2025_EML Capstone Projects

each option. 2- Risk Assessment Framework was chosen because insider threat detection involves sensitive data and high-stakes security. Risk assessment framework is essential for any type of project that involves sensitive healthcare data. Evaluating risks such as compliance failures, implementation complexities, and operational impact is crucial to prioritizing solutions responsibly. RAF essentially underlines the importance of compliance, financial and operational risks. As I am developing a project that should comply with HIPAA, FISMA as well as involves sensitive personal data, risk assessment plays a critical role in terms of decision-making. Feasibility Analysis: Solution #1: Machine learning-based anomaly detection SWOT analysis: Strengths: This approach has high potential to detect complicated insider threats and has capabilities to position the VA organization for future innovative AI security. This solution also aligns with long-term goals of introducing AI into VA security systems, including detecting normal and abnormal activities in systems. Weaknesses: This solution requires high quality datasets which are quite challenging to obtain in the VA environment. Also, there are risks for generating false positives and overfitting with this approach. Due to its black box nature, it is not easy to explain the decision to auditors. Opportunities: This solution could potentially set the stage for VA to adopt more AI-driven security systems. It provides publishable results in cybersecurity research and elevates the organizational innovation reputation. Threats: It might cause trust issues due to heavily relying on machine learning. Challenges with regulatory scrutiny under HIPAA/FISMA, and leadership would hesitate to trust automated decision-making processes. Risk assessment: Operational risks: Deployment may be delayed due to long model training cycles. There is significant time needed to build, validate and train the model, which could delay scheduled timelines. Compliance risks: As VA has veterans’ personal sensitive data, it is essential to ensure no real data is utilized, instead preferably synthetic datasets can be used with maximum privacy to avoid violations. Audit trails should be required. Financial risks: Moderate due to potential retraining needed and costs for computing resources. Mitigation: Transparency will be maintained with proper documentation and only synthetic datasets will be used throughout the project implementations.

Solution #2: Rule-based behavior scoring system SWOT analysis:

Back to Table of Contents