$6-2$ Project Two Submission: IDS Analysis Paper

Overview

There are different ways to implement intrusion detection system $($IDS$)$ technologies. Must stay up$-$to$-$date with industry literature about mitigation strategies and malware remediation so that you know how to prevent an attack. Cybersecurity is a field that can change daily, so you will continue learning and growing even after you complete your degree program. Evolving with the field and staying up to date are critical aspects for success and excellence in this field.

It is important to recognize that IDS is not a one$-$size$-$fits$-$all tool. An IDS can be configured in three different ways:

It can test for anomalies.

It can be heuristic$-$based.

It can be a hybrid of the two.

Configuring the IDS to meet specific business needs will reduce the amount of time an analyst needs to explore log files and other information the IDS generates. The analyst should be left to handle the alerts generated by the properly configured system.

When implementing controls to protect a system, always consider confidentiality, integrity, and availability, using proactive mindset to develop the best protection for the system. It is important to examine possible indicators of an attack and how other aspects of a system can be affected. Malware is a great example of an attack that affects all tenets of the confidentiality, integrity, and availability $($CIA$)$ triad.

For this project, create an IDS Analysis Paper that examines the interaction of the CIA triad security objectives and an IDS configuration. Your analysis should explain the practical application of IDSes in a scenario that you choose.

In this assignment, you will demonstrate your mastery of the following competency:

Implement an intrusion detection system $($IDS$)$

Prompt

IDS and Security Objectives$$Critical Thinking Questions

A$.$ What component of an IDS is best prepared to help with the loss of confidentiality?

B$.$ What are the indicators of malware that an IDS could detect that may result in the loss of integrity?

C$.$ How can an IDS be used to detect the loss of availability?

Configuring an IDS$$Scenario Based Questions

D$.$ Create a brief fictitious scenario of a company that resides within two buildings. Include a short profile of its data assets, industry, and size. For example, Southern New Hampshire High School has an administration building and an academic building. Its industry is education, and there are $500$ students and employees. The data assets it protects are student records and employee records.

E$.$ Identify two components that you would implement to provide the best IDS protection for your fictitious company. Justify your response.