case study

CYB 200 Module Three Case Study Template After reviewing the scenario in the Module Three Case Study Activity Guidelines and Rubric document, fill in the table below by completing the following steps:

1. Specify which Fundamental Security Design Principle applies to the control recommendations by marking the appropriate cells with an X. 2. Indicate which security objective (confidentiality, availability, or integrity) applies best to the control recommendations. 3. Explain your choices in one to two sentences with relevant justifications.

Control Recommendations

Isolation Encapsulation Complete Mediation

Minimize Trust Surface

(Reluctance to Trust)

Trust Relationships

Security Objective Alignment

(CIA)

Explain Your Choices (1–2 sentences)

Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals.

Monitor all traffic leaving the organization to detect any unauthorized use.

Use an automated tool, such as host-based data loss prevention, to enforce access controls to data even when data is copied off a system.

Physically or logically

Control Recommendations

Isolation Encapsulation Complete Mediation

Minimize Trust Surface

(Reluctance to Trust)

Trust Relationships

Security Objective Alignment

(CIA)

Explain Your Choices

(1–2 sentences)

segregated systems should be used to isolate higher-risk software that is required for business operations.

Make sure that only the resources necessary to perform daily business tasks are assigned to the end users performing such tasks.

Install application firewalls on critical servers to validate all traffic going in and out of the server.

Require all remote login access and remote workers to authenticate to the network using multifactor authentication.

Restrict cloud storage access to only the users authorized to have access, and include authentication verification through the

Control Recommendations

Isolation Encapsulation Complete Mediation

Minimize Trust Surface

(Reluctance to Trust)

Trust Relationships

Security Objective Alignment

(CIA)

Explain Your Choices

(1–2 sentences)

use of multi-factor authentication.

Make sure all data-in- motion is encrypted.

Set alerts for the security team when users log into the network after normal business hours, or when users access areas of the network that are unauthorized to them.

After you have completed the table above, respond to the following short questions:

1. Is it possible to use DataStore and maintain an isolated environment? Explain your reasoning.

2. How could the organization have more effectively applied the principle of minimizing trust surface with DataStore to protect its confidential data? Explain your reasoning.

3. How can the organization build a more security-aware culture from the top down to prevent mistakes before they happen? Explain your reasoning.