Introduction

In this task, you will design the capstone project approved by your instructor. You will write a report about the security problem you identified in Task 1 and compile the information for your solution to that security problem into a report.

Your work for this task will not be evaluated until the appropriate forms from Task 1 have been submitted and evaluated.

Requirements

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).

Write a report of the security problem under investigation by doing the following:

A.Describe the security problem under investigation.

1.Explain the importance of the security problem, including background information and the environment in which the problem exists.

2. Provide documentation related to the security problem demonstrating the need for a solution, referencing applicable white papers or articles.

3. Summarize each root cause of the problem in the identified environment where the security problem is situated, including supporting evidence, if applicable.

B. Summarize each internal and external project stakeholder role by including each of the following:

?individual stakeholder implementation involvement and associated individual needs

? how the security problem affects the stakeholder

? stakeholder influence on the projects' objectives and outcomes

C. Describe the historical data used to support decision-making throughout the project (e.g., vulnerability scans, penetration testing, testing or validation scenarios, audit results, etc.).

D. Provide a detailed explanation of the project requirements to implement the solution.

1.Describe the industry-standard methodologies guiding the solution's design and development.

2. Describe the project launch, including allphases of the rollout, the criteria used to determine the conclusion of implementation, and the project management methodology for implementation.

3. Describe the likelihood of all implementation risks and their impact on the project.

E. Describe the training approach, including the audience, delivery, content, and duration.

F. Describe the required resources necessary to execute each project phase, and provide sources for all costs.

G. Describe all final project deliverables associated with the design and development of the technology solution.

1.Estimate the projected timeline, including each of the following:

? each milestone and its duration

? start and end dates

? resources assigned to each task

H. Detail the project evaluation approach that will be used to assess the project, addressing the following:

1.Describe the formative and summative test plans for the solution, including all required procedures and tools.

2.Describe the minimal acceptance criteria and key performance indicators for project acceptance as they align with your formative and summative test plans.

