INTRODUCTION
Design, develop, and implement the capstone project approved by your course instructor.
Compile the information for your solution into a report based on the prompts below.
Your work for this task will not be evaluated until the appropriate forms from Task 1 have been submitted and evaluated.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
- Write an executive report that includes the following requirements:
- the security problem under investigation
- background information about the problem
- a root cause analysis of the problem
- a description of the stakeholders
- an analysis of systems, processes, or both
- a description of the project requirements
- the data available or the data that needs to be collected to support the project
- the industry-standard methodology you used to guide and support the solution’s design and development
- deliverables associated with the design and development of the technology solution
- the strategy for implementing the solution and anticipated outcomes from the project, including phases of the rollout, details of project launch, and training plan for users
- the quality assurance plan for the solution, including formative and summative evaluation plans and plans for revision
- assessment of risks associated with the implementation
- the technology environments, tools, and any related costs, as well as the human resources, that are necessary to execute eachproject phase
- a projected timeline, including milestones, start and end dates, duration for each milestone, dependencies, and resources assigned to eachtask
- the framework that will be used to assess the success of the project and assess if the security solution meets stakeholder’s needs, including test cases and acceptance criteria
- Design and develop a technology-supported security solution that addresses your identified business problem or organizational need.
- Your solution must contribute to at leastoneof the following major security areas:
Cyberlaw, Regulations, and Compliance
Leadership and Professionalism
Security Planning and Management
Systems Security
- Provide a summary that explains how your solution meets the following criteria:
- facilitates the development of consensus-based codes of conduct
- promotes the adoption of standards and practices
- promotes automation in cybersecurity
- improves and modernizes security assurance
- implements industry-standard security tools and infrastructure or environment
- collects digital evidence, including data for analysis or forensics
- provides cybersecurity plans, strategies, and policies
- implements confidentiality, integrity, and availability
- mitigates cybersecurity threats
- investigates cybersecurity incidents or crimes
- includes decision-support functionality
- provides a training plan for users
- Create eachof the following forms of documentation for the solution you have developed:
- a subset of comprehensive elements of cybersecurity plans, policies, standards, or procedures
- analysis of the alignment of the solution with organizational cybersecurity initiative or regulatory compliance
- assessment of the solution’s implementation, including testing results and implemented revisions
- applications, tools, installation, and user guides for any other environment used
- WGU Cyber Range artifacts (if applicable)
- assessment of the efficiency of the solution
- post-implementation systems and process analysis, including diagrams or descriptions of the environment
- post-implementation risk assessment
- analysis of collected data
- analysis of the final output
- stakeholder impact analysis
- post-implementation and maintenance plans for the solution, including supporting resources
- the results from the solution testing and revisions
- training plan for users
- control deficiencies analysis that includes a plan of action and milestones
- source code and executable files, with installation and user guides, if applicable
- applications, tools, installation, and user guides for the WGU Cyber Range or any other cyber security testing environment used
- artifacts from the domain your solution addresses (listed below)
Domain: Cyber Risk Management and Oversight.
– organization chart
– cybersecurity-related policies and procedures
– strategic plans
– cybersecurity job descriptions
– cybersecurity personnel qualifications
– risk assessments
– data loss prevention analysis
– IT audit schedule
– IT audit reports and correspondence
– audit exception tracking
– risk management reports
– cybersecurity training policies and procedures
– cybersecurity training and awareness materials
Domain: Cybersecurity Controls
– list of physical access controls (e.g., key cards, biometric controls, video cameras)
– baseline security configuration standards
– vulnerability or patch management policies and procedures
– patch management reports
– penetration test results and reports
– vulnerability assessments
– continuous monitoring strategy
Domain: External Dependency Management
– list of third parties and subcontractors
– contracts governing all third-party relationships
– inventory of all third-party connections
– network topology/diagram
– independent reports on the service provider’s security controls
– remote access logs
– third-party employee access reviews
– vendor management policies and procedures
Domain: Threat Intelligence and Collaboration
– list of threat intelligence resources (e.g., industry groups, consortiums, threat and vulnerability reporting services)
– management reports on cyber intelligence
Domain: Cyber Resilience
– cybersecurity event log and reports on cyber incidents
– business impact analysis
– business or corporate continuity plan
– results of resilience testing
– resilience testing reports
– cyber incident response plans
– crisis management plans
– data loss prevention analysis
– continuous monitoring strategy
- Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
- Demonstrate professional communication in the content and presentation of your submission.