Project 5 (Group Project)
Data Loss Prevention Scenario
Wonderful news. The executive team of your media company has recognized the importance of cybersecurity and has promoted everyone in your group into the role of a chief information security officer, or CISO, for your respective subsidiary.
The company’s executive leadership team has tasked your team to plan the future of mass connectivity and data loss prevention technology for the company. You and your teammates will compile a technology strategy plan for incorporating IPv6, internet of things (IoT), and data loss prevention techniques—specifically blockchain, tokenization, data masking, data obfuscation, and other similar emerging technologies.
You will present this future technology road map and vision to the executive leadership. Your team will have about five members. In addition to the future technology road map and vision, your team will prepare a future view of the data flow of your enterprise network.
Your team discussions should be guided by your learning achieved through the other projects in this course. Your team will compile all the information into one cohesive report—the strategic technology plan for data loss prevention—to be presented to the executive team. Your team will also prepare an executive presentation explaining the highlights of your team’s plan.
The world of technology is changing at an unprecedented pace, and these changes represent business opportunities as well as challenges. Mass connectivity and faster speeds create opportunities for businesses to network more devices, complete more transactions, and enhance transaction quality. Internet Protocol version 6 (IPv6) and internet of things (IoT) are two such technologies that represent significant opportunities for strategic cybersecurity technology professionals to create lasting value for their organizations.
IoT is the phenomenon of connecting devices used in everyday life. It provides an interactive environment of human users and a myriad of devices in a global information highway, always on and always able to provide information. IoT connections happen among many types of devices—sensors, embedded technologies, machines, appliances, smartphones—all connected through wired and wireless networks.
Cloud architectures such as software as a service have further enabled big data analytics and improvement in areas such as automated manufacturing. Data and real-time analytics are now available to workers through wearables and mobile devices.
Such pervasive proliferation of IoT devices gives hackers avenues to gain access to personal data and financial information and increases the complexity of data protection. Given the increased risks of data breaches, newer techniques in data loss prevention should be examined.
Increased bandwidth and increased levels of interconnectivity have allowed data to become dispersed, creating issues for big data integrity. In such a world, even the financial transactions of the future are likely to be different—digital currencies such as Bitcoin may be used for some future financial transactions.
To survive and thrive, organizational technology strategists must develop appropriate technology road maps. These strategists must consider appropriate function, protection, and tamper-proofing of these new communications and transactions.
It will be impossible to protect data by merely concentrating on protecting repositories such as networks or endpoints. Cybersecurity strategists have to concentrate on protecting the data themselves. They will need to ensure that the data are protected no matter where they reside.
In this project, you will work with team members to compile a technology strategy plan for your organization to protect data throughout the company. This project will take about two weeks to complete. There are 10 steps in the project, which will include a 12- to 15-page report, slide presentation, and lab report. First, begin with the project scenario above, and then move to Step 1, where you will be assigned roles within your team and sign the team project charter.
- A Cybersecurity Technology Strategic Plan, about 12 to 15 double-spaced pages in a Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list in your plan.
- A set of about five to 10 narrated PowerPoint slides (written narration or in-class presentation can be substituted for audio/video narration) as an executive overview briefing that reflects the key elements of your team plan.
- Lab results of each individual member of the team.
Your work will be evaluated using the competencies listed below.
- 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
- 2.4: Consider and analyze information in context to the issue or problem.
- 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
- 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team.
- 4.4: Demonstrate diversity and inclusiveness in a team setting.
- 5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines.
- 6.3: Specify security solutions based on knowledge of principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, and data standardization processes.
- 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
Step 3: Develop Goals and Objectives
You and your team members have outlined the proposed devices and technologies for the data loss prevention plan. Next, focus on the organizational mission and develop a set of goals and objectives to show how your set of chosen devices and technologies will help your company prepare for the future. Include a discussion for deploying, maintaining, and securing these devices and technologies.
This section of the team plan should also include a discussion on the devices and technologies’ impact to the existing company infrastructure and security.
When you’ve completed this section, move to the next step, where you and your team members will conduct a detailed analysis of each device and technology.
Below you will find set ideas that will be in the overall paper. I am only responsible for step 3.
Name of Company: Global Media
Business Goals: Let’s stick with the theme of the course and be a media streaming/subscription company (Like Netflix). Important to protect intellectual property (shows, movies, music). Need to stop data leaks but also provide connectivity and high level of service to internal and external users.
General Ideas for Solutions:
- IPv6 – Although there has been a lot of talk about IPv6, that “flip of the switch” from IPv4 to IPv6 hasnt happened yet and won’t really happen for a while. So although it might be good to get ahead of the game, it is not as critical as some might make it out to be.
- Choice – CISCO IOS Devices that are IPv6 ready.
- New networking hardware is pretty much all IPv6 ready. Issue is with legacy HW. That should be talked about in the paper.
- IoT – The amount of administration and maintenance needed to keep up with patches/vulnerabilities is probably more than the benefit of having “smart” devices in a corporate network, but we can always pick a device or two to talk about
- Hardware choice – open to ideas
- Software Choice – Altair SmartWorks for centralized IoT device management.
- Alternative – don’t have IoT devices connected within the boundary.
- Blockchain – Storage of corporate data within a blockchain platform could help with DLP by providing strong encryption, non-repudiation, etc.
- Oracle BlockChain Platform
- Data Loss Prevention Platforms – Agent-based DLP solutions
- Alternative – Sophos, McAfee.
- Big Data Analytics for Security (Thinking SIEM tool/analytics of network and system traffic to detect potential malicious activity)
- Alternative – Elastic Stack, Solarwinds
- Data Governance
- IBM Data Governance
Other points are addressed within the above solutions. I’m not sure we need to talk about a specific product that would address them. More of less rolled into other solutions, but still need to at least talk about what they are: Data masking, data obfuscation, tamper-proofing.