Security Control Selection
Week 4: Submit written Security Control Selection report section and associated PowerPoint slides
Each student will complete the project deliverables individually. Students will be organized into teams to review, evaluate, and improve each other’s work.
Objective: Develop an audiovisual presentation on how administrative, technical, and physical controls can be applied to mitigate risks to an organization’s computing environment.
Approach the project as if you are recommending a cybersecurity solution to an organization in one of the following verticals: defense, e-commerce, education, energy, financial, healthcare, manufacturing, retail, travel and tourism, transportation, etc.
The presentation will have three sections, listed below. Each section will require a PowerPoint slide deck. Individual sections will be delivered in Modules 2, 4 and 6.
In Modules 3, 5, and 7, through the discussions, you will provide professional feedback to other members of your assigned team to improve their work and respond to team members’ feedback on your own work.
In Module 8, a final narrated audiovisual presentation will be submitted that integrates all three portions of the project. This will also include sections on how you incorporated classmates’ feedback into this final deliverable and how the project has helped enhance your career goals.
The major project sections will be as follows.
Security Control Selection:
Include problem statement from the previous deliverable for reference.
Describe how a threat actor can utilize malware to breach the organization’s security to exfiltrate critical data assets. Use external resources from the open-source intelligence (OSINT) to justify your claim.
Propose two effective security controls against malware-based attacks and ways to monitor and assess the effectiveness of the security controls.
For each proposed security control considered, provide a qualitative (descriptive) analysis of its operation, availability, cost, implementation issues, and overall benefit to the company.
Provide a high-level flow diagram like the Microsoft Security Development Lifecycle (SDL) that shows how the implementation of DevSecOps can mitigate risks to the organization’s computing resources. See Appendix A for more information.