Hello. See attached. And I will past the Scenario
CYB 260 Project Three Guidelines and Rubric Service Level Agreement Requirement Recommendations CYB 260 Project Three Guidelines and Rubric Service Level Agreement Requirement Recommendations Overview Once security requirements have been defined, an organization must have a way to ensure these requirements are satisfied. Security controls are safeguards or countermeasures implemented by organizations to protect all types of assets (data, physical, personnel, etc.) from threats to confidentiality, integrity, or availability. Trade groups such as the Center for Internet Security (CIS), the International Organization for Standardization (ISO), and the National Institute of Standards and Technology (NIST) provide collections of security controls intended to address critical areas of cybersecurity concern; however, these guidelines provide different levels of detail, vary in prescriptiveness, and apply to different industries and organizational structures. Ultimately, it is up to each organization to determine how to best implement security controls to meet an organization’s expectations for asset protection. As such, the security practitioner’s role centers around the selection, design, implementation, and management of the policies, procedures, standards, and guidelines designed to implement these controls. In the milestone assignment for this project, you examined employee training as a control measure to reduce the incidents and effects of social engineering. As you saw, training is a key method for incorporating security best practices. However, it is not the only type of control measure relied on by cybersecurity professionals. In this project, you will incorporate instructor feedback on the milestone as you envision a more comprehensive approach to security controls at an organization. In this project, you will analyze requirements, select appropriate security controls, and specify methods to implement your selected controls to satisfy the requirements. You will demonstrate your mastery of the following course competency: CYB-260-03: Design security controls and practices for humans in the system Scenario Your instructor will provide you with the specific scenario for this project in an announcement. This scenario places you in the role of a security consultant for an organization. The scenario will include additional requirements related to the proposal you addressed in Projects One and Two. To complete this task, you will prepare service level agreement requirement recommendations for the internal stakeholder board identifying an approach to meeting the requirements in the scenario. 1 Prompt Prepare a brief that outlines the requirement recommendations for the service level agreement and describes your approach to meeting the requirements of the scenario. You must address the critical elements listed below. The codes shown in brackets indicate the course competency to which each critical element is aligned. I. Select two sub-controls that address the requirements of the scenario. A. Control One: Justify how your selected control type (i.e., policy, standard, procedure, or guideline) and implementation will meet the requirements. [CYB-260-03] B. Control Two: Justify how your selected control type (i.e., policy, standard, procedure, or guideline) and implementation will meet the requirements. [CYB-260-03] II. Describe the necessity for a training program to address a specific social engineering threat. [CYB-260-03] III. Describe the expected outcomes of a training program that addresses the social engineering threat you identified in the previous critical element. [CYB-260-03] Project Three Rubric Guidelines for Submission: Your submission should be 1 to 3 pages in length and should use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_260_Project_One_Neo_Anderson.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Control One [CYB-260-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Justifies how the selected control type and implementation will meet the requirements Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Control Two [CYB-260-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Justifies how the selected control type and implementation will meet the requirements Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Necessity for a Training Program [CYB-260-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the necessity for a training program to address a specific social engineering threat Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Expected Outcomes of a Training Program [CYB-260-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the expected outcomes of a training program that addresses the identified social engineering threat Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Articulation of Response Submission is free of errors related to grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to grammar, spelling, or organization Submission has some errors related to grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to grammar, spelling, or organization that prevent understanding of ideas 8 Total 100% 3 CYB 260 Project Three Guidelines and Rubric Service Level Agreement Requirement Recommendations Overview Scenario Prompt Project Three Rubric Confidence in the Connected World CIS Controls™ Basic 1—6 FoundationalOrganizational 7—16 17—20 March 19, 2018 This work is licensed under a Creative Commons Attribution-Non Commercial-No Derivatives 4.0 International Public License (the link can be found at https://creativecommons.org/licenses/by- nc-nd/4.0/legalcode). To further clarify the Creative Commons license related to the CIS Controls content, you are authorized to copy and redistribute the content as a framework for use by you, within your organization and outside of your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, and (ii) a link to the license is provided. Additionally, if you remix, transform or build upon the CIS Controls, you may not distribute the modified materials. Users of the CIS Controls framework are also required to refer to (http://www.cisecurity.org/ controls/) when referring to the CIS Controls in order to ensure that users are employing the most up-to-date guidance. Commercial use of the CIS Controls is subject to the prior approval of CIS® (Center for Internet Security, Inc.). Acknowledgments CIS® (Center for Internet Security, Inc.) would like to thank the many security experts who volunteer their time and talent to support the