CYB 220 Technology Evaluation Criteria Worksheet
For each section of this worksheet, fill in the empty cells with the required information.
Technology Evaluation Criteria Table
Evaluation
FactorEvaluation Criteria Manager’s Questions—
Aligned to CriteriaRelevant Organizational Security Plan Information (From Scenario)
EffectivenessAbility to identify network-connected systems1.a.
2.a.i.1.a. What are the organizational attributes?
The network architecture is comprised of four segments with restricted communications between segments. Each department is specific to a segment with IT requiring remote availability. Additionally, there are between 150-200 host devices or a 1:1 with the number of employees.
2.a.i. What is the level of concern about who’s on (or off) the network? The concern would be high, especially in light of recent unauthorized access attempts. Each event should be treated as an attempted breach until intent is confirmed
Ability to discern operating systems of network-connected systems1.b.
2.a.ii.1.b. What are the organizational constraints?
A centralized approach to host OS. This allows for system continuity regarding maintenance, security patches, and application monitoring.
2.a.ii. What is the level of concern about detailed information relating to specific assets on (or off) the network? High. HR and IT are responsible for safeguarding the private information of personnel and clients. All other departments are constrained to data within their segment. Evaluation
FactorEvaluation Criteria Manager’s Questions—
Aligned to CriteriaRelevant Organizational Security Plan Information (From Scenario)
Ability to discern specific software applications based on their unique data flows1.a.
1.b.
2.a.iii.
2.a.v.1.a. What are the organizational attributes?
These attributes may differ between departments depending on the applications in their workflow. A default grouping of approved open-
source apps should be created to standardize applications on all hosts and simplify monitoring.
1.b What are the organizational constraints?
As the organization is determined to utilize open-source tools as the first option, the risks for false positives may be increased. As mentioned above-defined software should be whitelisted to increase transparency for monitoring.
2.a.iii. What is the level of concern about the ability to defeat secure communications?
High. Breaking secure communications would mean exposing host devices and the network to attacks and risking data confidentiality and availability. 2.a.v. What is the level of concern about potential for harm?
High. If encrypted transmissions are intercepted, it poses a severe threat to the confidentiality of company and client data. Ability to handle encrypted data flows1.b.
2.a.iii.
2.a.v.1.b. What are the organizational constraints?
With the number of host devices present, the most significant constraint would be the current IT team.
2.a.iii. What is the level of concern about the ability to defeat secure communications?
High. If encrypted data is compromised, it puts the clients’ assets at risk and the assets and reputation of the institution.
2.a.v. What is the level of concern about potential for harm?
High. If encrypted data is intercepted and confidentiality is breached, it opens the institution up to litigation if client data is compromised.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Riveneye. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £5.29. You're not tied to anything after your purchase.