Order ID | 53563633773 |
Type | Essay |
Writer Level | Masters |
Style | APA |
Sources/References | 4 |
Perfect Number of Pages to Order | 5-10 Pages |
Cybersecurity Risk Assessment and Management Term Paper
Cybersecurity, Risk, Assessment, Management, Term, Paper
Despite all of the work that a cyber management team may do with respect to systems
design, network security protocols, hardware and software maintenance, training,
policies, implementation, maintenance, and monitoring, breaches can and do occur. In
this project, you will work with a team of other cyber professionals to analyze and
respond to anomalous network activities.
The graded deliverable for Project 2 is a packaged deliverable to the CISO of the risk
and network intrusion, to be completed as a team. The deliverable to the CISO will
include the following five parts:
Cybersecurity Risk Assessment including Vulnerability Matrix
Incident Response Plan
Service-Level Agreement
FVEY Indicator Sharing Report
Final Forensic Report
The project should take about 15 days to complete. After reading the scenario below,
proceed to Step 1, where you will establish your team agreement plan.
The US reports exfiltration has been detected in the IDS (intrusion detection system). All
nations will perform forensic analysis and collect corroborating information to identify
who was the bad actor.
Prior to the summit, your nation team was tasked with setting up its own independent
secure comms network. Now, at 3 a.m., just hours before the summit begins, you
receive a text message from your CISO that reads: "I need to meet with the team
immediately about an urgent matter. Please come to the conference room next to my
hotel room now so we can discuss it."
You quickly dress and head to the conference room. When you arrive, she breaks the
news to your team: The nation hosting the summit has detected exfiltration in its IDS
(intrusion detection system). It is likely that this pattern of network traffic could result in
buffer overflows or other vulnerabilities such as denial of service. Each nation's server is
at risk.
"The report shows that the pattern of network traffic is anomalous," says the CISO. "And
the point of origin is internal. Someone at the summit is involved in this."
Given the nature of the summit, participants understand that all nations are allied and
have a common goal. "None of the FVEY members would have done this," says a
colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's
mail."
The CISO says, "No one is above suspicion here. Our FVEY partners have been known
to both collect intelligence and seek to embarrass other partners when it suited their
strategic needs. It could have been anyone. Until we know for sure, though, we will
continue to regard them as allies."
Leaders of the nations at the summit agree they all need to perform forensic analysis on
their respective systems to identify the bad actor.
Your CISO continues. "Let's get to the bottom of this. We’re all familiar with DDoS
attacks; do you think that's what we're dealing with here? Or do you think there's more?
Use our packet sniffing tools to analyze the network traffic.
Additionally, we need to identify attack vectors and attributes. Give me any information
you can find on the tools, techniques, and the identity of this bad actor. Also, establish
an incident response plan that we can use in case of another cyber event."
"Our systems went down due to this DDoS. We need to examine the service-level
agreement to see what it will take to get the summit back up and running. After our
analysis, we need to quickly let our allies know how to protect their networks through an
indicator sharing report.
"Remember, no one is above suspicion—not even our allies. Got it?"
Everyone nods in agreement. The CISO says, "Good. Now get to work. I'm going to try
to go back to sleep for a few hours."
COMPETENCIES
Your work will be evaluated using the competencies listed below.
2.2: Locate and access sufficient information to investigate the issue or problem.
4.4: Demonstrate diversity and inclusiveness in a team setting.
5.3: Support policy decisions with the application of specific cybersecurity technologies
and standards.
8.1: Employ ethics when planning and conducting forensic investigations, and when
testifying in court.
8.2: Incorporate international issues including culture and foreign language to plans for
investigations.
5.8: Apply procedures, practices, and technologies for protecting web servers, web
users, and their surrounding organizations.
6.1: Knowledge of methods and procedures to protect information systems and data by
ensuring their availability, authentication, confidentiality, and integrity.
My Areas of the project
1. You and your nation state have just suffered an intrusion attack. As a cybersecurity
professional, one of the first steps is to identify potential attack vectors.
For each known cybersecurity vulnerability and known threats (addressing cybersecurity
threats through risk management, international cybersecurity approaches, you and your
team members need to identify attack vectors via information systems
hardware, information systems software, operating systems
(operating systems fundamentals, operating system protections), telecommunications
(Internet Governance), and human factors (intrusion motives/hacker psychology). Then,
you must determine if any attribution is known for the threat actor most likely involved in
exploiting each weakness.
Review the materials on attack vectors if a refresher is needed. Once you've identified
the attack vectors in this step, you will be able to participate in the next step, in which
you will discuss your findings with colleagues and compare the findings with their
analyses.
In light of your research in the last step, you will now use your group’s discussion board
to share your thoughts with other members of your nation team. Review the findings of
classmates in your group, noting points of agreement or disagreement, asking critical
questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who
employ the attack vectors previously discussed by your group. This step provides a
variety of options and perspectives for your group to consider when drafting the Attack
Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known attribution, which will
help you to discern the motivation for intrusion and the identity of the hackers and actors
who employ the attack vectors noted.
You've discussed attack vector and attribution with your nation state team members. In
this step, your group will prepare an Attack Vector and Attribution Analysis of your
group's findings in the previous steps. The analysis should first identify all
possible attack vectors via hardware, software, operating systems, telecommunications,
and human factors.
Next, you should discuss whether attribution is known for the threat actor (hackers and
actors) likely involved in exploiting each weakness. Integrate supporting research via in-
text citations and a reference list.
This analysis will play a key role in the development of a Vulnerability Assessment
Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team
member should submit the analysis to the drop box below.
Submission for Group 4: Project 2: Attack Vector and Attribution Analysis
2.
It's time to begin work on the next phase of the final analysis of the intrusion, which will
include an incident response plan. Such a plan provides a method for containing the
impact from a cybersecurity incident. It includes a plan for file
recovery and remediation from an incident.
All the actions will start from the security baseline analysis, which has been defined for
all the nations' network topologies at the summit, using a network security baseline
analyzer.
Your nation team will work together to develop an eight- to 10-page Incident Response
Plan to use in the event of a cyber incident. This is one of your three final deliverables,
which you will submit for feedback as a group, and then for individual assessment at the
end of the project.
Begin your first half of the plan by focusing on the environmental conditions and
coordination mechanisms. Include:
roles and responsibilities
phases of incident response
scenario: provide an incident response plan in the case of distributed denial-of-service
(DDoS) attacks, specifically the case of loss of communications
activities, authorities pertaining to roles and responsibilities
triggering conditions for actions
triggering conditions for closure
reports and products throughout the incident response activity
tools, techniques, and technologies
communications paths and parties involved
coordination paths and parties involved
external partners and stakeholders, and their place in the coordination and
communication paths
security controls and tracking
recovery objectives and priorities
Your team will continue working on the incident response plan in the next step. You will
consider the processes of an active response.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
The intrusion activity apparently is not over yet. The CIOs of the nations are still
detecting high-volume traffic on their networks. Almost as soon as there is a surge in
activity, network functions and websites immediately become nonoperational.
Communications are also affected between the nation teams.
The CIOs have provided information on the anomalous activity. Enter Workspace to
obtain the lab materials describing the network traffic activity.
After obtaining and reviewing the lab materials, collaborate with your nation team to
decide the next course of action as determined by the eight- to 10-page Incident
Response Plan you've been developing. Include an analysis of the lab materials,
describing your findings. Provide this information with your Incident Response Plan,
which is one of three final deliverables in this project.
Once your team has completed the response plan, a designated team member should
submit it for review and feedback. The Incident Response Plan is one of your three final
deliverables, which you will submit for feedback as a group, then for individual
assessment at the end of the project.
Submission for Group 4: Project 2: Incident Response Plan
My Areas of the project
1. You and your nation state have just suffered an intrusion attack. As a cybersecurity
professional, one of the first steps is to identify potential attack vectors.
For each known cybersecurity vulnerability and known threats (addressing cybersecurity
threats through risk management, international cybersecurity approaches, you and your
team members need to identify attack vectors via information systems
hardware, information systems software, operating systems
(operating systems fundamentals, operating system protections), telecommunications
(Internet Governance), and human factors (intrusion motives/hacker psychology). Then,
you must determine if any attribution is known for the threat actor most likely involved in
exploiting each weakness.
Review the materials on attack vectors if a refresher is needed. Once you've identified
the attack vectors in this step, you will be able to participate in the next step, in which
you will discuss your findings with colleagues and compare the findings with their
analyses.
