Assignment 2: LASA 1: Mitigating Cyber-Crime-Related Threats Report

Assignment 2: LASA 1: Mitigating Cyber-Crime-Related Threats Report

Subject: General Questions / General General Questions
Question
Assignment 2: LASA 1: Mitigating Cyber-Crime-Related Threats Report

Organizations of all sizes should be concerned with the security and confidentiality of their electronic data. Cyber crimes affect individuals and companies alike. However, companies typically have more financial and other assets that can be compromised by various cyber crimes. Establishing an organization-wide information security program is a great start to mitigating cyber-related crimes and attacks. This process typically commences with an honest evaluation of the organization’s vulnerabilities and potential threats. For this assignment, you will read a brief scenario and develop a 6- to 8-page report answering the required questions.

Scenario

A contractor for the US military builds proprietary communication devices and peripherals, which allow soldiers in combat to communicate with command officers and personnel. These devices are used to transmit sensitive information regarding military deployments and battle plans. Once delivered, the devices will make contact with the US military global communications network. In order to comply with the military’s security requirements, the contractor must conduct a security risk analysis of its internal networks and information systems for intrusion detection and cyber-crime prevention. Note that the contractor is performing a security risk assessment of its own network and system and not of the military network. After all, a breach of security of the contractor’s computer systems could compromise confidential and sensitive military information. You have been asked to head up the project team that will ultimately perform this security assessment and analysis.

Tasks:

Create a 6- to 8-page report on the following aspects:

Distinguish what techniques should be used to start the investigation. For example, identify who should be interviewed first, determine what type of log files to review, and/or identify methods that should be used to preserve the integrity of the evidence.
Identify at least ten potential threats, at least ten vulnerabilities, and at least ten risks (a minimum of thirty). For each item, provide rationale to your selections and any assumptions you made.
Choose which type of risk-analysis methodology should be used (quantitative, qualitative, or any other methodology). Justify your decision.
Out of all the potential risks that you previously identified, select the top three that are of most concern to the organization. Justify your reasoning.
Outline and explain at least two (in total) applicable federal, state, or other related legislations that could help reduce potential risks and prevent cyber-crime activities.
http://csrc.nist.gov/publications/PubsFIPS.html

http://csrc.nist.gov/publications/PubsSPs.html

Note: You may consider referring to these two websites for guidance on federal legislation and standards:

Your final product will be in a Microsoft Word document approximately 6–8 pages in length and utilize at least three scholarly or professional sources (beyond your textbook) in your research. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.

Submission Details:

LASA 1 Grading Criteria and Rubric

All LASAs in this course will be graded using a rubric. This assignment is worth 200 points. Download the rubric and carefully read it to understand the expectations.

Assignment 2 Grading Criteria

Maximum Points

Distinguished what techniques should be used to start the investigation.

36

Identified at least ten potential threats, at least ten vulnerabilities, and at least ten risks (a minimum of thirty). Provided a rationale to the selections and any taken assumptions made for each item.

32

Chose which type of risk-analysis methodology should be used (quantitative, qualitative, or any other methodology) and justified the decision.

20

Selected the top three risks that are of the most concern and justified the reasoning.

32

Outlined and explained two applicable federal, state, or other related legislation that could help reduce potential risks and prevent cyber crime activities.

36

Writing components:

Organization (12)
Usage and Mechanics (12)
APA Elements (16)
Style (4)