Week 3 Assignment – Case Study: Cyber Security Breach. Number each question as 1, 2, etc. to match the question number. Use the citation rule. Adequate coverage of a single question (and there is more than one question in this assignment) is possible between 200 and 400 words. Any reference list, diagram, chart, table, etc. included are not counted towards the word limit.

Cyber Security Breach

Cyber Security Breach

Question 1. From all the case studies provided in this weekly module, choose any one case study of your choice (it is your decision which one to choose). Explain the three key characteristics of the cyber security breach in that case study and relate these three characteristics with any of the components of the National Institute of Standards and Technology (NIST), and/or CIS Controls Top 18 and/or OWASP 10. In other words, as you find the characteristics of the cyber security breaches in the case study of your choice, relate them to the lessons on NIST and/or CIS Top 18 and/or OWASP 10. In your answer, match the incident with the specific standard name, or the control number so that I know the exact name of the standard/control. For example, clearly state that it matches with CIS Contol 3 on Data protection because (and elaborate accordingly). For any reason, if you do not find a matching standard or control, explain why. Number each characteristic as i, ii, iii so that I can clearly identify them.

Question 2. If you were in charge of the data breach case study that you have chosen In the question above), what three things you would have done differently? Answer this question with any policy, tools, or technology that you would have used to prevent this from happening. Match each one of your recommendations with one/more of the NIST and/or CIS Top 18 and/or OWASP 10 by clearly stating the name of the standard or the control. For any reason, if you do not find a matching standard or control, explain why. Number each item as i, ii, iii so that I can clearly identify them.

Question 3. What are the three cyber security concerns unique in the government/federal/military organization and what policies, tools, and techniques would you propose for the government organization for each concern? You may find similarities and dissimilarities between government and non-government organizations. You may propose the tools and policies used in the non-government organization to be used by the government organization. Number each concern as i, ii, iii so that I can clearly identify them.

Question 4. This question asks you to cross-compare (similarities and differences) the case studies found in this weekly module and requires you to review all the case studies in this weekly module. From your learning of the case studies, analyze any two commonalities (any common reason for the cyber security breach between the case studies) and two differences (a case study that had a unique reason/characteristic for the cyber security breach). Share three commonalities and three differences in the cyber security breaches among the case studies. Clearly state the case study name (e.g. Sony, Target, Department of Defense, etc.) in the answer so that it is obvious which security breach is related to which case study. You can also use any additional case study (not included in the lesson) to answer this question if you choose to. It is not necessary that all the case studies must have the same commonalities. If you find the common reason between two to three case studies (e.g. both the case studies had weak authentication, unpatched software, etc.) that would suffice as a commonality. If a single case study stands out for a unique and obvious reason which is not found in any other case study (for example, the case study had unauthorized access, did not renew the software license, etc., which seems obvious but that was not addressed), that would suffice as a difference. This question encourages students to cross-compare the case studies. Number each commonality as i, ii, and each difference as i, ii so that I can clearly identify them.

Question 5. For the SYO 601, explain any lessons that you have learned on domain 1 which is Attacks, Threats, and Vulnerabilities. It is not expected that you will have a complete mastery on this topic in one week, along with learning additional lessons. But this gives the students an exposure, if there is an interest.

References

At the end of all the answers, list at least 5 references used in all the answers using the citation rule (see the course announcement on course protocol which notes the citation rule), and also cite the references in-line within the body of the writing.

Requirements: Answers questions 1 – 5, Five references at end of assignment. NO PLAGIARISM. FSU uses TurnItin