220 likes | 229 Views
Project 1<br>Step 1: Conduct a Security Analysis Baseline<br>In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment<br>
E N D
CST 630 Project 1Risk, Threat, and Vulnerability Management For more classes visit www.snaptutorial.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: a. Security requirements and goals for the preliminary security baseline activity. b. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.
c. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: a. What are the security risks and concerns? b. What are ways to get real-time understanding of the security posture at any time? c. How regularly should the security of the enterprise network be tested, and what type of tests should be used? d. What are the processes in play, or to be established to respond to an incident? e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. d. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. e. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? f. Operating systems, servers, network management systems. a. data in transit vulnerabilities 1. endpoint access vulnerabilities 2. external storage vulnerabilities 3. virtual private network vulnerabilities 4. media access control vulnerabilities 5. ethernet vulnerabilities
b. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include: a. remediation b. mitigation c. countermeasure d. recovery Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information
systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing). Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE). Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization. To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network. You will do this
within your lab Workspace. The workspace instructions will provide many of the details, but in the simulation, you will launch a sandbox type of virtual machine (VM), report your findings and actual screen captures of the behaviors you see as a result of the tests, and include these in the SAR. Your assessments within the lab will be reported in the SAR. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 1 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. After finding the security issues within the network, define which control families from the NIST 800-53 are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidence, and then provide suggestions on improving the security posture of these violations. This section should make up at least four of the 12 pages in the overall report. After you've completed the penetration testing, move to the next step, where you will compile a risk management cost benefit analysis. Step 5: Complete a Risk Management Cost Benefit Analysis You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls. When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that
you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR. Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediation, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows: 1. Executive briefing: A three- to five-slide visual presentation for business executives and board members. 2. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations. 3. Lab report: A document sharing your lab experience and providing screenshots to demonstrate that you performed the lab. Attach it to the SAR as an artifact. Submit all three components to the assignment folder. ************************************************ CST 630 Project 2 Incident Response For more classes visit
www.snaptutorial.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network. Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Click the following link to learn more about security management: Security Management. In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR. Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device. How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR. Step 3: Develop a Continuous Improvement Plan Now that you've completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace. You receive a memo for continuous improvement in the wireless network of your company, and you are asked to provide a report on the wireless network used in your company. You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks, for education purposes. Include the pros and cons of each type of wireless network, as well as WPA2.
Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company. Include your responses as part of the CIR with the title "Continuous Improvement Plan." In the next step, you will look at yet another workplace scenario, and you will use that incident to show management how remote configuration management works. Step 4: Develop Remote Configuration Management You've completed the continuous improvement plan portion of the CIR. Now, it's time to show how your company has implemented remote configuration management. Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company's network. Then, consider the following scenario: An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee's device. How would you show proof that the device was removed? Include your responses as part of the CIR with the title "Remote Configuration Management." In the next step, you will illustrate how you investigate possible employee misconduct. Step 5: Investigate Employee Misconduct In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been given a report that an employee has recorded logins during unofficial duty hours. The
employee has set up access through an ad-hoc wireless network. Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company. How could this network contribute to the company infrastructure and how would you protect against those threats? Use notional information or actual case data and discuss. Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? How would you validate that the user is working outside of business hours? Include your responses as part of the CIR with the title "Employee Misconduct." In the next step, you will use lab tools to analyze wireless traffic. Step 6: Analyze Wireless Traffic You've completed several steps that you will use to present your CIR. In this step, as part of a virtual lab, you will analyze wireless traffic. You are given access to precaptured files of wireless traffic on the company network. This is another way to monitor employee behavior and detect any malicious behavior, intentional or even unintentional. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the Lab Setup.
Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. Include your responses from the lab as part of the CIR with the title "Wireless Traffic Analysis." Step 7: Prepare the Cybersecurity Incident Report, Executive Briefing, and Executive Summary You've completed all of the individual steps for your cybersecurity incident report. It's time to combine the reports you completed in the previous steps into a single CIR. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your CIR. 3. Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three documents to the assignment folder. Deliverables: Cybersecurity Incident Report (CIR), Slides to Support Executive Briefing Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9 ************************************************ CST 630 Project 3 Enterprise Network Security
For more classes visit www.snaptutorial.com Project 3 Step 1: Conduct a Policy Gap Analysis As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind: Are companies going through an M&A prone to more attacks or more focused attacks? If so, what is the appropriate course of action? Should the M&A activities be kept confidential? Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed. Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions: How would you identify the differences? How would you learn about the relevant laws and regulations?
How would you ensure compliance with those laws and regulations? The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data. Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change. In the next step, you will review the streaming protocols that the companies are using. Step 2: Review Protocols for Streaming Services After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real- Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP). Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A. In other words: 1. You need to identify what streaming the companies are doing and the specific technology they are leveraging. 2. What are the technical vulnerabilities associated with the protocols involved?
3. Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)? 4. What residual risk to the target company's assets and IP remain? 5. Would those risks extend to the current (takeover) company after the merger? a. Would that be bad enough to cancel the M&A? 6. If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk? 7. What are the costs associated to the target company (implementing the appropriate mitigation)? If the takeover firm has to take additional measures, identify those costs as well. After assessing and reviewing the streaming protocols, move to the next step, where you will assess the infrastructure of the merged network. Step 3: Assess the Merged Network Infrastructure You’ve just reviewed the streaming services of the companies, and now you will assess the infrastructure of the new network. The networks of the two companies could be configured differently, or they could use the same hardware and software, or completely different hardware and software. The purpose of this section is to understand what tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network. Explain what tactics, techniques, and procedures you would use to understand the network. You should identify firewalls, DMZ(s), other network systems, and the status of those devices. When your assessment of the infrastructure is complete, move to the next step, where you will assess any existing policies for wireless and bring your own device (BYOD) within the companies. Step 4: Review the Wireless and BYOD Policies
Within Project 2, you learned about and discussed wireless networks. An M&A provides an opportunity for both companies to review their wireless networks. Within your report, explain the media company's current stance on wireless devices and BYOD. However, the company that is being acquired does not have a BYOD policy. Explain to the managers of the acquisition what needs to be done for the new company to meet the goals of the BYOD policy. When the review of the wireless and BYOD policies is complete, move to the next step: developing a data protection plan. Step 5: Develop a Data Protection Plan You’ve completed the review of the wireless and BYOD policies. In this step, you will develop the recommendations portion of your report in which you will suggest additional mechanisms for data protection at different levels of the acquired company’s architecture. Include the benefits, implementation activities required for protection and defense measures such as full disk encryption, BitLocker, and platform identity keys. You also want to convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support. Describe what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Include this in the report and whether the merging company has this. In the next step, you will assess any risks with the supply chain of the acquired company. Step 6: Review Supply Chain Risk The data protection plan is ready. In this step, you will take a look at risks to the supply chain. Acquiring a new company also means inheriting the risks associated with its supply chain and those firm's systems and technologies. Include supply chain risks and list the security measures in place to mitigate those risks. Use the NIST Special
Publication 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations to explain the areas that need to be addressed. After your supply chain review is complete, move to the next step, where you will create a vulnerability management program. Step 7: Build a Vulnerability Management Program After your supply chain review, you conduct an interview with the company's current cybersecurity team about vulnerability management. The team members explain to you that they never scanned or had the time to build a vulnerability management program. So, you need to build one. Use NIST Special Publication 800-40 Guide to Enterprise Patch Management Technologies to develop a program to meet the missing need. Explain to the managers how to implement this change, why it is needed, and any costs involved. The next step is a key one that should not be overlooked -- the need to educate users from both companies of the changes being made Step 8: Educate Users You’ve completed your vulnerability management program, but it’s important to educate all the users of the network about the changes. During the process of acquiring a company, policies, processes, and other aspects are often updated. The last step in the process is to inform the users for the new and old company of the changes. Within your report, explain to the acquisition managers the requirements for training the workforce. When you’ve completed this step, move to the final section of this project, in which you will prepare and submit your final report. Step 9: Prepare and Submit Your Report, Executive Briefing, and Executive Summary
You’re ready now for the final step, in which you will compile and deliver the Cybersecurity for a Successful Acquisition report for the company leaders to enable them to understand the required cybersecurity strategy. Again, keep in mind that companies undergoing an acquisition or merger are more prone to cyberattacks. The purpose of this paper is to analyze the security posture of both companies and to develop a plan to reduce the possibility of an attack. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your report. 3. Cybersecurity System Security Report for Successful Acquisition: Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three components to the assignment folder. Deliverables: Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing ************************************************ CST 630 Project 4Secure Videoconferencing Communications
For more classes visit www.snaptutorial.com Project 4 Step 1: Develop Functional Requirements for Videoconferencing The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will nee based on its geographic dispersion and business needs. In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements. The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions. Step 2: Discuss Implementation Challenges In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems. Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems. The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer
look at the track records of each of the potential videoconferencing vendors. Step 3: Identify Vendor Risks You've finished outlining the pros and cons of three videoconferencing systems. Now, it'S time to take a close look at how they serve their clients. This will take some research. Look at the systems' known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure. This step will be a section of your Proposal for Secure Videoconferencing. In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management Step 4: Develop Best Practices for Secure Videoconferencing The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company's videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping. This "best practices" section will be part of the overall Proposal for Secure Videoconferencing. In the next step, you will develop system integrity checks within a virtual lab environment.
Step 5: Develop System Integrity Checks As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files. The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the lab Setup. Click here to access the Project Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/). This will be a section of your Proposal for Secure Videoconferencing. Now, you are ready for the final step, which will be to put all of the components of the proposal together for management. Remember, your task is to recommend the best videoconferencing system for the company. Part of that proposal includes a set of high-level executive briefing slides. Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study.
The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing. 3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 4. Lab report: Generated from Workspace. Submit all four components to the assignment folder. ************************************************ CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) For more classes visit www.snaptutorial.com
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) ************************************************