Instructions
Create an outline of the gaps you believe that exist in the Capstone Project and some of the mitigation strategies you have to deal with them. (this is a beginners entry level class so this does not need to be too technical or wordy. Basic entry class). After the outline I will send a second order for the gap analysis writing.
below is the Project:
Complete and submit (in Week 6) a gap analysis explaining the technology and site variables and what security is missing based on the following case study.
Customer:
Water Plant
Challenge:
America’s Water Infrastructure Act (AWIA) of 2018 requires community water systems serving 3,300 or more people to conduct a risk and resilience assessment and develop an emergency response plan that has to be updated every five years. Failure to conduct a gap analysis and risk assessment places the plant at a high risk of critical systems being attacked, direct losses, damages, or penalties due to data being exposed, weakened confidence in the organization, and reduced availability of systems or data. The water plant wants us to deliver a combined gap and high-level risk assessment (HLRA) report, prioritized recommendations, and a roadmap for implementing the solutions.
Water systems are at risk for many types of cybersecurity attacks, such as ransomware, phishing, and compromise of remote access. Ransomware is when hackers scramble or encrypt plant data, then extort a ransom to release and unlock the code. Phishing is one of the most common ways through which individuals will con organizations with convincing emails. Although phishing is extremely common, many organizations are not adequately prepared to prevent it. Lastly, supervisory control and data acquisition (SCADA) systems for water applications commonly employ remote access based on the often wide physical separation of assets. This offers another pathway to attackers because if personnel can legitimately gain remote access, there is also the potential for hackers to gain illegitimate remote access. To ensure the plant is secure, each type of incident needs to be considered.