ISE 510 Final Project Guidelines and Rubric
The final project for this course is the creation of a security breach analysis and recommendations.
The relevance of risk assessment cannot be overemphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Organizations seek to understand their compliance status for current regulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploited.
For your final project, you will analyze an information security breach that has already occurred. This will place you in the role of a risk assessment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such roles will continue to gain relevance as organizations and governments continue to move sensitive financial information, personal health information (PHI), and personally identifiable information (PII) across publicly accessible networks and storage devices.
For the final project for this course, you will analyze an information security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec) you will play in Module Three. In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach, and applicable regulations to the organization. Then, you will develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur.
The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven. The final product will be submitted in Module Nine.
This assessment addresses the following course outcomes:
Determine how cybersecurity attacks occur in organizations through analysis of security breaches
Evaluate incident response processes for their effectiveness in ensuring business continuity in support of organizational goals
Assess the impact of cybersecurity regulations on the information security of organizations
Create security test plans for networks, applications, or physical security assessment projects based on established cybersecurity standards
Develop risk mitigation strategies for addressing application, website, and network vulnerabilities
Recommend methods to reduce the impact of organizational culture and communication challenges that could affect cybersecurity risk assessment in a diversified world
Your security breach analysis and recommendations should answer the following prompt: Using your Final Project Scenario and gameplay from the educational video game Agent Surefire: InfoSec that you will complete in Module Three, analyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and recommendations that reduce the impact of organizational culture and communication challenges.
Specifically, the following critical elements must be addressed:
I. Introduction: Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your profile, you could consider the industry in which the business or organization operates and the product or service that is the focus, for example.
II. II. Security Breach: In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breach and explaining how the breach occurred. Specifically, you should:
A. Attack Location: Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For example, was the network attacked? Or was the company website hacked?
B. Attack Method and Tools: Analyze the security breach to determine the method and tools that were used to effect the attack. In other words, how did the attack occur?
C. Vulnerabilities: Based on your analysis, what vulnerabilities of the business or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer?
III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach. Specifically, you should:
A. Actions: What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business or organization do to address the vulnerabilities and resume normal system operations after the breach?
B. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals?
IV. Impact: In this section, you will discuss the possible impacts of applicable cybersecurity regulations to the business or organization. Specifically, you should:
A. Application: Describe the government and industry regulations that apply to the business or organization in relation to the security breach. For example, what legislation, directives, and policies relate to the security breach?
B. Impact: How do these regulations impact the business or organization and its information security? Support your response with specific examples.
C. Financial and Legal Implications: Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example?
V. Security Test Plan: In this section, you will develop a security test plan for the breached system, basing your plan on your analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST). Specifically, you should:
A. Scope: Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed?
B. Resources: Document the resources required for the risk assessment. In other words, what do you need to actually do the assessment?
C. Hardware and Software: Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing? D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created.
VI. Risk Mitigation: In this section, you will create security controls to ensure that the breach will not reoccur. Specifically, you should:
A. Security Controls: Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. These controls can be technical, administrative, or personnel security controls, for example.
B. Vulnerabilities: How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities?
C. Evaluation: What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated?
VII. Conclusion: In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Specifically, you should:
A. Communication: Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved?
B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization.
C. Recommendations: What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments?
Milestone One: Kickoff Agenda In Module Three, you will submit a kickoff agenda. This milestone will be graded with the Milestone One Rubric.
Milestone Two: Test Plan In Module Five, you will submit a test plan. This milestone will be graded with the Milestone Two Rubric