necessary to accommodate stakeholder feedback and additional insights from the vulnerability assessment.
Figure 4: Work Breakdown Structure (WBS)
Lessons Learned
The planning phase of the project offered valuable insights and highlighted areas for improvement. One key takeaway was the importance of stakeholder collaboration (Canfield, Mulvaney, & Chatelain, 2022). The inclusion of the stakeholders was also found useful in arrival at other issues, particularly the remote endpoints. These questions elicited imperatives for corrections on the holistic nature of the implemented project. The next lesson related to working on the table of the school week, which was determined during classes. The detailed vulnerability assessment process was slower in comparison with the planned work schedule because of multiple system reactiveness. This brought a good realization of the fact that there should be buffer periods to be included in the other timelines of the future. Lastly, flexibility appeared as the final key dimension which defines the success of LEPs (Dörnyei, 2020). Considering other stakeholders’ feedback and technical analysis was therefore useful in chasing goal congruence and overseeing all concerns as seen above. All these lessons will be taken to future milestones to improve efficiency, flexibility, and overall project outcome.
Conclusion
Milestone 1 achieved the goal by ensuring that all the stakeholders were on board, the risks in need of cybersecurity were identified, and a solid blueprint for this project had been developed. The experience from this phase will be taken forward in subsequent activities to achieve better results and timely completion of the project objectives.
References Arfeen, A., Ahmed, S., Khan, M. A., & Jafri, S. F. (2021). Endpoint detection & response: A malware identification solution. 2021 International Conference on Cyber Warfare and Security (ICCWS), 1-8. https://doi.org/10.1109/ICCWS53234.2021.9703010 Cahyaningrum, Y. (2024). Evaluation of System Access Security in The Implementation of MultiFactor Authentication (MFA) in Educational Institutions. Journal of Practical Computer Science, 11-19. http://repository.isi-ska.ac.id/6772/1/Evaluation%20of%20System%20Access_Yuniana-UPLOAD.pdf Canfield, K. N., Mulvaney, K., & Chatelain, C. D. (2022). Using researcher and stakeholder perspectives to develop promising practices to improve stakeholder engagement in the solutions-driven research process. Socio-Ecological Practice Research, 189-203. https://doi.org/10.1007/s42532-022-00119-5 Cohen, Y., Naseraldin, H., Chaudhuri, A., & Pilati, F. (2019). Assembly systems in Industry 4.0 era: a road map to understand Assembly 4.0. The International Journal of Advanced Manufacturing Technology, 4037-4054. https://doi.org/10.1007/s00170-019-04203-1 Daah, C., Qureshi, A., Awan, I., & Konur, S. (2024). Enhancing zero trust models in the financial industry through blockchain integration: A proposed framework. Electronics, 865. https://doi.org/10.3390/electronics13050865 Dörnyei, K. R. (2020). Limited edition packaging: objectives, implementations and related marketing mix decisions of a scarcity product tactic. Journal of Consumer Marketing, 617-627. https://www.researchgate.net/profile/Krisztina-Doernyei/publication/342467438_Limited_edition_packaging_objectives_implementations_and_related_marketing_mix_decisions_of_a_scarcity_product_tactic/links/604b5a3192851c1bd4e31b58/Limited-edition-packaging-objectives-implementations-and-related-marketing-mix-decisions-of-a-scarcity-product-tactic.pdf gartner. (2024). Implement Zero-Trust Architecture to Adapt to a Shifting Threat Landscape. Retrieved from gartner: https://www.gartner.com/en/cybersecurity/topics/zero-trust-architecture nist. (2024). Multifactor authentication. Retrieved from nist: https://www.nist.gov/image/multifactor-authentificatonpng Prince, N. U., Faheem, M. A., Khan, O. U., Hossain, K., Alkhayyat, A., Hamdache, A., & Elmouki, I. (2024). AI-Powered Data-Driven Cybersecurity Techniques: Boosting Threat Identification and Reaction. Nanotechnology Perceptions, 332-353. https://www.researchgate.net/profile/Muhammad-Ashraf-Faheem/publication/384441701_AI-Powered_Data-Driven_Cybersecurity_Techniques_Boosting_Threat_Identification_and_Reaction/links/66f9408a9e6e82486ff584e0/AI-Powered-Data-Driven-Cybersecurity-Techniques-Boosting-Threat-Identification-and-Reaction.pdf wiz. (2024, November 8). What is Defense in Depth? Best Practices for Layered Security. Retrieved from wiz: https://www.wiz.io/academy/defense-in-depth