CYB 220 TECHNOLOGY EVALUATION CRITERIA WORKSHEET
MODULE 5 SOUTHERN NEWHAMPSHIRE UNIVERSITY
For each section of this worksheet, fill in the empty cells with the required information.
Technology Evaluation Criteria Table
Evaluation
FactorEvaluation CriteriaManager’s Questions—
Aligned to CriteriaRelevant Organizational Security Plan Information (From Scenario) EffectivenessAbility to identify network-connected
systems1.a.
2.a.i.1.a: What are the organizational attributes? 150-200 Employees, 4 restricted segmented networks for each department w/req for remote access
2.a.i: What is the level of concern about who’s on (or off) the network? There is a requirement to be able identify anyone with
malicious intent.
Ability to discern operating systems of network-
connected systems1.b.
2.a.ii.1.b: What are the organizational constraints? There are up to 200 hosts on the network, most likely all using the same OS due to simplicity.
2.a.ii: What is the level of concern about detailed information relating to specific assets on (or off) the network? Detailed tracking of assets w/ip add. and mac add. needs to be accomplished to be able to
identify insider threats with up to 200 hosts on the network.
Ability to discern specific software applications based on their unique data flows1.a.
1.b.
2.a.iii.
2.a.v.1.a: What are the organizational attributes? There are 4 departments within the company, narrowing down unique data from an application should be simple.
1.b: What are the organizational constraints? The risk for false positives is high due to the unorthodox method of tracking software applications
2.a.iii: What is the level of concern about the ability to defeat secure communications? High, having secure comms broken would leave the organization vulnerable and indicate there is a larger threat lurking 2.a.v: What is the level of concern about potential for harm? High, all attempts need to be exhausted to protect customer PII
MODULE 5 SOUTHERN NEWHAMPSHIRE UNIVERSITY
For each section of this worksheet, fill in the empty cells with the required information.
Technology Evaluation Criteria Table
Evaluation
FactorEvaluation CriteriaManager’s Questions—
Aligned to CriteriaRelevant Organizational Security Plan Information (From Scenario) EffectivenessAbility to identify network-connected
systems1.a.
2.a.i.1.a: What are the organizational attributes? 150-200 Employees, 4 restricted segmented networks for each department w/req for remote access
2.a.i: What is the level of concern about who’s on (or off) the network? There is a requirement to be able identify anyone with
malicious intent.
Ability to discern operating systems of network-
connected systems1.b.
2.a.ii.1.b: What are the organizational constraints? There are up to 200 hosts on the network, most likely all using the same OS due to simplicity.
2.a.ii: What is the level of concern about detailed information relating to specific assets on (or off) the network? Detailed tracking of assets w/ip add. and mac add. needs to be accomplished to be able to
identify insider threats with up to 200 hosts on the network.
Ability to discern specific software applications based on their unique data flows1.a.
1.b.
2.a.iii.
2.a.v.1.a: What are the organizational attributes? There are 4 departments within the company, narrowing down unique data from an application should be simple.
1.b: What are the organizational constraints? The risk for false positives is high due to the unorthodox method of tracking software applications
2.a.iii: What is the level of concern about the ability to defeat secure communications? High, having secure comms broken would leave the organization vulnerable and indicate there is a larger threat lurking 2.a.v: What is the level of concern about potential for harm? High, all attempts need to be exhausted to protect customer PII