In light of your research in the last step, you will now use your group’s discussion board
to share your thoughts with other members of your nation team. Review the findings of
classmates in your group, noting points of agreement or disagreement, asking critical
questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who
employ the attack vectors previously discussed by your group. This step provides a
variety of options and perspectives for your group to consider when drafting the Attack
Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known attribution, which will
help you to discern the motivation for intrusion and the identity of the hackers and actors
who employ the attack vectors noted.
You've discussed attack vector and attribution with your nation state team members. In
this step, your group will prepare an Attack Vector and Attribution Analysis of your
group's findings in the previous steps. The analysis should first identify all
possible attack vectors via hardware, software, operating systems, telecommunications,
and human factors.
Next, you should discuss whether attribution is known for the threat actor (hackers and
actors) likely involved in exploiting each weakness. Integrate supporting research via in-
text citations and a reference list.
This analysis will play a key role in the development of a Vulnerability Assessment
Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team
member should submit the analysis to the drop box below.
Submission for Group 4: Project 2: Attack Vector and Attribution Analysis
2.
It's time to begin work on the next phase of the final analysis of the intrusion, which will
include an incident response plan. Such a plan provides a method for containing the
impact from a cybersecurity incident.
It includes a plan for file recovery and remediation from an incident. All the actions will
start from the security baseline analysis, which has been defined for all the nations'
network topologies at the summit, using a network security baseline analyzer.
Your nation team will work together to develop an eight- to 10-page Incident Response
Plan to use in the event of a cyber incident. This is one of your three final deliverables,
which you will submit for feedback as a group, and then for individual assessment at the
end of the project.
Begin your first half of the plan by focusing on the environmental conditions and
coordination mechanisms. Include:
roles and responsibilities
phases of incident response
scenario: provide an incident response plan in the case of distributed denial-of-service
(DDoS) attacks, specifically the case of loss of communications
activities, authorities pertaining to roles and responsibilities
triggering conditions for actions
triggering conditions for closure
reports and products throughout the incident response activity
tools, techniques, and technologies
communications paths and parties involved
coordination paths and parties involved
external partners and stakeholders, and their place in the coordination and
communication paths
security controls and tracking
recovery objectives and priorities
Your team will continue working on the incident response plan in the next step. You will
consider the processes of an active response.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
Your team in this step will continue developing the Incident Response Plan. The second
half of your report will focus on events and processes of your active response plan.
Include the following:
incident response checklist. Refer to the NIST Computer Security Incident Handling
Guide for an example.
data protection mechanisms
integrity controls (system integrity checks) after recovery
a plan to investigate the network behavior and a threat bulletin that explains this activity
defined triggering mechanisms for continuing alerts and notifications throughout the
cyber incident
additional aspects of the incident response plan necessary to contain a cyber incident
on the international domain
diagrams of swim lanes of authorities, activities and process flows, coordination and
communication paths. Review the Swim Lane Template to familiarize yourself with the
concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response
plan is critical in outlining your activities during a cyberattack as well as providing
direction for recovery.
The intrusion activity apparently is not over yet. The CIOs of the nations are still
detecting high-volume traffic on their networks. Almost as soon as there is a surge in
activity, network functions and websites immediately become nonoperational.
Communications are also affected between the nation teams.
The CIOs have provided information on the anomalous activity. Enter Workspace to
obtain the lab materials describing the network traffic activity.
After obtaining and reviewing the lab materials, collaborate with your nation team to
decide the next course of action as determined by the eight- to 10-page Incident
Response Plan you've been developing. Include an analysis of the lab materials,
describing your findings. Provide this information with your Incident Response Plan,
which is one of three final deliverables in this project.
Once your team has completed the response plan, a designated team member should
submit it for review and feedback. The Incident Response Plan is one of your three final
deliverables, which you will submit for feedback as a group, then for individual
assessment at the end of the project.
Submission for Group 4: Project 2: Incident Response Plan
|
||||||||||||||||||||||||||||||||
GET THIS PROJECT NOW BY CLICKING ON THIS LINK TO PLACE THE ORDERCLICK ON THE LINK HERE: https://www.perfectacademic.com/orders/ordernowAlso, you can place the order at www.collegepaper.us/orders/ordernow / www.phdwriters.us/orders/ordernow |
||||||||||||||||||||||||||||||||
|