Posted: April 24th, 2025

project 2

To complete this assignment, review the prompt and grading rubric in the

Project Two Guidelines and Rubric

. When you have finished your work, submit the assignment here for grading and instructor feedback. For reference, refer to the

CIA Triad and Fundamental Security Design Principles PDF

document.

CYB 200 Project Two Guidelines and Rubric

Overview

This project is to create an incident analysis brief for your manager. Cybersecurity incidents will occur regardless of the level of protec�on and preven�on an organiza�on has in place. The

response to the incident is what may make or break an organiza�on. As you progress through your degree, you will build your skills to address all stages of incident response: prepara�on,

detec�on and analysis, containment, eradica�on and recovery, and post-incident ac�vity.

A cri�cal aspect of incident response is using the informa�on gained from an incident to improve the organiza�on’s security. The insight helps security professionals develop solu�ons that

reduce the likelihood of similar incidents in the future. It also helps balance the poten�al nega�ve impacts on the people, processes, and technologies the solu�ons ul�mately affect. In this

project, you will examine a past incident and use the Fundamental Security Design Principles to develop recommenda�ons that will protect the organiza�on in the future.

In this assignment, you will demonstrate your mastery of the following course competency:

Describe fundamental principles of cybersecurity

Scenario

In a course announcement, your instructor will provide you with a scenario to base your work on. In the scenario, you are a security analyst crea�ng an incident analysis brief that explains to

the security or IT director explaining how to apply the Fundamental Security Design Principles to strengthen the organiza�on’s security posture following the incident described in the case.

The scenario will provide all the specific technical informa�on you need for your brief. You should address each cri�cal element in the Project Two prompt, speaking broadly to your analysis

and recommenda�ons based on your research from the course materials in previous modules.

Prompt

Using evidence from the scenario, prepare an incident analysis brief for your manager. Limit your analysis to one security objec�ve and two Fundamental Security Design Principles from the

lists below.

Security Objec�ve (Choose One):

Confiden�ality

Integrity

Availability

Fundamental Security Design Principles (Choose Two):

Separa�on (of domains and du�es)



10/7/24, 3:33 PM Assignment Information

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102839/View 1/4

https://app.readspeaker.com/cgi-bin/rsent?customerid=9568&url=https%3A%2F%2Flearn.snhu.edu%2Fcontent%2Fenforced%2F1698647-CYB-200-13406.202481-1%2FProject%2520Two%2520Guidelines%2520and%2520Rubric.html&lang=en_us&readid=d2l_read_element_1

Isola�on

Encapsula�on

Modularity

Simplicity of design (economy of mechanism)

Minimiza�on of implementa�on (least common mechanism)

Open design

Complete media�on

Layering (defense in depth)

Least privilege

Fail-safe defaults and fail secure

Least astonishment (psychological acceptability)

Minimiza�on of trust surface (reluctance to trust)

Usability

Trust rela�onships

Specifically, you must address the cri�cal elements listed below:

I. Scenario Analysis: Using your work in the case study analyses (Modules Two through Four) and other course resources as reference, select the security objec�ve you think is most

relevant to the organiza�on in the case.

A. Describe why the loss of your selected security objec�ve (confiden�ality, integrity, or availability) reflects the greatest overall nega�ve impact on the organiza�on. Use evidence

from the scenario and your coursework to support your selec�on.

B. Summarize the nega�ve impacts on people, processes, and technologies associated with the loss of your selected security objec�ve.

II. Recommenda�ons: Select two Fundamental Security Design Principles as criteria, and recommend solu�ons to remedy the loss of the selected security objec�ve based on your

assessment of the incident.

A. Explain how your solu�on implements the selected Fundamental Security Design Principles. Provide evidence from the scenario and your coursework to support your selec�ons.

