Using Fundamental Security Design Principles to Improve Incident Response

A critical aspect of incident response is the ability to use information gained from an incident to improve the organization’s security posture. The insight gained helps security professionals develop solutions that reduce the likelihood of similar incidents in the future while balancing the potential negative impacts those solutions will have on the people, processes, and technologies they ultimately affect. In this project, you will examine an incident that has occurred and use the Fundamental Security Design Principles to develop recommendations that will protect the organization in the future. In this assignment, you will demonstrate your mastery of the following course competency:

Describe fundamental principles of cyber security

In a course announcement, your instructor will provide you with a scenario on which your work will be based. You will situate yourself as the security analyst in one of the provided scenarios, creating an incident analysis brief that explains to the security/IT director how the Fundamental Security Design Principles can be applied to strengthen the organization’s security posture following the incident described in the case. You do not require specific technical information from the system beyond those supplied for you within the scenario. Rather, you should address each critical element in the Project Two prompt, speaking broadly to what your analysis and recommendations would be, based on your research from the course materials collected in previous modules.

Analysis:

Using your work in the case study analyses (Modules Two through Four) and other course resources as reference, select the security objective you think is most relevant to the organization in the case.

1. Describe why the loss of your selected security objective (confidentiality, integrity, or availability) reflects the greatest overall negative impact on the organization. Use evidence from the scenario and your coursework to support your selection.
2. Summarize the negative impacts on people, processes, and technologies associated with the loss of your selected security objective.

Fundamental Security Design Principles as criteria, and recommend solutions to remedy the loss of the selected security objective based on your assessment of the incident.

1. Explain how your solution implements the selected Fundamental Security Design Principles. Provide evidence from the scenario and your coursework to support your selections.
2. Describe how your solution balances impacts on people, processes, and technologies.
3. Explain which aspect of your solution you would recommend to your manager as the most important to the organization. Support your response with evidence from the coursework or scenario.