Haleigh Duguay CYB 200 Project Two

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by MinisterDuckMaster1030

Report
Project Two Haleigh Duguay Cybersecurity, Southern New Hampshire University CYB 200: Cybersecurity Foundations Dr. James Beneke October 8, 2023
In scenario four, the most relevant security objective to my organization is confidentiality. Confidentiality ensures that only authorized users can view information (Kim & Solomon, 2013). In this case, Jan was taking pictures on her tablet of classified information military use. The loss of confidentiality reflects the greatest overall negative impact on the organization because they work with the United States Army. Confidentiality of their information is crucial to maintain national security. Jan bringing her cellphone into an area marked with signs that state cellphones are not allowed is a huge security concern. Her blatant disregard for the policies and procedures in place to maintain security cannot be overlooked. To make matters worse, she was caught taking pictures of her work. It can be said that Jan does not prioritize security. It is also concerning that she is caught doing this after seemingly coming into money. On top of this, it has been proven that these pictures were being uploaded onto a personal cloud that does not have the same security systems as the organization’s. Because the cloud is not secured, the pictures can fall into the hands of anyone who has basic knowledge of hacking. The information provided on the internet is enough to penetrate personal clouds.This situation is extremely concerning for these reasons. This could lead to negative impacts on people, processes, and technologies associated with the loss of confidentiality. Jan should lose her job by disobeying the policies and procedures surrounding cybersecurity. With processes being uploaded to an unlocked cloud, this information is easily accessible to threat actors. As soon as threat actors get ahold of the confidential information, they can start to attack our other technologies. At this point, it is not stated exactly what Jan was taking pictures of. This is likely not the first time Jan has taken pictures of her work to take home, either. It is concerning as a cybersecurity agent that she is also seen in newer and more expensive clothing and jewelry. It is known to me that she was struggling financially
before, and now she suddenly has riches. This tells me that she may be working with threat actors and potentially selling the United States Army’s classified documents. If attack plans and other confidential information is leaked to enemies, they can be better prepared for attacks – making them unsuccessful. They could also gain access to new technology or technological advances that the military is working on to better defense. It is of the utmost importance that this situation is dealt with immediately. This could have a detrimental effect on the United States as it affects our national security and puts many lives at risk. Two security principles I would implement are minimization of implementation and least privilege. Minimization of implementation is defined as mechanisms used to access resources should not be shared (Bishop, 2003). To implement this, I would require all employees entering restricted areas to put up their personal devices. This is a zero-toleration policy that will be enforced daily and result in termination if not followed. I would suggest to the organization that we put metal detectors outside of the door to ensure this policy is being followed. Least privilege is the assurance that an entity only has the minimal amount of privileges to perform their duties. There is no extension of privileges to senior people just because they are senior; if they don’t need the permissions to perform their normal everyday tasks, then they don’t receive higher privileges (Tjaden, 2015). I would give, at a maximum, three people the authorization to enter a room with any hardware containing confidential military data. These people would need to have been with the organization long enough to establish a bond of trust to have access. To reiterate, this concerns national security. This is not something that should be taken lightly. If it were any other organization, the regulations would not need to be as strict. The organization’s biggest concern should be the confidentiality and security of this data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help