SNHU Fundamental Security Design Principles Case Study

In this case study assignment, we will continue to investigate the Fundamental Security Design Principles at work in a real-world scenario. Through the lens of
privacy protection, we will analyze the following principles:
 Isolation
 Encapsulation
 Complete Mediation
 Minimize Trust Surface (Reluctance to trust)
 Trust relationships
Case Study Scenario
The security team at your organization receives an alert from your organization’s cloud storage provider, DataStore. DataStore is a popular cloud-based data
hosting service that your organization has contracted with to store public-facing information such as product briefs and advertisements in a “shared” platform
with many other customers. Your organization has a policy against transferring confidential data to the cloud and has asked DataStore to alert your security
team if they detect unusual data-transfer activities. DataStore noticed that an active connection transferred large numbers of files to their platform and
promptly investigated. Upon closer inspection, the DataStore employee recognized that customer names and social security numbers were clearly displayed in
the uploaded files.
The security team, with the help of DataStore, discovered that an intern was responsible for the large data transfer. The intern accidentally saved confidential
email attachments to a folder on his system that synchronized with DataStore. The intern apologized and stated that he would delete the data from the cloud
storage location. However, the problematic files were available for public download for a short period of time.
Prompt
After reading the scenario above, complete the Fundamental Security Design Principles mapping table in the Case Study Template and answer the short
response questions. You’ll notice that the Fundamental Security Design Principles listed differ from those presented in previous activities. In the cybersecurity
trade, there are many different design principles and frameworks. Successful practitioners learn to work with many different (but conceptually similar) principles
to achieve their security goals.
Specifically, you must address the critical elements listed below:
I. Fundamental Security Design Principles Mapping: Fill in the table in the Module Three Case Study Template by completing the following steps for each
control recommendation:
A. Specify which Fundamental Security Design Principle applies to the control recommendations by marking the appropriate cells with an X.
B. Indicate which security objective (confidentiality, availability, or integrity) applies best to the control recommendations.
C. Explain your choices in one to two sentences with relevant justifications.
II. Short Response Questions:
A. Is it possible to use DataStore and maintain an isolated environment? Explain your reasoning.
B. How could the organization have more effectively applied the principle of minimizing trust surface with DataStore to protect its confidential
data? Explain your reasoning.
C. How can the organization build a more security-aware culture from the top down to prevent mistakes before they happen? Explain your
reasoning.
Guidelines for Submission: Submit your completed Fundamental Security Design Principles map and short response answers in the Module Three Case Study
Template. Your submission should be 1–2 pages in length (plus a cover page and references, if used) and written in APA format. Use double spacing, 12-point
Times New Roman font, and one-inch margins.