Case Study #3: Technology & Product Review for Identity Governance & Administration


Case Study #3: Technology & Product Review for Identity Governance & Administration

Case Scenario:

Your employer is a small but growing software development company. A recently completed risk assessment found that the company had very weak controls over the issuance and management of user ID’s and privileged accounts. The risk assessment recommended that the company implement two key controls to mitigate insider threats: least privilege and separation of duties. The risk assessment also highlighted the potential financial losses which could occur due to theft or disclosure of the company’s strategic plans and intellectual property. The company’s Chief Technology Officer has recommended that an Identity Governance and Administration (IGA) product be purchased to help implement the required security controls.

As a member of the CTO’s team, you have been tasked to research, review, and recommend an IGA product which, at a minimum, will meet the company’s primary needs (controlling access and implementing least privilege and separation of duties).  Your product review and evaluation should include additional relevant features and characteristics which could help the company address and manage risks associated with insider threats.

Research:

  1. Review the Week 5 readings
  2. Choose an Identity Management or Identity Governance & Administration product which was mentioned in the readings. Research your chosen product using the vendor’s website and product information brochures.
  3. Find three or more additional sources which provide reviews for (a) your chosen product or (b) general information about the characteristics of Identity Governance & Administration. Products.

Write:

Write a 3 page summary of your research. At a minimum, your summary must include the following:

  1. An introduction or overview for the security technology category (Identity Governance & Administration).
  2. A review of the features, capabilities, and deficiencies for your selected vendor and product.
  3. Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.

As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars IA, 5 Pillars Information Security). See the resources listed under Course Resources > Cybersecurity Concepts Review for definitions and terminology.

Formatting Instructions

Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources.

Submit For Grading

Submit your case study in MS Word format (.docx or .doc file) using the Case Study #3:IGA Technology & Product Review assignment in your assignment folder. (Attach the file.)

Additional Information

  1. There is no penalty for writing more than 3 pages but, clarity and conciseness are valued. If your essay is shorter than 3 pages, you may not have sufficient content to meet the assignment requirements (see the rubric).
  2. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
  3. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy.

 

Tags:

CSIA 310 7380 Cybersecurity Processes and Technologies (2165)

Rubric Name: Case Study: Technology & Product Review Rubric
Criteria Excellent Outstanding Acceptable Needs Improvement Needs Significant
Improvement
Missing or
Unacceptable
Provided an
introduction or
overview for the
security technology
category
20 points
Provided an excellent
overview of the security
technology category
assigned for this case
study. The overview
appropriately used
informaƟon from 3 or
more authoritaƟve
sources, i.e. journal
arƟcles, industry or
trade publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
18 points
Provided an outstanding
overview of the security
technology category
assigned for this case
study. The overview
appropriately used
informaƟon from 2 or
more authoritaƟve
sources, i.e. journal
arƟcles, industry or
trade publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
16 points
Provided an overview of
the security technology
category assigned for
this case study. The
overview appropriately
used informaƟon from
authoritaƟve sources,
i.e. journal arƟcles,
industry or trade
publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
14 points
Provided an overview or
introducƟon that was
lacking in detail.
InformaƟon from
authoritaƟve sources
was cited and used in
the overview.
9 points
IdenƟfied an
appropriate technology
but the overview of that
technology lacked detail
and/or was not well
supported by
informaƟon drawn from
authoritaƟve sources.
0 points
The introducƟon and/or
overview secƟons of the
paper were off topic or
failed to provide an
overview of the security
technology category.
Identified and
Reviewed a Vendor
product
25 points
Provided an excellent
review of the features,
capabiliƟes, and
deficiencies for a
selected vendor product
in the assigned security
technology category.
The review
appropriately used
informaƟon from 5 or
more authoritaƟve
sources, i.e. journal
arƟcles, industry or
trade publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
22.5 points
Provided an outstanding
review of the features,
capabiliƟes, and
deficiencies for a
selected vendor product
in the assigned security
technology category.
The review
appropriately used
informaƟon from 4 or
more authoritaƟve
sources, i.e. journal
arƟcles, industry or
trade publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
20 points
Provided a review of the
features, capabiliƟes,
and deficiencies for a
selected vendor product
in the assigned security
technology category.
The review
appropriately used
informaƟon from 3 or
more authoritaƟve
sources, i.e. journal
arƟcles, industry or
trade publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
17.5 points
IdenƟfied an
appropriate vendor
product. Provided a
review that was lacking
in detail. Used some
informaƟon from
authoritaƟve sources,
i.e. journal arƟcles,
industry or trade
publicaƟons, news
arƟcles, industry or
government white
papers and
authoritaƟve Web sites.
12.5 points
IdenƟfied an
appropriate vendor
product but the review
of that product lacked
detail and/or was not
well supported by
informaƟon drawn from
authoritaƟve sources.
0 points
The product review was
off topic or was not
supported by
informaƟon from
authoritaƟve sources.
Reported on how the
product could be used
to support
cybersecurity objectives
(i.e. confidentiality,
integrity, availability,
authorization,
authentication, etc.)
20 points
Provided an excellent
discussion of how the
selected product could
be used to support
cybersecurity objecƟves
by reducing risk,
increasing resistance to
threats/aƩacks,
decreasing
vulnerabiliƟes, etc.
Discussion provided five
or more specific
examples of how use of
this product would
posiƟvely impact
cybersecurity for
informaƟon,
18 points
Provided an outstanding
discussion of how the
selected product couldbe used to supportcybersecurity objecƟvesby reducing risk,increasing resistance tothreats/aƩacks,decreasingvulnerabiliƟes, etc.Discussion providedthree or more specificexamples of how use ofthis product wouldposiƟvely impactcybersecurity forinformaƟon,16 pointsProvided a discussion ofhow the selectedproduct could be usedto support cybersecurityobjecƟves. Discussionprovided at least oneappropriate example.The discussion wassupported byinformaƟon drawn fromauthoritaƟve sources.14 pointsDiscussion providedsome informaƟon abouthow the selectedproduct could be usedto support cybersecurityobjecƟves. MenƟonedinformaƟon obtainedfrom authoritaƟvesources.9 pointsDiscussed cybersecuritybenefits from the use ofthe selected productbut the discussionlacked detail and/or wasnot supported byinformaƟon fromauthoritaƟve sources.0 pointsDid not address the useof the product tosupport cybersecurityobjecƟves.CSIA 310 7380 Cybersecu… Dennis CookeSubmit Cancel

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: