WGU C845 Task 1- VUN1- Information
Systems with Accurate Solutions |Verified
Please avoid using AI (either partially or fully), as the assignment will be rejected if
there is a detection that AI was used.
4042.6.1 : Manage Control Access
The graduate manages control access to privileged, confidential, or proprietary resources.
4042.6.2 : Security Operations Concepts and Policies
The graduate evaluates security operations concepts and policies to ensure the
confidentiality, integrity, and availability of information assets is applied.
4042.6.3 : Processes and Security Threats
The graduate proposes security risks mitigations processes to identify, evaluate, prioritize,
and prevent potential security threats.
Introduction
Organizations face ongoing cybersecurity threats that require well-defined procedures for
detection, response, and recovery. Security professionals must be able to evaluate
incident response plans for effectiveness and resilience and ensure network
configurations are secure and optimized to prevent and mitigate attacks. In this task, you
will act as a cybersecurity analyst to review an organization's incident response process
and network security posture and propose improvements to strengthen overall protection.
Scenario
You have been hired as a security analyst at a midsize financial organization, FinSecure
Corp. The company is undergoing a security review and has asked you to assess its current
access management practices, operational security processes, and system threat activity.
You have been provided with a user role matrix, access control policies, operational policy
excerpts, and system logs from the past 48 hours. Your goal is to review the provided
materials, identify potential issues, and recommend improvements aligned with industry
best practices.
Refer to the attached "Security Operations Artifact" in the Supporting Documents section.
Assumptions
The rubric criteria are intended to guide your approach and help you understand the
expectations for each part of the task. You should use the rubric alongside the task
, instructions to ensure your work addresses all required components and demonstrates
the intended competencies.
A. Apply an access control model to the provided user role matrix and access control
policies in the attached "Security Operations Artifact" by doing the following:
1. Choose an access control model to apply to the provided user role matrix, and explain
how the principles of your chosen model apply to the organization's access control
structure.
2. Identify four misalignments in the provided user role matrix based on your chosen
access control model, and explain how each misalignment conflicts with your model's
principles.
3. Recommend three changes to resolve the misalignments identified in part A2. Justify
each recommendation based on applicable industry standards, frameworks, or best
practices (e.g., NIST SP 800-53, ISO/IEC 27001, CIS Controls, principles from the SSCP
Common Body of Knowledge).
4. Revise the provided user role matrix to reflect your chosen access control type and to
incorporate the changes recommended in part A3.
B. Evaluate the organization's access control policies and related operational practices by
doing the following:
1. Identify three policy gaps or inconsistencies in the organization's access control
policies that could affect access management or operational security.
2. Recommend one policy change or update for each gap identified in part B1 to
strengthen policy alignment with security best practices.
C. Using the attached "Security Operations Artifact," evaluate the organization's broader
operational processes and practices (e.g., change management, security awareness,
asset handling, physical security operations). Include the following elements in your
evaluation:
• an identification of three weaknesses in operational practices
• an explanation of how each identified weakness affects the confidentiality, integrity, or
availability (CIA) of organizational information
• a recommendation of one improvement to address each identified weakness
Systems with Accurate Solutions |Verified
Please avoid using AI (either partially or fully), as the assignment will be rejected if
there is a detection that AI was used.
4042.6.1 : Manage Control Access
The graduate manages control access to privileged, confidential, or proprietary resources.
4042.6.2 : Security Operations Concepts and Policies
The graduate evaluates security operations concepts and policies to ensure the
confidentiality, integrity, and availability of information assets is applied.
4042.6.3 : Processes and Security Threats
The graduate proposes security risks mitigations processes to identify, evaluate, prioritize,
and prevent potential security threats.
Introduction
Organizations face ongoing cybersecurity threats that require well-defined procedures for
detection, response, and recovery. Security professionals must be able to evaluate
incident response plans for effectiveness and resilience and ensure network
configurations are secure and optimized to prevent and mitigate attacks. In this task, you
will act as a cybersecurity analyst to review an organization's incident response process
and network security posture and propose improvements to strengthen overall protection.
Scenario
You have been hired as a security analyst at a midsize financial organization, FinSecure
Corp. The company is undergoing a security review and has asked you to assess its current
access management practices, operational security processes, and system threat activity.
You have been provided with a user role matrix, access control policies, operational policy
excerpts, and system logs from the past 48 hours. Your goal is to review the provided
materials, identify potential issues, and recommend improvements aligned with industry
best practices.
Refer to the attached "Security Operations Artifact" in the Supporting Documents section.
Assumptions
The rubric criteria are intended to guide your approach and help you understand the
expectations for each part of the task. You should use the rubric alongside the task
, instructions to ensure your work addresses all required components and demonstrates
the intended competencies.
A. Apply an access control model to the provided user role matrix and access control
policies in the attached "Security Operations Artifact" by doing the following:
1. Choose an access control model to apply to the provided user role matrix, and explain
how the principles of your chosen model apply to the organization's access control
structure.
2. Identify four misalignments in the provided user role matrix based on your chosen
access control model, and explain how each misalignment conflicts with your model's
principles.
3. Recommend three changes to resolve the misalignments identified in part A2. Justify
each recommendation based on applicable industry standards, frameworks, or best
practices (e.g., NIST SP 800-53, ISO/IEC 27001, CIS Controls, principles from the SSCP
Common Body of Knowledge).
4. Revise the provided user role matrix to reflect your chosen access control type and to
incorporate the changes recommended in part A3.
B. Evaluate the organization's access control policies and related operational practices by
doing the following:
1. Identify three policy gaps or inconsistencies in the organization's access control
policies that could affect access management or operational security.
2. Recommend one policy change or update for each gap identified in part B1 to
strengthen policy alignment with security best practices.
C. Using the attached "Security Operations Artifact," evaluate the organization's broader
operational processes and practices (e.g., change management, security awareness,
asset handling, physical security operations). Include the following elements in your
evaluation:
• an identification of three weaknesses in operational practices
• an explanation of how each identified weakness affects the confidentiality, integrity, or
availability (CIA) of organizational information
• a recommendation of one improvement to address each identified weakness