3. Justify the test cases and scenarios in the environment of the security problem being addressed.

4. Explain how you will analyze your results.

I. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

Student Name: Click here to enter text. Student ID: Click here to enter text. Capstone Project Name: Securing and Shielding loT Devices Project Topic: How to secure loT Devices from vulnerabilities Scenario Fictional Facility: ClearHealth Medical Center ClearHealth Medical Center, a mid-size Midwest healthcare organization. The hospital uses loT devices for patient care, diagnostics, and operations. Wearable biometric monitors, smart insulin pumps, connected respirators, and portable diagnostic tools (all in communication with the hospital's central network) Healthcare is a particularly sensitive subject as any security vulnerability could place patient lives and privacy under threat due to the hypercritical nature of this industry. A relatively new risk assessment focusing on possible vulnerabilities in communication between the hospital servers, and open patches used in these loT devices. Anand, P., Singh, Y., Selwal, A., Singh, P. K., Raluca, A. F., & Raboaca, M. S. (2020). This makes it more crucial than ever to address the vulnerabilities of loT and maintain healthcare networks secure against cyber threats. DDN1: Capstone Topic Approval and Release Forms Capstone Topic Approval Form The answer will be to secure the communication of these loT devices with central systems, to make sure their firmware is always up-to-date and finally add real-time monitoring that allows resolving potential breaches.Summary of the Problem: Healthcare organizations like ClearHealth are increasingly adopting loT devices for critical operations. These devices have a lot of potential to enhance patient care and operational efficiency, however they're usually implemented without the proper security controls. loT devices with poor security can be an attractive target for hackers, potentially leading to unauthorized access, operational disruptions, or compromise of sensitive health data. The biggest headache for ClearHealth is dealing with security: it needs to ensure that its loT devices are locked down, always up- to-date and capable of identifying and responding to threats in real time Outline of a Technology-Supported Security Solution: This project aims to develop an automated vulnerability management system for ClearHealth to manage the vulnerabilities of loT devices. The solution will include Real-time monitoring and detection of anomalous behavior to catch any threats towards the connected loT devices. Secure Transmission of data for all 10T devices using encrypted communication framework. An automated patch management system ensures that all 1oT devices are continuously updated with the best available security features. A dashboard that allows the IT security team to oversee the health and status of all IoT devices in the hospital. Context: Explain why the situation or gquestion would benefit from your security solution. Considering the increasing adoption of 10T devices in verticals such as healthcare (Bhambri & Kumar, 2024), manufacturing and smart cities, there is an exponential increase in the potential for cyber-attacks to target intrinsic device vulnerabilities. The building blocks of administration infrastructure control systems like SCADA (Supervisory Control and Data Acquisition) are becoming increasingly connected to more servers, networks and specialized equipment where each can potentially be compromised to leverage a nation or organization's most critical assets such as electricity grid-based power distribution, factory production lines or financial transaction records. By enabling secure boot over a scalable implementation, this solution will allow organizations to protect their loT foundation against unauthorized access with improved operational resilience and safeguard user data. Stakeholders: Identify the project stakeholders. Internal Stakeholders: Chief Information Security Officer (CISO): Oversees the development and enforcement of the cybersecurity framewaork for ClearHealth's 10T devices. IT Security Team: Responsible for the configuration, monitoring, and patch management of l1oT devices. They will deploy the proposed system and manage its operation. Network Engineers: Ensure secure integration of loT devices into the hospital network, including setting up secure communication protocols. Healthcare IT Support Team: Assist with device onboarding, troubleshooting, and support throughout the deployment process. Compliance Officer: Ensures the system adheres to healthcare regulations such as HIPAA. External Stakeholders: IoT Device Manufacturers: Provide firmware updates and collaborate on ensuring devices meet security standards. Third-Party Security Vendors: Supply real-time monitoring software and support patch management systems for the loT devices. operations. Stakeholders: Identify the project stakeholders. Internal Stakeholders: Chief Information Security Officer (CISO): Oversees the development and enforcement of the cybersecurity framework for ClearHealth's loT devices. IT Security Team: Responsible for the configuration, monitoring, and patch management of |oT devices. They will deploy the proposed system and manage its operation. Network Engineers: Ensure secure integration of loT devices into the hospital network, including setting up secure communication protocols. Healthcare IT Support Team: Assist with device onboarding, troubleshooting, and support throughout the deployment process. Compliance Officer: Ensures the system adheres to healthcare regulations such as HIFAA. External Stakeholders: IoT Device Manufacturers: Provide firmware updates and collaborate on ensuring devices meet security standards. Third-Party Security Vendors: Supply real-time monitoring software and support patch management systems for the loT devices. operations. Project Plan: Describe the project plan, scope, goals, and objectives. Scope: This project will develop and deploy a security framework specifically for ClearHealth's loT devices. It will focus on securing devices that handle critical patient care operations, diagnostics, and hospital management @ WesTERN GOVERNORS UNIVERSITY DDN1: Capstone Topic Approval and Release Forms Capstone Topic Approval Form systems. Goals: Secure all loT devices within ClearHealth's network by deploying an automated vulnerability management solution. Implement encryption for secure communication and patch management to protect against attacks. Develop real-time monitoring and anomaly detection to identify potential vulnerabilities or threats. Objectives: Conduct a thorough assessment of the current loT devices in the network. Design and develop an encrypted communication and monitoring system. Deploy the solution across key loT devices in the organization. Measure and evaluate the success of the system in reducing vulnerabilities. Methodology: Outline the project approach. The project will be completed using an iterative approach {Zaluski, Understanding the iterative process method for Project Management 2023) Assessment: A comprehensive review of ClearHealth's current loT infrastructure to identify vulnerabilities. Design and Development: Development of a secure communication protocol and real-time monitoring system. Testing: Conduct testing in a sandbox environment with hospital loT devices. Deployment: Gradual roll-out of the system across the organization's loT network. Evaluation: Measure the solution's success in reducing vulnerabilities and improving security. Implementation Plan: Identify the project phases. Phase 1: Conduct risk assessment and inventory of loT devices. Phase 2: Design secure communication protocol and vulnerability monitoring system. Phase 3: Develop and test patch management and automated update systems. Phase 4: Deploy the system on a small scale for testing. Phase 5: Full roll-out and integration into the hospital's network infrastructure. Phase 6: Post-deployment evaluation and ongoing monitoring. Project Outcomes: List the key anticipated project outcomes and deliverables in 500 words or less. The anticipated outcomes include the development of a comprehensive security framework that protects ClearHealth's loT devices from potential vulnerabilities. The key deliverables will be: = Asecure communication protocol for loT devices. = An automated patch management system. = Real-time vulnerability monitoring and anomaly detection. A dashboard for continuous monitoring of 10T device status and security health. These deliverables will significantly improve the security of ClearHealth's |1oT devices, reducing the risk of unauthorized access or breaches while ensuring compliance with healthcare regulations such as HIPAA. Projected Project End Date: 10/31/2024 Sources: Include a list for all references and citations that support the summaries above and are used in-text and as outside sources. bfbd- B?EBdEjEcSB %40 redls,.l',-";",n",-",." Anand, P., Singh, Y., EEIwuf A, Smgh P. K., Roluca, A. F., & Raboaca, M. 5. (2020). 1oVT: Internet of vulnerable things ? threat architecture, attack surfoces, and vulnerabilities in internet of things and its applications towards smart grids. Energies, 13{18), 4813. doi:https://doi.org/10.3390/en13184813//// Beale, Sara Sun, and Peter Berris. "HACKING THE INTERNET OF THINGS: VULNERABILITIES, DANGERS, AND LEGAL RESPONSES." Duke Law & Technology Review, vol. 16, no. 1, annual 2017, pp. 161+. Gale Academic OneFile