1.2 : Threat Identification
The graduate identifies threats and vulnerabilities applicable to business systems and assets.
1.3 : Countering Threats and Vulnerabilities
The graduate assesses the vulnerabilities with the Internet of Things (IoT) and web-based, mobile, and embedded systems.
.1.4 : Security Architecture in Practice
The graduate designs a multi-level target security architecture to support the organization’s security policy and technology choices and to include applicable policy guidance.
Many organizations have legacy systems that are no longer meeting the organization’s requirements with regards to business processes and security. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) require higher security standards since these laws were implemented, and new technology is now available that was not an option previously. A LAN administration and security manager may need to design a new system that will increase security and automate business processes more efficiently than the current legacy system.
Using the attached “Business Systems Design Report Template,” you will design and document a multilevel target security architecture to address cybersecurity threats to the Healthy Body Wellness Center (HBWC). You will also use the “Business Systems Design Report Template” to conduct, record, and audit your design, and provide justification to defend each aspect of your multilevel network architecture. You will then complete the attached “DREAD Workbook” and submit it as a separate attachment.
The “Healthy Body Wellness Center Case Study” and “Healthy Body Wellness Center Security Assessment Report” are attached for your reference; you may also refer to the “Business Requirements Document Template” you created in Task 1 to assist in the completion of this task.
SCENARIOAs the newly promoted LAN administration and security manager for Healthy Body Wellness Center’s (HBWC) IT Department, you are tasked with designing a multilevel target security architecture using the “Business Requirements Document Template” you created in Task 1. Then you will need to conduct a DREAD analysis on your multilevel architecture design.
The technical requirements and specifications for the multilevel target security architecture should be based on the business, functional, and security requirements you documented in the “Business Requirements Document Template.” The target multilevel architecture should include the Small Hospital Grants Tracking System (SGHTS), payroll system, and research data that meet the standards and regulations of the National Institute of Health (NIH) and the federal government, including HIPAA and industry best practices.
Your submission must be your original work. No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. Use the report provided when submitting your task as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
A. Current Systems: Summarize the systems currently being used at the Healthy Body Wellness Center using details from attached case study and assessment report. (HBWC) You may use the information you provided in the BRD template from your Task 1 submission. Record your summary in the “Current Systems” section of the attached “Business Systems Design Report Document.”
B. Goals, Objectives, and Rationale for New System: Outline the purpose, goals, objectives, and rationale for the proposed system, including a clear statement of the problem using the information provided from the “Healthy Body Wellness Center Case Study” and the “Healthy Body Wellness Center Security Assessment Report” to justify your claims. Record your responses in each subsection of the “Goals, Objectives, and Rationale for New or Significantly Modified System” section of the attached “Business Systems Design Report Document.”
C. Factors Influencing Technical Design: Explain the relevant standards, assumptions, dependencies, constraints, and design goals that influence the technical design of the proposed new system. Record your responses in the “Factors Influencing Technical Design” section of the attached “Business Systems Design Report Template.”
D. Proposed System: Determine the necessary requirements to achieve the proposed system and its associated technical design, including the multilevel architecture specifications and design. Include all required tables and diagrams as part of your submission. Record your responses in all subsections of the “Proposed System” section of the attached “Business Systems Design Report Document.”
E. DREAD Analysis: Conduct an analysis of your multilevel architecture using the attached “DREAD Workbook.” Record your results in the “DREAD Workbook” and include the workbook as an attachment. Your workbook should include a minimum of ten threats.
F. Analysis of Proposed System: Summarize your findings from the DREAD analysis by prioritizing and describing the top five risks identified in the “Listing of Threats” worksheet, including mitigation, risk acceptance, and justification for your decisions. Record your responses in the “Analysis of the Proposed System” section of the attached “Business Systems Design Report Document.”
G. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
H. Demonstrate professional communication in the content and presentation of your submission.
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
1.2 : Threat Identification