Please see attached
CYB 250 Module Five Short Response Guidelines and Rubric Breach Analysis Simulation Two CYB 250 Module Five Short Response Guidelines and Rubric Breach Analysis Simulation Two Overview Security analysts play an important role working alongside the computer incident response team (CIRT). The analyst will be the individual who either fixes the issues or allocates resources to fix the issues identified by the CIRT. Using resources to facilitate the work becomes essential to sustain the health of an organization. Applying the Center for Internet Security (CIS) critical controls to company infrastructure is normal practice for an analyst. The controls are meant to guide the organization towards compliance. They are not meant to be used in isolation. Comparing an organization’s technical concerns to the CIS critical controls provides a means of developing solutions to remediate issues. Once the issues are identified and remediated, the next step is to determine how to properly report those issues to different stakeholders. Prompt After reviewing Breach Analysis Simulation Scenario Two, address the critical elements below: I. Reporting: Select an audience for reporting (sales team, senior management, or other stakeholders). A. Explain how you report technical concerns to non-technical people in your selected audience. Keep in mind that most managerial roles are non-technical in nature; managers need information presented to them in a format they can easily understand and use. II. Subcontrols: Refer to the CIS Controls worksheet used in Breach Analysis Simulation Scenario Two and recommend two additional subcontrols that could be modified either by policy, implementation, automation, or reporting to enhance security for the organization. A. Subcontrol One: Describe the modification of the subcontrol and justify your recommendation. B. Subcontrol Two: Describe the modification of the subcontrol and justify your recommendation. III. Two-Factor Authentication: A proposed solution for the breach issue is to use RSA key fobs as a means of two-factor authentication. A. Discuss the merits of using RSA encryption and the implementation of two-factor authentication. B. Discuss how different forms of encryption may be used in VPN software. 1 CYB 250 Short Response Rubric Guidelines for Submission: Your submission should be one to two pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. All sources must be cited using APA format. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Reporting: Report Technical Concerns Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Explains how to report technical concerns to non- technical people in the selected audience Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Subcontrols: Subcontrol One Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the modification of the subcontrol and justifies the recommendation Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Subcontrols: Subcontrol Two Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the modification of the subcontrol and justifies the recommendation Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Two-Factor Authentication: RSA Encryption Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Discusses the merits of using RSA encryption and the implementation of two- factor authentication Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Two-factor Authentication: VPN Software Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Discusses how different forms of encryption may be used in VPN software Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 3 CYB 250 Module Five Short Response Guidelines and Rubric Breach Analysis Simulation Two Overview Prompt CYB 250 Short Response Rubric Articulate Word Output Published by Articulate® Storyline www.articulate.com CYB 250 Module Five Short Response Breach Analysis Simulation Breach Analysis Simulation Scenario Two Breach Analysis Simulation Introduction Read through the following scenario. You will then be asked to make choices based on your experience as a security analyst. While there is a best path through the simulation, many of the other options are viable. You are encouraged to explore all of the options to enhance your knowledge and to prepare you for future breaches. The purpose of this simulation is to develop your systems thinking mindset and mature your cyber defense strategies. Published by Articulate® Storyline www.articulate.com Breach Analysis Simulation: Scenario Two You are a security analyst working for an organization that sells mass storage solutions to companies. Several of your clients are law firms. During a routine audit, a breach was identified. This calls into question the safeguards that your company has in place to protect data integrity. Following up on the findings from the computer incident response team (CIRT), your manager has tasked you with reviewing the current controls. Subset of Current Controls Review this subset of current controls in the spreadsheet. Prioritize them in the order you would address them for this breach by dragging and dropping each control into the right column. (For more information on the controls, review the CIS Controls document.) http://snhu-media.snhu.edu/files/course_repository/undergraduate/cyb/cyb250/cis_controls_worksheet.xlsx https://snhu-media.snhu.edu/files/course_repository/undergraduate/cyb/cyb250/cis_controls_v7.pdf Published by Articulate® Storyline www.articulate.com CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches CIS Control 12: Boundary Defense CIS Control 13: Data Protection CIS Control 14: Controlled Access Based on the Need to Know CIS Control 16: Account Monitoring and Control 1. Challenge One 1.1 Challenge One: Current Controls Infrastructure Analysis Based on your input and that of other stakeholders, the highest priority has been deemed to be CIS Control 13: Data Protection; specifically, the focus is subcontrol 13.3 (Monitor and Block Unauthorized Network Traffic). The organization has the automatic tools installed and a policy has been created for the control, but the control is not configured. What is the next step necessary to assure compliance to this control? Below are the possible answers: Automate this control Report on this control Implement the control Published by Articulate® Storyline www.articulate.com 1.2 Automate this control Incorrect. If the policy is not first implemented, it cannot be automated. Try selecting a different response. 1.3 Report on this control Incorrect. If the policy is not first implemented, it cannot be reported on. Try selecting a different response. Published by Articulate® Storyline www.articulate.com 1.4 Implement the control Correct! For a control to actually work, it needs to be implemented. This should be the first step after the policy is defined. 1.5 Challenge One Review Nice work! The goal for any system is to be fully automated. It is important to make sure that all policies are created, implemented, and automated if possible. Some controls cannot be fully automated and may need to have some human interaction. During CIRT’s investigation of the breach, they determined that its root cause was network related. Your manager is now assigning you the analysis of network policies related to the breach. Published by Articulate® Storyline www.articulate.com 2. Challenge Two 2.1 Challenge Two: Investigating the Network CIRT identified a port that was mistakenly left open; a client machine was communicating with another client machine on an isolated network. Further