Unit 10 IT595
Unit 7 Assignment 1
Unit 7 Assignment 1
Unit 7 IT595
Clifford Shells
Purdue University Global
IT595: Master’s Capstone in Cybersecurity Management
January 25, 2025
Milestone 3: Implementation and Testing - Status Report
Implementation and Testing were recognizable as the last step of the cybersecurity project at milestone 3, which executes the Zero Trust security model and evaluates the performance of the model. The second phase of the process was dedicated to more precise activities involved in tool implementation, including rolling out MFA and EDR solutions as native components of the systems employed. This also entailed the performance of the security evaluation known as the Penetration Test and the User Acceptance Test or UAT (Ali, Ullah, Islam, & Hossain, 2025).
Figure 1 Steps to Design a Zero Trust System (geeks for geeks, 2024)
Figure 2 Flow Diagram of Multifactor Authenticator Code (login radius, 2025)
This paper contains the stakeholders' recommendations, tasks accomplished, new WBS, and the experience gained while implementing the report's milestones.
Recommendations for Stakeholders
Based on this milestone, the following cybersecurity theories and frameworks are recommended for managing risks, threats, and vulnerabilities:
Zero Trust Model: People should use the never trust, always verify approach (Buck, Olenberger, Schweizer, Völter, & Eymann, 2021). This model removes the attack surface by continuously validating users, devices, and network activity at every organizational level. Micro-segmentation is used to restrict amounts of lateral mobility by segmenting the network into protection rings, while the integration of MFA guarantees strong authentication of users.
Defense-in-Depth Framework: Bi-security measures should remain a priority. EDR, firewalls, and encryption prevent ongoing attacks and minimize data leakage even if an attacker is already inside the network.
Continuous Monitoring and Threat Detection: To introduce real-time AI analytics for anomaly detection and menace prediction, it should be noted that.
Regular Penetration Testing: Penetration testing is conducted periodically to ensure that the security measures available and recently implemented have been assessed and revised.
Figure 3 Penetration Testing Flow Chart
Tasks Completed
During this milestone, the following tasks were conducted:
1. Tool Deployment:
Implemented MFA and set up authentication effects to heighten user identification—Consolidated capable EDR products for endpoint detection and quick threat reaction.
2. Penetration Testing:
Various forms of penetration testing are used to discover weaknesses that an adversary may notice in the system. There were documented vulnerabilities, applied patches were made, and re-secured to attest compliance.
3. User Acceptance Testing (UAT):
Users were interviewed to discover problems with the interface and its functions. Several comments from advanced users were assembled, and changes were integrated to enhance general usability for all.
4. Documentation and Reporting:
Designed elaborate configurations for the systems and records of tests and feedback. Revised the WBS to incorporate actual time and variations from the baseline schedule.
Updated Work Breakdown Structure (WBS)
Table 1 Work Breakdown Structure (WBS)
|
Task |
Planned Duration (days) |
Actual Duration (days) |
Notes |
|
MFA Deployment |
3 |
4 |
Additional day for fine-tuning. |
|
EDR Configuration |
4 |
4 |
Completed as scheduled. |
|
Penetration Testing |
5 |
6 |
Required more retesting cycles. |
|
User Acceptance Testing |
3 |
4 |
Additional day for stakeholder input. |
|
Final Documentation |
2 |
2 |
Completed as planned. |
Lessons Learned
1. Importance of Thorough Testing: Many newcomers tried penetration testing and were surprised by some loopholes discovered, pointing out that tests should not be a one-time event.
2. Stakeholder Involvement: UAT supported identifying stakeholders’ need for engagement during implementation. Based on their feedback, we improved by avoiding potential usability problems.
3. Flexibility in Planning: Delays in some activities made the groups realize that a time buffer should be incorporated into the identified project schedule.
4. Value of Documentation: Each environment's configuration, test results, and adjustments were adequately documented and well communicated to keep track of the changes and promote efficiency as people changed their duties.
Conclusion
Therefore, this Mobile Computing project reached the goals set for Milestone 3 by implementing the Zero Trust model and assessing its efficacy. MFA also proved valuable with EDR, where penetration testing offered security confidence in endpoint functionality and UAT-tested usability. These accomplishments and what have been learned provide a good platform for keeping a secure and flexible organizational environment. Submissions of system configurations, tests, and feedback documentation are submitted to support the completion of the milestone.
References
Ali, M., Ullah, A., Islam, M. R., & Hossain, R. (2025). Assessing of software security reliability: Dimensional security assurance techniques. Computers & Security, 150, 104230. https://doi.org/10.1016/j.cose.2024.104230
Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security, 11, 102436. https://doi.org/10.1016/j.cose.2021.102436
Geeks for geeks. (2024, Sep 09). Zero Trust Architecture - System Design. Retrieved from geeks for geeks: https://www.geeksforgeeks.org/zero-trust-architecture-system-design/
Login radius. (2025). Authenticator Workflow. Retrieved from login radius: https://www.loginradius.com/docs/api/v2/customer-identity-api/multi-factor-authentication/authenticator/overview/