DIRE DAWA UNIVERSITY

INSTITUTE OF TECHNOLOGY

Department of Information Technology

Group Assignment

The main purpose is to prepare students for understanding the case study aspects of Information
Assurance Security

case study: Securing Project Cobalt: A CISO’s Journey

Acme Inc., a global leader in sustainable energy solutions, was on the verge of a
breakthrough. Project Cobalt, their top-secret initiative for a revolutionary battery
technology, held the potential to reshape the energy landscape. But with such sensitive
information, the stakes were high. A data breach could cripple Acme and empower their
competitors.
Enter Sarah, the newly appointed Chief Information Security Officer (CISO). Aware of the
immense value of Project Cobalt, Sarah knew a strong cybersecurity strategy was principal.
She envisioned a multifaceted approach built on the core principles of cryptography.
Sarah implemented Advanced Encryption Standard (AES), an industry-standard symmetric
algorithm, to scramble Project Cobalt data. Only authorized users with the decryption key
could access the information. Users needed not just their usernames and passwords, but also
a unique code from a security token to access Project Cobalt. This added layer made
unauthorized access significantly harder. Secure audit logs, encrypted with tamper-proof
techniques, documented every access attempt and action on Project Cobalt data. This
provided a certain record, preventing anyone from denying their involvement.
Sarah understood the criticality of the encryption keys. She implemented a Hardware
Security Module (HSM), a tamper-resistant device specifically designed to store and manage
cryptographic keys. This drastically reduced the risk of key theft or compromise. Sarah
recognized that technology alone wasn't enough. Comprehensive security awareness training
educated employees on potential threats and best practices.
A culture of cybersecurity was fostered, making everyone accountable for protecting Project
Cobalt. Acme's multifaceted approach, built on the core principles of cryptography, proved
successful. Project Cobalt remained secure, allowing the team to focus on innovation. The
robust security strategy not only protected sensitive information but also instilled confidence
in investors and partners.
The questions below are grounded in the above case study, aiming to delve into the security strategy
implemented at Acme Inc. for safeguarding Project Cobalt, a revolutionary battery technology. Through
a detailed analysis using the Information Assurance Security (IAS) framework, please comprehensive
discus.
 1. As a newly appointed CISO, Sarah faced immense pressure to secure Project Cobalt.
How did her leadership style and approach to risk management influence the chosen
security strategy?
2. What personal qualities do you think Sarah possessed that helped her overcome these
challenges?
3. The success of the security strategy relied heavily on user cooperation. How effective do
you think the implemented security awareness training was in fostering a culture of
cybersecurity at Acme?
4. Imagine yourself as an employee at Acme during the implementation of the new security
measures. How do you think these changes might have affected your daily work routine?
Would the benefits compensate for the potential inconveniences? (Provide a subjective
perspective on the impact of security measures)
5. The case study focuses on established cryptographic solutions like AES and HSMs. Do
you think Sarah's strategy was overly conditional on convergence approaches? Could
there have been room for exploring more cutting-edge security solutions?
6. The case study doesn't explore the specific details of the implemented security measures.
Based on the information provided, what potential drawbacks or vulnerabilities do you
see in Sarah's security architecture?
7. The case study paints a picture of success. Do you think the positive outcome is solely
attributable to the implemented security strategy, or were there other contributing factors?
(Expands the argument beyond just cryptography)
8. Imagine Acme is considering replicating this security strategy for a future top-secret
project. What are some key learnings from Project Cobalt's success that could be applied
to future endeavors?
9. In a scenario where Project Cobalt, currently reliant on IPv4, decides to undertake the
intimidating task of transitioning to IPv6, all while managing the distinctions of Windows
Vista security, a real-world case clarifies. This intense journey intensely describes the
challenges faced by the Acme during the transition, exploring the specific security
implications that arose in the context of Windows Vista and the coexistence of IPv4 and
IPv6?
10. Could you provide a concise yet compelling summary of your course material covered in
chapters 1 and 2 with this case study?

Note!
 In this case study, you are required to write (Only handwritten answer) a proper and
compiled report on what you are answered, and copied documents will be completely
rejected.
 A maximum number of students per group is 10. All group members should contribute to
and agree on your work before submission and presentation.
 finally, each member of group must be present your work
submission and presentation Date: -04/01/2024