Order Number |
8775665673445A |
Type of Project |
ESSAY |
Writer Level |
PHD VERIFIED |
Format |
APA |
Academic Sources |
10 |
Page Count |
3-12 PAGES |
Despite all of the work that a cyber management team may do with respect to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities.
The graded deliverable for Project 2 is a packaged deliverable to the CISO of the risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:
Cybersecurity Risk Assessment including Vulnerability Matrix
Incident Response Plan
Service-Level Agreement
FVEY Indicator Sharing Report
Final Forensic Report
The project should take about 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan.
The US reports exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify who was the bad actor.
Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: “I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it.”
You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could result in buffer overflows or other vulnerabilities such as denial of service. Each nation’s server is at risk.
“The report shows that the pattern of network traffic is anomalous,” says the CISO. “And the point of origin is internal. Someone at the summit is involved in this.”
Given the nature of the summit, participants understand that all nations are allied and have a common goal. “None of the FVEY members would have done this,” says a colleague. “It’s got to be the Russians or the Chinese. Friends don’t read each other’s mail.”
The CISO says, “No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies.”
Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.
Your CISO continues. “Let’s get to the bottom of this. We’re all familiar with DDoS attacks; do you think that’s what we’re dealing with here? Or do you think there’s more? Use our packet sniffing tools to analyze the network traffic.
Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event.”
“Our systems went down due to this DDoS. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.
“Remember, no one is above suspicion—not even our allies. Got it?”
Everyone nods in agreement. The CISO says, “Good. Now get to work. I’m going to try to go back to sleep for a few hours.”
COMPETENCIES
Your work will be evaluated using the competencies listed below.
2.2: Locate and access sufficient information to investigate the issue or problem.
4.4: Demonstrate diversity and inclusiveness in a team setting.
5.3: Support policy decisions with the application of specific cybersecurity technologies and standards.
8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court.
8.2: Incorporate international issues including culture and foreign language to plans for investigations.
5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations.
6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity.
My Areas of the project
For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems
(operating systems fundamentals, operating system protections), telecommunications (Internet Governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.
Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.
In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion and the identity of the hackers and actors who employ the attack vectors noted.
You’ve discussed attack vector and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors.
Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list.
This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team member should submit the analysis to the drop box below.
Submission for Group 4: Project 2: Attack Vector and Attribution Analysis
2.
It’s time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident.
All the actions will start from the security baseline analysis, which has been defined for all the nations’ network topologies at the summit, using a network security baseline analyzer.
Your nation team will work together to develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project.
Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include:
roles and responsibilities
phases of incident response
scenario: provide an incident response plan in the case of distributed denial-of-service (DDoS) attacks, specifically the case of loss of communications
activities, authorities pertaining to roles and responsibilities
triggering conditions for actions
triggering conditions for closure
reports and products throughout the incident response activity
tools, techniques, and technologies
communications paths and parties involved
coordination paths and parties involved
external partners and stakeholders, and their place in the coordination and communication paths
security controls and tracking
recovery objectives and priorities
Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams.
The CIOs have provided information on the anomalous activity. Enter Workspace to obtain the lab materials describing the network traffic activity.
After obtaining and reviewing the lab materials, collaborate with your nation team to decide the next course of action as determined by the eight- to 10-page Incident Response Plan you’ve been developing. Include an analysis of the lab materials, describing your findings. Provide this information with your Incident Response Plan, which is one of three final deliverables in this project.
Once your team has completed the response plan, a designated team member should submit it for review and feedback. The Incident Response Plan is one of your three final deliverables, which you will submit for feedback as a group, then for individual assessment at the end of the project.
Submission for Group 4: Project 2: Incident Response Plan
My Areas of the project
For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems
(operating systems fundamentals, operating system protections), telecommunications (Internet Governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.
Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.
In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion and the identity of the hackers and actors who employ the attack vectors noted.
You’ve discussed attack vector and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors.
Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list.
This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team member should submit the analysis to the drop box below.
Submission for Group 4: Project 2: Attack Vector and Attribution Analysis
2.
It’s time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident.
It includes a plan for file recovery and remediation from an incident. All the actions will start from the security baseline analysis, which has been defined for all the nations’ network topologies at the summit, using a network security baseline analyzer.
Your nation team will work together to develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project.
Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include:
roles and responsibilities
phases of incident response
scenario: provide an incident response plan in the case of distributed denial-of-service (DDoS) attacks, specifically the case of loss of communications
activities, authorities pertaining to roles and responsibilities
triggering conditions for actions
triggering conditions for closure
reports and products throughout the incident response activity
tools, techniques, and technologies
communications paths and parties involved
coordination paths and parties involved
external partners and stakeholders, and their place in the coordination and communication paths
security controls and tracking
recovery objectives and priorities
Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams.
The CIOs have provided information on the anomalous activity. Enter Workspace to obtain the lab materials describing the network traffic activity.
After obtaining and reviewing the lab materials, collaborate with your nation team to decide the next course of action as determined by the eight- to 10-page Incident Response Plan you’ve been developing. Include an analysis of the lab materials, describing your findings. Provide this information with your Incident Response Plan, which is one of three final deliverables in this project.
Once your team has completed the response plan, a designated team member should submit it for review and feedback. The Incident Response Plan is one of your three final deliverables, which you will submit for feedback as a group, then for individual assessment at the end of the project.
Submission for Group 4: Project 2: Incident Response Plan