controls and countermeasures the student evaluates security threats and identifies and applies security controls based on analyses and industry standards and best practices

Competencies


427.3.2 : Controls and Countermeasures

The student evaluates security threats and identifies and applies security controls based on analyses and industry standards and best practices.

Scenario


A small LLP consisting of a group of private investigators is headed by one of your friends. The partnership has a small office with one server and six workstations. Additionally, the partnership hosts its own website where it allows clients to log in and enter their case information. You suspect that the site may be lacking fundamental security and information safeguards.

During the past few weeks, staff members have noticed that the workstations are running sluggishly, and they routinely get advertisements on their computers when they are not on the Internet. Investigators routinely download and install programs and plug-ins from the Internet. However, the computers are not kept up-to-date with operating system patches or software patches for other installed software programs and plug-ins.

Lastly, there have been several complaints from clients that the company website has been unavailable or has timed out. Recently, the website was completely deleted and the homepage read, “You’ve been hacked.” Fortunately, the website was able to be restored from a backup.

You have been asked by your friend to assist the group with its various security challenges by analyzing the threats the LLP faces.

Requirements


Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.


A. Describe five different types of relevant threats to each of the following in the given scenario:
1. the server or network traffic
2. the workstations or company data
3. the website

Note: One type of threat could be a piece of malicious software. A second type of threat could be a physical calamity such as a lightning strike or flood. A type of threat should not be provided more than once in the description of five threats for each of the following.


B. Create a memo (suggested length of 2 pages) in which you do the following:
1. Provide support (e.g., research, current events) for the likelihood of each of the threats described in part A.
2. Discuss how security controls and countermeasures should be used to mitigate each of the threats described in part A.

C. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

D. Demonstrate professional communication in the content and presentation of your submission.

File Restrictions

File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB

File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z

Rubric



A1
:
Threats to Server

Not Evident

A description is not provided, or the submission does not describe 5 threats to server or network traffic.

Approaching Competence

The description of 5 threats to server or network traffic does not provide 5 different types of threats. Any of the threats described are irrelevant to the server or network traffic in the given scenario, or the description of any threat is incomplete.

Competent

The submission describes 5 different types of threats that are relevant to the server or network traffic in the given scenario, and the descriptions of all of the threats are complete.

A2:Threats to Workstations

Not Evident

A description is not provided, or the submission does not describe 5 threats to workstations or company data.

Approaching Competence

The description of 5 threats to workstations or company data does not provide 5 different types of threats. Any of the threats described are irrelevant to the workstations or company data in the given scenario, or the description of any threat is incomplete.

Competent

The submission describes 5 different types of threats that are relevant to the workstations or company data in the given scenario, and the descriptions of all of the threats are complete.

A3:Threats to Website

Not Evident

A description is not provided, or the submission does not describe 5 threats to websites.

Approaching Competence

The description of 5 threats to websites does not provide 5 different types of threats. Any of the threats described are irrelevant to the website in the given scenario, or the description of any threat is incomplete.

Competent

The submission describes 5 different types of threats that are relevant to the website in the given scenario, and the descriptions of all of the threats are complete.

B1:Support for Likelihood

Not Evident

A submission is not provided, or the submission does not provide reasons for why the likelihood of each of the threats described in part A was chosen.

Approaching Competence

The submission provides reasons for why the likelihood of each of the threats described in part A was chosen, but the reasons provided for the choice of the likelihood of any threat do not accurately support the choice for that threat’s likelihood.

Competent

The submission provides accurate support for why the likelihood of each of the threats described in part A was chosen.

B2:Security Controls

Not Evident

A discussion is not provided, or the submission does not discuss how security controls or countermeasures should be used to mitigate each of the threats described in part A.

Approaching Competence

The discussion misidentifies, for any threat described in part A, how security controls and countermeasures should be used to mitigate the threat.

Competent

The discussion accurately identifies how security controls and countermeasures should be used to mitigate each of the threats described in part A.

C:Sources

Not Evident

The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized.

Approaching Competence

The submission includes in-text citations for sources that are quoted, paraphrased, or summarized, and a reference list; however, the citations and/or reference list is incomplete or inaccurate.

Competent

The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available.

D:Professional Communication

Not Evident

Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic.

Approaching Competence

Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective.

Competent

Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.

"Is this question part of your assignment? We can help"

ORDER NOW