Unit 10 IT595

profileshells0143
CShells-IT595Assignment-Unit7.docx

Unit 7 Assignment 1

Unit 7 Assignment 1

Unit 7 IT595

Clifford Shells

Purdue University Global

IT595: Master’s Capstone in Cybersecurity Management

January 25, 2025

Milestone 3: Implementation and Testing - Status Report

Implementation and Testing were recognizable as the last step of the cybersecurity project at milestone 3, which executes the Zero Trust security model and evaluates the performance of the model. The second phase of the process was dedicated to more precise activities involved in tool implementation, including rolling out MFA and EDR solutions as native components of the systems employed. This also entailed the performance of the security evaluation known as the Penetration Test and the User Acceptance Test or UAT (Ali, Ullah, Islam, & Hossain, 2025).

Lightbox

Figure 1 Steps to Design a Zero Trust System (geeks for geeks, 2024)

A diagram of a flowchart  Description automatically generated

Figure 2 Flow Diagram of Multifactor Authenticator Code (login radius, 2025)

This paper contains the stakeholders' recommendations, tasks accomplished, new WBS, and the experience gained while implementing the report's milestones.

Recommendations for Stakeholders

Based on this milestone, the following cybersecurity theories and frameworks are recommended for managing risks, threats, and vulnerabilities:

Zero Trust Model: People should use the never trust, always verify approach (Buck, Olenberger, Schweizer, Völter, & Eymann, 2021). This model removes the attack surface by continuously validating users, devices, and network activity at every organizational level. Micro-segmentation is used to restrict amounts of lateral mobility by segmenting the network into protection rings, while the integration of MFA guarantees strong authentication of users.

Defense-in-Depth Framework: Bi-security measures should remain a priority. EDR, firewalls, and encryption prevent ongoing attacks and minimize data leakage even if an attacker is already inside the network.

Continuous Monitoring and Threat Detection: To introduce real-time AI analytics for anomaly detection and menace prediction, it should be noted that.

Regular Penetration Testing: Penetration testing is conducted periodically to ensure that the security measures available and recently implemented have been assessed and revised.

A diagram of a company  Description automatically generated

Figure 3 Penetration Testing Flow Chart

Tasks Completed

During this milestone, the following tasks were conducted:

1. Tool Deployment:

Implemented MFA and set up authentication effects to heighten user identification—Consolidated capable EDR products for endpoint detection and quick threat reaction.

2. Penetration Testing:

Various forms of penetration testing are used to discover weaknesses that an adversary may notice in the system. There were documented vulnerabilities, applied patches were made, and re-secured to attest compliance.

3. User Acceptance Testing (UAT):

Users were interviewed to discover problems with the interface and its functions. Several comments from advanced users were assembled, and changes were integrated to enhance general usability for all.

4. Documentation and Reporting:

Designed elaborate configurations for the systems and records of tests and feedback. Revised the WBS to incorporate actual time and variations from the baseline schedule.

Updated Work Breakdown Structure (WBS)

Table 1 Work Breakdown Structure (WBS)

Task

Planned Duration (days)

Actual Duration (days)

Notes

MFA Deployment

3

4

Additional day for fine-tuning.

EDR Configuration

4

4

Completed as scheduled.

Penetration Testing

5

6

Required more retesting cycles.

User Acceptance Testing

3

4

Additional day for stakeholder input.

Final Documentation

2

2

Completed as planned.

Lessons Learned

1. Importance of Thorough Testing: Many newcomers tried penetration testing and were surprised by some loopholes discovered, pointing out that tests should not be a one-time event.

2. Stakeholder Involvement: UAT supported identifying stakeholders’ need for engagement during implementation. Based on their feedback, we improved by avoiding potential usability problems.

3. Flexibility in Planning: Delays in some activities made the groups realize that a time buffer should be incorporated into the identified project schedule.

4. Value of Documentation: Each environment's configuration, test results, and adjustments were adequately documented and well communicated to keep track of the changes and promote efficiency as people changed their duties.

A diagram of a flowchart  Description automatically generated

Conclusion

Therefore, this Mobile Computing project reached the goals set for Milestone 3 by implementing the Zero Trust model and assessing its efficacy. MFA also proved valuable with EDR, where penetration testing offered security confidence in endpoint functionality and UAT-tested usability. These accomplishments and what have been learned provide a good platform for keeping a secure and flexible organizational environment. Submissions of system configurations, tests, and feedback documentation are submitted to support the completion of the milestone.

References

Ali, M., Ullah, A., Islam, M. R., & Hossain, R. (2025). Assessing of software security reliability: Dimensional security assurance techniques. Computers & Security, 150, 104230. https://doi.org/10.1016/j.cose.2024.104230

Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security, 11, 102436. https://doi.org/10.1016/j.cose.2021.102436

Geeks for geeks. (2024, Sep 09). Zero Trust Architecture - System Design. Retrieved from geeks for geeks: https://www.geeksforgeeks.org/zero-trust-architecture-system-design/

Login radius. (2025). Authenticator Workflow. Retrieved from login radius: https://www.loginradius.com/docs/api/v2/customer-identity-api/multi-factor-authentication/authenticator/overview/

image3.jpeg

image4.jpeg

image1.png

image2.png