CYBR 7930 Capstone in cyber security: Security operations draft report

User Generated

YRTNY_7751_1670899061

Computer Science

CYBR 7930

Kennesaw State University in Georgia

CYBR

Description

Unformatted Attachment Preview

Security Operations Design Your Name [IMPORTANT: Remove these instructions and replace all of the text in italics in this template with your own content. Remove any text in italics that is enclosed in square brackets “[ ]”. Reformat all text to standard font to remove italic formatting unless your intention is to use an italic font for your content. Adjust tabular column widths to best fit the data you are reporting. Be sure to consecutively number all Tables and Figures. All writing in this report must be in complete sentences and delivered in well-formed paragraphs. Please carefully consider the use of bulleted lists only using them when needed for the specific content at hand. Each section of the report is a primer for the following section. The sections of this report are in the given order for a reason. The following section should support the content in the previous section. Save your report as a PDF file type and upload as directed by the due date. Please make a habit of spending a few minutes to review your exported PDF for appearance as the PDF conversion process may alter the way it looks.] Page 1 Security Operations Design Your Name [Cover Sheet] A report prepared in partial completion of The CYBR 7930 Capstone course Security Operations Program Design Your Name Goes Here Month day, Year Page 2 Security Operations Design Your Name Executive Summary A brief synopsis of the entire report and its key findings is given here. This may not exceed one page in length. It must be written targeted at senior executives of the case company. It is strongly recommended that this section be the final drafted element of your work. Keep your audience in mind when writing this section. This section should not contain any technical details; the supporting detail for statements made here should be included in a later section of the report. Problem Statement State the problem being resolved by the delivery of this report. A common problem with obtaining security funding is organizations will prioritize revenue generating spend over security solutions. Implementing security does not drive revenue; security is implemented to prevent revenue loss. This is hard to quantify. This in and of itself has become an issue and should be addressed tactfully and woven into the problem statement. Carefully consider whose problem is being addressed. This should not be a technical problem; this is a company issue that needs to be solved. A user clicking a link on a phishing email and infecting the company does not capture the true scope of the problem. Be sure to talk about the problem at the highest level in this section. This section should justify the cost of implementing security. There should be data on the costs of not implementing security (what would a breach cost the company in expenditures, revenue, and brand reputation). Justify the expense on security earlier rather than later in a built-in vs. bolt-on discussion. Scope State the scope of this report; Does it apply to the whole company? Part of the company? Is it an industry-wide document? Who should read it and what value will they get from it? Are there limitations that apply to this report and how its content might be utilized? The Problem Statement might have included a brief discussion on the attack surface of DHH as it relates to its business. This section should go deeper. What data and areas of the company are more vulnerable? What are going to be the targets of attack that need to be protected more? Show that Security is being cost conscious about spend and focus spend on the areas that are critical. Page 3 Security Operations Design Your Name Categorize the data and prioritize it into high, medium, and low. Is customer data the same priority as human resources data? What about the main company web site? This is publicly available data; but, if this site is down, the company will have a branding issue. The best way to present this information is into a table with data type, risk(s), and priority. Current Security Operations (1 to 3 pages) Heading 2 Use subdivision to organize your results. You may have as many ‘major headings’ as needed. You do not need to use minor headings, but longer major sections may benefits from having suitable second or even third level sections. Heading 3 Use a third-level subdivision to further organize your results if necessary. Intended Security Operations (2 to 5 pages) Heading 2 Heading 3 Improvement Program (varies) Heading 2 Heading 3 Page 4 Security Operations Design Your Name Master Security Run Book (varies) Heading 2 Heading 3 Table N This is an example of an APA style table. Note the title remains set in italic font. Column 1 Column 2 Column 3 Figure N This is an example of an APA style figure. Note the title remains set in italic font. Discussion Your report may include a section for discussion if your recommendation includes optional choices for decisionmaker. Conclusion Every report must have a conclusion. State your findings here. [CYBR 7930 revised July 2021] Page 5
Purchase answer to see full attachment
Explanation & Answer:
4 pages
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

Your Name
Security Operations Design

Security Operations Program Design

Your name goes here

Month day, Year

Page 1

Your Name
Security Operations Design
Executive Summary
This report provides a deep analysis of cyber threats available in the current world and which
affect the organizations, and suggests an effective security system that may combat all the
threats.
Problem Statement
Security threats are experienced by organizations all over the world and this occurs at an
increasing rate every year. This security operations design is created with the aim of creating a
proper and effective security operation that can prevent any possible losses. Having a solution to
the increasing security threats can put a stop to the fear of losses the company may experience in
the future. The company deals with sensitive and crucial data and information, and is therefore a
target of many different attacks.
This being mentions, some of the immediate negative impacts that should be prevented include
loss of data unpredicted cybersecurity edits, unexpected downtime, reactive measures related to
security and the company may lose its reputation. The problem may exist with the organization’s
safety but it extends much further to its impact to the society and the stakeholders.
Scope
This report applies to the company’s Information and Communication Technology department.
Therefore, it is bound to affect the entire organization’s operations since the organization
depends on flow of information and data both internally and externally. This report targets the
information and communication department and should be viewed by the technical and the
security team. This report will analyze and summarize the security issues in the organization, and

Page 2

Your Name
Security Operations Design
come up with better security system that can be used in defending against threats. The content of
this report will be used to create a picture of the security system required in the organization. The
report itself will apply as an insight to the stakeholders on the threats the company is facing and
the possible and cost-effective solutions that can be applied.
Generally, the organization’s data is entirely sensitive. However, customer login and personal
information is equally important as compared to human resource information and information in
the company’s website. While assessing the security of information, customer information and
data will be given higher priority since customer information makes up approximately sixty
percent of data in the company database. The information in the company will be categorized
into three priority groups, high, medium and low.
Data type

Risks

Priority

Customers’ personal

May lead to Denial of Service

High

information

and delayed response

Human resource data

Delayed company operations

High

and denial of Service.
Website Information

The company may experience

Medium

branding issues
Current Security Operations
The company is currently under a lot of security threats some of which are intentional while
others are accidental. The organization has experienced several security breaches most of which
were reported by others went undetected for long enough to cause a lot of damages. The attacks
are quite capable; they exploit the company’s vulnerabilities. The company’s current internet

Page 3

Your Name
Security Operations Design
related service is not entirely capable of solving the security based problems that exists within
the organization and in the industry in general. Additionally, the current times security threats are
getting better and better with the improvement in technology in general.
Internet Security
Internet footprint is growing very fasts since most organizations are making use of internet
businesses and taking advantage of the fact that their customers use the internet to explore
internet business. The world has experienced an expansion in internet based services in the past
few years, and with it has grown several vulnerabilities to intrusion and exploitation. The
attackers are currently using different technology. There are several security platforms and
systems that are used today, and that the organization uses. The company applies a real time
threat detection and mitigation. In a world where threats occur all the time and of different
degrees, the company has chooses a threat detection and mitigation strategy to root out all the
threats detected.
In addition to that the organizations have a functioning anti-virus which protects the company
from minor attacks which mostly lead to delay in loading and denial of access. The antivirus
detects infected messages, links and emails that may be sent to the customer through the
company’s communication system.
Current Threats Faced by the organization
The organization experiences several internet threats including spam and phishing emails, which
are the major threats, harvesting of email address and passwords from the company website,
stealing of customers’ personal information from the company website and database, and
infecting the company website with malware. The company is also affected by computer viruses
Page 4

Your Name
Security Operations Design
which are placed in the website as commercial elements which when clicked bring out an
infection of the...


Anonymous
Very useful material for studying!

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags