Number each question as 1, 2, etc. to match with the question number. Use the citation rule. Adequate coverage of a single question (and there is more than one question in this assignment) is possible between 200 and 400 words. Any reference list, diagram, chart, table, etc. included are not counted towards the word limit.
Question 1. From the case studies provided this week, choose any one case study of your choice. Explain the three key characteristics of the cyber security breach in that case study and relate these three characteristics with any of the components of the National Institute of Standards and Technology (NIST), and/or CIS Controls Top 18 and/or OWASP 10. In other words, as you find the characteristics of the cyber security breaches in the case study of your choice, relate to the lessons on NIST and/or CIS Top 18 and/or OWASO 10. In your answer, match the incident with the specific standard name, or the control number so that I know the exact name of the standard/control. For example, clearly state that it matches with CIS Contol 3 on Data protection because (and elaborate accordingly). For any reason, if you do not find a matching standard or control, explain why. Number each characteristic as i, ii, iii so that I can clearly identify them.
Question 2. If you were in charge of the data breach case study that you have chosen, what three things you would have done differently? Answer this question with any policy, tools, technology that you would have used to prevent this from happening. Match each one of your recommendations with one/more of the NIST and/or CIS Top 18 and/or OWASO 10 by clearly stating the name of the standard or the control. For any reason, if you do not find a matching standard or control, explain why. Number each item as i, ii, iii so that I can clearly identify them.
Question 3. What are the three cyber security concerns unique in the government/federal/military organization and what policies, tools, and techniques would you propose for the government organization for each concern? You may find similarities and dissimilarities between government and non-government organizations. You may propose the tools and policies used in the non-government organization to be used by the government organization. Number each concern as i, ii, iii so that I can clearly identify them.
Question 4. From your learning of the case studies, analyze two commonalities (any common reason for the cyber security breach between the case studies) and two differences (a case study that had a unique reason/characteristic for the cyber security breach). Share three commonalities and three differences in the cyber security breaches among the case studies. Clearly state the case study name (e.g. Sony, Target, Department of Defence, etc.) in the answer so that it is obvious which security breach is related to which case study. You can also use any additional case study (not included in the lesson) to answer this question. It is not necessary that all the case studies must have the same commonalities. If you find the common reason between two to three case studies (e.g. both the case studies had weak authentication, unpatched software, etc.) that would suffice as a commonality. If a single case study stands out for a unique and obvious reason which is not found in any other case study (for example, the case study had unauthorized access, did not renew the software license, etc, which seems obvious but that was not addressed), that would suffice as a difference. This question encourages students to cross-compare the case studies. Number each commonality as i, ii and each difference as i, ii so that I can clearly identify them.
References
At the end list the references used in all the answers using the citation rule (see the course announcement on course protocol which notes the citation rule), and also cite the references in-line within the body of the writing.