CYB/415 v2
NewTab Project Profile
CYB/415 v2
Page 2 of 2
NewTab Project Profile
Refer to this project profile as you complete the Wk 2 – Security Assessment Plan, the Wk 4 – Incident Response Plan and Penetration Testing Agreement, and the Wk 5 – Strategic Plan assignments.
Scenario
The health care organization is adding a tablet (iPad® 2, iOS 8.0.1) to its personnel reporting information system, called HI-PHI. It will be attached to the health care organization ’s secured network infrastructure.
NewTab provides the health care organization with the capability to view and modify Protected Health Information (PHI) from the master registration database on a mobile device (i.e., iPad®). The PHI is transmitted wirelessly to the iPad® into HI-PHI.
User Community: 25 users (doctors)
Data: HI-PHI includes protected health information (PHI)
NewTab Suite
· iPads®:
· Model: iPad® 2, iOS 8.0.1
· Pre-loaded with standard iOS apps
· Use standard 6-number passcode to access iPad®
· Use VPN client to remotely access health care organization network with user’s network account login
· Within the network, the iPad® automatically connects to health care organization ’s wireless network
· HI-PHI Application:
· Uses single sign-on (from network account) to log into HI-PHI
· Accesses PHI from the PHI database
· PHI Database (protected health information)
Architecture
Security Requirement Control Families
Note: A detailed description of these families can be found in FIPS Publication 200.
1. AC Access Control
2. AT Awareness and Training
3. AU Audit and Accountability
4. CP Contingency Planning
5. IA Identification and Authentication
6. IR Incident Response
7. MP Media Protection
8. PE Physical and Environmental Protection
9. PS Personnel Security
10. SC System and Communications Protection
11. SI System and Information Integrity
List of Vulnerabilities Discovered From a Security Test and Evaluation
Vulnerability #1: Tools for the review of audit records and the reports generated from audit records are not available. Audit records do not include some or all of the mandatory data. The contents of audit trails are not protected against unauthorized access, modification, or deletion.
Vulnerability #2: The authentication required to access the iPads®, once screen-locks are activated, are not unique to each device. Non-unique authentication for screen unlock is utilized throughout system. All iPads® are set to the same screensaver unlock password.
Vulnerability #3: No information security personnel training plan has been developed that identifies initial and refresher training and familiarization requirements for assigned information security roles.
Vulnerability #4: iPads® are not configured to enforce the password stringency required by NIST Policy. The iPads® are not configured to enforce the required password strength, complexity, and aging. The health care organization senior leadership has specified that passwords will have a minimum of 12 characters using at least one upper case character, one lower case character, a number, and a special character. The policy will also enforce mandatory changing of passwords after every 90 days.
Vulnerability #5: The iPads® are not stored and locked in a secured location when employees are not using them. There is no policy for employees to sign out iPads®.
Vulnerability #6: There is no set of Employee Rules of Behaviors for users to sign holding them accountable for their actions.
Vulnerability #7: There is no mobile device management capability.
Financial Plan for Implementation of the Information Security Organization
1. Total Annual Infrastructure Budget: $1.2 million (hardware, software, licenses, spares, etc.)
2. Total Annual Supplies Budget: $0.2 million (user computers, batteries, etc.)
3. Total Annual Personnel Budget: TBD (will be determined in Week 5 financial plan)
4. Total Training Budget: TBD (will be determined in Week 5 financial plan)
The Total Annual Operating Budget will be the sum of the 4 areas above.
The Infrastructure Budget includes SOC equipment which is to include SIEM servers and software (e.g., vulnerability scanners, log correlation, event monitoring).
Information Security Personnel Resources
Position
Level
Certification
Salary and Benefits Cost Per Year
Note: This is not the individual salary per year; this includes the complete cost to the company, factoring in vacation, health insurance, 401K, etc.
Training Costs Per Year
CISO
Senior
CISSP, CCISO
$300,000
$15,000
Senior Information Security Manager
Senior
CISSP, CISM
$250,000
$15,000
Senior Security Architect
Senior
CISSP, CISM
$200,000
$5,000
Security Architect
Mid-Level
CISSP, Sec+, SSCP
$150,000
$5,000
Senior Security Engineer
Senior
CISSP, CISM
$200,000
$5,000
Security Engineer
Mid-Level
CISSP, Sec+, SSCP
$150,000
$5,000
Senior Security Risk Analyst
Senior
CISSP, CISM
$200,000
$2,000
Security Risk Analyst
Mid-Level
CISSP, Sec+, SSCP
$150,000
$2,000
Junior Security Risk Analyst
Entry Level
Sec+, SSCP
$100,000
$2,000
Security Incident Responder
Mid-Level
CISSP, Sec+, SSCP
$125,000
$2,000
image1.png
- WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
QUALITY: 100% ORIGINAL PAPER – NO ChatGPT.NO PLAGIARISM – CUSTOM PAPER
Looking for unparalleled custom paper writing services? Our team of experienced professionals at AcademicWritersBay.com is here to provide you with top-notch assistance that caters to your unique needs.
We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.
Why Choose AcademicWritersBay.com?
- Our papers are 100% original, custom-written from scratch.
- We’re here to support you around the clock, any day of the year.
- You’ll find our prices competitive and reasonable.
- We handle papers across all subjects, regardless of urgency or difficulty.
- Need a paper urgently? We can deliver within 6 hours!
- Relax with our on-time delivery commitment.
- We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
- Benefit from unlimited amendments upon request to get the paper you envisioned.
- We pledge our dedication to meeting your expectations and achieving the grade you deserve.
Our Process: Getting started with us is as simple as can be. Here’s how to do it:
- Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
- Provide the specifics of your paper in the “PAPER DETAILS” section.
- Select your academic level, the deadline, and the required number of pages.
- Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
- Follow the simple payment instructions and soon, our writers will be hard at work on your paper.
AcademicWritersBay.com is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.