B. Describe how your solu�on balances impacts on people, processes, and technologies.

C. Explain which aspect of your solu�on you would recommend to your manager as the most important to the organiza�on. Support your response with evidence from the

coursework or scenario

10/7/24, 3:33 PM Assignment Information

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102839/View 2/4

What to Submit

Your submission should be 3 to 5 pages in length (plus a cover page and references) and should be wri�en in APA format. Use double spacing, 12-point Times New Roman font, and one-inch

margins. Include at least three references, which should be cited according to APA style. Use a file name that includes the course code, the assignment �tle, and your name—for example,

CYB_200_Project_Two_Neo_Anderson x.

Project Two Rubric

Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value

Scenario Analysis: Greatest

Overall Nega�ve Impact

Meets “Proficient” criteria and

addresses cri�cal element in an

excep�onally clear, insigh�ul,

sophis�cated, or crea�ve

manner

Describes why the loss of the

selected

security objec�ve

reflects the greatest overall

nega�ve impact on the

organiza�on with evidence

from the scenario and

coursework to support the

selec�on

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address cri�cal

element, or response is

irrelevant

19

Scenario Analysis: Nega�ve

Impacts

Meets “Proficient” criteria and

addresses cri�cal element in an

excep�onally clear, insigh�ul,

sophis�cated, or crea�ve

manner

Summarizes the nega�ve

impacts on people, processes,

and technologies associated

with the loss of the selected

security objec�ve

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address cri�cal

element, or response is

irrelevant

19

Recommenda�ons:

Implementa�on of

Fundamental Security

Design Principles

Meets “Proficient” criteria and

addresses cri�cal element in an

excep�onally clear, insigh�ul,

sophis�cated, or crea�ve

manner

Explains how the solu�on

implements the selected

Fundamental Security Design

Principles with evidence to

support the selec�ons

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address cri�cal

element, or response is

irrelevant

19

Recommenda�ons:

Balancing Impacts

Meets “Proficient” criteria and

addresses cri�cal element in an

excep�onally clear, insigh�ul,

sophis�cated, or crea�ve

manner

Describes how the solu�on

balances impacts on people,

processes, and technologies

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address cri�cal

element, or response is

irrelevant

19

10/7/24, 3:33 PM Assignment Information

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102839/View 3/4

Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value

Recommenda�ons:

Importance to Organiza�on

Meets “Proficient” criteria and

addresses cri�cal element in an

excep�onally clear, insigh�ul,

sophis�cated, or crea�ve

manner

Explains which aspect of the

solu�on is most important to

the organiza�on with evidence

to support the explana�on

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address cri�cal

element, or response is

irrelevant

19

Ar�cula�on of Response Submission is free of errors

related to cita�ons, grammar,

spelling, and organiza�on and

is presented in a professional

and easy-to-read format

Submission has no major errors

related to cita�ons, grammar,

spelling, or organiza�on

Submission has some errors

related to cita�ons, grammar,

spelling, or organiza�on that

nega�vely impact readability

and ar�cula�on of main ideas

Submission has cri�cal errors

related to cita�ons, grammar,

spelling, or organiza�on that

prevent understanding of ideas

5

Total: 100%

10/7/24, 3:33 PM Assignment Information

https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102839/View 4/4

CIA Triad and

Fundamental Security Design Principles

The terms listed below are essential in the field of cybersecurity and will be a topic of conversation and
application throughout the program. It is therefore important for you to familiarize yourself with these
terms and their definitions.

Note that the CIA triad is sometimes referred to as the tenets of cybersecurity. The Fundamental
Security Design Principles are sometimes called fundamental design principles, cybersecurity first
principles, the cornerstone of cybersecurity, and so on.

CIA Triad

Information that is secure satisfies three main tenets, or properties, of information. If you can ensure
these three tenets, you satisfy the requirements of secure information (Kim & Solomon, 2013).

 Confidentiality
Only authorized users can view information (Kim & Solomon, 2013).

 Integrity
Only authorized users can change information (Kim & Solomon, 2013).

 Availability
Information is accessible by authorized users whenever they request the information (Kim &
Solomon, 2013).

