Question

Scenario For this final project, put yourself in the role of a security analyst who is performing an audit of your company. Your organization is a mid-sized manufacturing company that released its own smart headset. The headset has the ability to project important documents on an optical screen for the technicians in the field. The documents could be product schematics, invoices, emails, text messages, or any documents put in the shared drive on the server. The headset has constant communication with the server that resides in the central office; the connection is made through the technicians’ cell phones via the Bluetooth connection.

I. Personnel or human factor trend Select a personnel or human factor trend and discuss the following critical elements: A. Describe how the trend or strategy provides protection to an organization. B. Defend the trend as a credible solution based on your analysis of the threat model for the scenario. 2 II. Data protection strategy or technology trend Select a data protection strategy or technology and discuss the following critical elements: A. Describe how the strategy or technology provides protection to an organization. B. Defend the strategy or technology as a credible solution based on your analysis of the threat model for the scenario. III. System protection trend Select a technology in one of the following areas: ● Network protection technologies ● Endpoint/server protection technologies ● Software code protection strategies and technologies For your selected technology, discuss the following critical elements: A. Describe how the selected technology provides protection to an organization. B. Defend the technology as a credible solution based on your analysis of the threat model for the scenario..

Answer 1

Q. I.Personnel or Human factor trend:

The human factors of cyber security represents the actions or events when a human error results in a successful hack or data breach. As research suggests, human error is the weakest link for data breach in an organisation. One of the most common form of human factor trend that leads to security breach of data of an organisation is through providing access to confidential data of the organisation to unauthorised external personnel either by sharing the hardware device or the password to access the device which connects directly to the organisational data server.

Q. I. A.  How the trend or strategy provides protection to the organization:   

In the scenario of the organisation under discussion, the manufacturing company has provided the smart headset to its technicians in the field which has constant connection to the server at the central office to display important documents on the optical screen of the smart headset through the Bluetooth connection of the technician's cell phone. In this scenario, a security breach of data might occur if the technicians allows any other unauthorised or external personnel to use that device for whatever reason. In order to achieve protection against this, the organisation can carry out the following security steps to minimise security breach of data:

a. Provide appropriate training on cyber security to all authorised technician before the headset is allocated to them

b. Enable software asking for login credentials and password of suitable complexity whenever the device is switched on before the technician can start working with important information.

c. Ensure the device is allocated to authorised technicians only after proper validation

These strategies will ensure preliminary protection to the organisation against any security breach.

Q. I. B. The trend as a credible solution based on the analysis of the threat model:  

Although the precautionary steps mentioned above should ensure preliminary protection to the organisation against any security breach, certain additional steps as below might ensure muche higher security against any attempt of data breach in the scenario under consideration:

a. Organise regular refreshment or catch up training for technicians to explain the necessity of cyber security and their respective role in doing so in order to mainain their high level of awareness.

b. Enable retinal or biometric scan of the authorised employees to enable the device.

c. Ensure mandatorily changing the password with suitable complexity at regural intervals, say weekly or biweekly for all technicians.

d. Make the authorised technicians enter into legal contractual obligation not to share either the device or the password to anyone else and violation of which could draw a strict penalty in any suitable form.

Q.II. Data Protection strategy or technology trend:

The human factor is the weakest link in both prevention and mitigation of cyber breaches, while the best defense is use of technology and tools in addition to test and train people on security policies. In the light of the previous discussions and appropriteness of implementation in the current scenario of the organisation, the best technological trend in case of the technicians using the smart headset in the field could be to use continuous retinal scan of the user and monitoring the data read by the retinal scanner attached to the smart headset to the previousely captured retinal scan data of the authorised technician stored at the server at the central office. Additionally, the server should be capable to shut down the connection with a suitable message or alarm tone or both in case any mismatch is detected when the device is tried to be used by any other person. It would be easy to monitor the data as continuos connection with the server is essentially maintained to display important information on the optical screen of the smart headset. This will also nullify the disadvantages of storing the retinal scan data of the authorised user in a small chipset attached to the headset as that too can be tampered with by unauthorised personnel at the field.

This concludes the answer to the first 4 subparts of the question and the discussions above can provide a guideline to answer the reamining subparts following.