Question
In this case study assignment, we will continue to investigate the Fundamental Security Design Principles at work in a real-world scenario. Through the lens of
In this case study assignment, we will continue to investigate the Fundamental Security Design Principles at work in a real-world scenario. Through the lens of data protection, we will analyze the following principles:
- Least Privilege
- Layering (Defense in Depth)
- Fail-Safe Defaults / Fail Secure
- Modularity
- Usability
Note: You will be engaging with this scenario again in the Module Three discussion.
You are a cybersecurity analyst working at a prominent regional hospital. On Monday morning, the organization's technology help desk received a call from Dr. John Beard, a long-time resident physician. Dr. Beard called them to report that his company laptop was stolen from his car after he stopped to work out at a local gym on his way home from the office.
A representative from the help desk informed you of the theft and also mentioned that Dr. Beard stated that his laptop case contained a USB thumb drive that he purchased to "back up" important patient files he saved onto his laptop. Dr. Beard also revealed that his daily planner "might have" been in the bag, and that the planner had his hospital computer user name and password written on the back cover. Prior to ending the call, Dr. Beard told the representative that he would call her back if his daily planner turned up.
As your conversation with the help desk representative wound down, she commented that Dr. Beard had many different computer "issues" that keep her team busy. She recalled talking to Dr. Beard about the hospital's policy against accessing patient files remotely, and his annoyance with her inability to help him "get work done" while away from the hospital. And just a week ago, a junior member of her team completed a service ticket to reconfigure Dr. Beard's laptop to grant him administrative rights. The service request stuck out because it did not have a "reason" indicated (a company policy requirement), but was still approved by James Davis, the hospital's senior system administrator and close personal friend of Dr. Beard.
Prompt
After reading the scenario above, complete the Fundamental Security Design Principles mapping table in the Case Study Template and answer the short response questions. You'll notice that the listed Fundamental Security Design Principles differ from those presented in previous activities. In the cybersecurity trade, there are many different design principles and frameworks. Successful practitioners learn to work with many different (but conceptually similar) principles to achieve their security goals.
Specifically, you must address the critical elements listed below:
- Fundamental Security Design Principles Mapping: Fill in the table in the Module Two Case Study Template by completing the following steps for each control recommendation:
- Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X.
- Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation.
- Explain your choices in one to two sentences, providing a selection-specific justification to support your decision.
- Short Response Questions:
- How might you work with someone like Dr. Beard to cultivate a security mind-set that is more in line with the organization's ethical norms? Hint: Consider his attitude, his past behaviors, and his opinion about organizational policies.
- How would you help the hospital better secure its patient files? Make sure to incorporate at least one data state (data-at-rest, data-in-use, or data-in-motion) and one of the control recommendations from your completed table in your response.
What to Submit
Submit your completed Fundamental Security Design Principles map and short response answers in the Module Two Case Study Template. Your submission should be 1-2 pages in length (plus a cover page and references, if used) and written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a filename that includes the course code, the assignment number, and your namefor example, CYB_100_1- 4_Neo_Anderson.docx.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Fundamental Security Design Principles Mapping Control Recommendation Least Privilege Layering Defense in Depth FailSafe Defaults Fail Secure Modularity Usability Security Objective Restrict remote ac...Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started