Fundamental Security Design Principles

These principles offer a balance between aspirational (and therefore unobtainable) “perfect security,”
and the pragmatic need to get things done. Although each of the principles can powerfully affect
security, the principles have their full effect only when used in concert and throughout an organization.
These principles are a powerful mental tool for approaching security: one that doesn’t age out of
usefulness or apply only to a few specific technologies and contexts; one that can be used for
architecture, postmortem analysis, operations, and communication. The principles are ultimately only
one piece in the security practitioner’s toolkit, but they are a flexible piece that will serve different roles
for different people (Sons, Russell, & Jackson, 2017).

 Abstraction
Removal of clutter. Only the needed information is provided for an object-oriented mentality.
This is a way to allow adversaries to see only a minimal amount of information while securing
other aspects of the model (Tjaden, 2015).

 Complete Mediation
All accesses to objects should be checked to ensure that they are allowed (Bishop, 2003).

 Encapsulation
The ability to only use a resource as it was designed to be used. This may mean that a piece of
equipment is not being used maliciously or in a way that could be detrimental to the overall
system (Tjaden, 2015).

 Fail-Safe Defaults / Fail Secure
The theory that unless a subject is given explicit access to an object, it should be denied access
to that object (Bishop, 2003).

 Information Hiding
Users having an interface to interact with the system behind the scenes. The user should not be
worried about the nuts and bolts behind the scenes, only the modes of access presented to
them. This topic is also integrated with object-oriented programming (Tjaden, 2015).

 Isolation
Individual processes or tasks running in their own space. This ensures that the processes will
have enough resources to run and will not interfere with other processes running (Tjaden,
2015).

 Layering
Having multiple forms of security. This can be from hardware or software, but it involves a series
of checks and balances to make sure the entire system is secured from multiple perspectives
(Tjaden, 2015).

 Least Astonishment (Psychological Acceptability)
Security mechanisms should not make the resource more difficult to access than when security
mechanisms were not present (Bishop, 2003).

 Least Privilege
The assurance that an entity only has the minimal amount of privileges to perform their duties.
There is no extension of privileges to senior people just because they are senior; if they don’t
need the permissions to perform their normal everyday tasks, then they don’t receive higher
privileges (Tjaden, 2015).

 Minimization of Implementation (Least Common Mechanism)
Mechanisms used to access resources should not be shared (Bishop, 2003).

 Minimize Trust Surface (Reluctance to Trust)
The ability to reduce the degree to which the user or a component depends on the reliability of
another component (Bishop, 2003).

 Modularity
The breaking down of larger tasks into smaller, more manageable tasks. This smaller task may
be reused, and therefore the process can be repurposed time and time again (Tjaden, 2015).

 Open Design
The security of a mechanism should not depend on the secrecy of its design or implementation
(Bishop, 2003).

 Separation (of Domains)
The division of power within a system. No one part of a system should have complete control
over another part. There should always be a system of checks and balances that leverage the
ability for parts of the system to work together (Tjaden, 2015).

 Simplicity (of Design)
The straightforward layout of the product. The ability to reduce the learning curve when
analyzing and understanding the hardware or software involved in the information system
(Tjaden, 2015).

 Trust Relationships
A logical connection that is established between directory domains so that the rights and
privileges of users and devices in one domain are shared with the other (PC Magazine, 2018).

 Usability
How easy hardware or software is to operate, especially for the first-time user. Considering how
difficult applications and websites can be to navigate through, one would wish that all designers
took usability into greater consideration than they do (PC Magazine, 2018).

References

Bishop, M. (2003). Computer security: Art and science. Boston, MA: Addison-Wesley Professional.
Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security (2nd ed.). Burlington,

MA: Jones & Bartlett Publishers.
PC Magazine. (2018). Encyclopedia. Retrieved from https://www.pcmag.com/encyclopedia
Sons, S., Russell, S., & Jackson, C. (2017). Security from first principles. Sebastopol, CA: O’Reilly Media,

Inc.
Tjaden, B. C. (2015). Appendix 1: Cybersecurity first principles. Retrieved from

https://users.cs.jmu.edu/tjadenbc/Bootcamp/0-GenCyber-First-Principles