Category: Cyber Security

SEE RUBRIC PLZ

Open the CYB 310 Sandbox environment and click on the GNS3 icon. Open the Project One file to complete the assignment. username: mohmand.hussaini@snhu.edu password: Urbangray2025

Consider this scenario: Management has been proud that sensitive customer information stored in company systems has never been accessed by an unauthorized party. This is a major bragging point with the chief technology officer (CTO). Your supervisor reports directly to the CTO and is always trying to please them. You are responsible for ensuring that this data remains secure.

Sensitive data is stored in a database protected by technical and administrative controls. A scheduled audit report reveals a vulnerability that could be exploited. However, there is no immediate evidence of an adversarial presence or unusual internal traffic. In looking into this matter, you find that a technical control is out of date. You missed installing a patch.

While the company has an incident response plan, invoking that will call for a team response. Does this apparently unexploited vulnerability rise to the level of an incident? With a simple upgrade, the system should be secure.

What should you do and why?

In your initial response, select and defend a course of action. You may consider the following possibilities or craft one of your own:

• Fix the issue and don’t tell anyone. There’s no reason to make a big deal of this minor event.
• Fix the issue and explain to management that there was a problem. They need to know.
• Don’t fix it. Start by reporting the issue internally. Follow the incident response plan.
• Turn this matter over to a colleague for decisions and action; you may be caught up in the investigation and should avoid any conflict of interest.

In response to your peers, play the part of a trusted colleague who wants to give advice. What would you ask or advise in considering your colleague’s decision?

Background -Company Overview

You have just been hired as Director of Compliance for a large, publicly tradedhealth insurance company named “Green Sword, Purple Armor” (GSPA).

GSPA is a leading health insurance and managed healthcare provider in Illinois and has the following aspects to consider:

• Only provides services to Illinois, Wisconsin and Indiana residents.
• Offices located in Chicago, Milwaukee, Indianapolis, Springfield (IL) and Schaumburg.
• About 1000 employees in Illinois.
• Publicly traded on Nasdaq.
• Revenue of $2.5 Billions in 2019.
• Net profits of $500 Millions in 2019.
• Allows its customers to pay for their deductibles via all major credit cards

  Part 1: Determine compliance requirements Based on the overview presented above, research and document the major laws, regulations or industry standards that GSPA must comply with. You should be able to identify at least 3 major compliance requirements. Document these compliance requirements and justify why GSPA need/should comply.

• Part 2: Security controls requirements table. Based on the compliance requirements identified in step one, create a table or an XLS spreadsheet that lists all the security controls that you should implement and document the section(s) from the compliance/standards/laws that refer to the control. Also mention if mandatory or optional. Your table/XLS may look like this:

• Make sure that you group similar controls for different regulations together even if names are different. For example, one compliance requirement would be to “filter packet” while another may refer to “firewall”
• Part 3: Explain the controls For each of the control, write a few lines explaining the controls and how they apply for each regulation Also if you feel other controls, not required should be in place, please include them here and describe them in more details.

Part 4: Recommendation for Implementation

Please present your plan for implementing these control and prioritize the implementation based on what you think is most critical. Assume that no controls are currently in place.

1. Encryption
2. Decryption
3. Digital Signature
4. Compare the two algorithms in terms of key size and speed of encryption/Decryption.

This assignment is designed to help you apply core cybersecurity risk assessment techniques used in real-worldenvironments. You will evaluate risk using both qualitative and quantitative methods commonly employed bycybersecurity professionals.

1. CVSS-Based Vulnerability Risk Assessment
2. Quantitative Risk Assessment Using ALE

Write a 1- to 2-page report comparing different versions of Linux operating systems that does the following:

• Compares at least three different versions of Linux operating systems
• Examines changes in major system functions
• Examines changes in management of volatile data
• Examines changes in security such as encryption and biometrics
• Discusses aspects of each version of the operating system that can be challenging to forensic investigators and reasons why