Identify if these are image files, or document files, and anything else.
Project 1: Global Economic Summit
Start Here
Your team has been given the responsibility of conducting a baseline analysis for establishing a secure communications network for your assigned organization at the summit. The risk assessment process for a baseline analysis requires a multidisciplinary examination of the internal and external cyber environments.
The graded assignment for Project 1 is a Cybersecurity Policy and Baseline Analysis Report, which should be a minimum of 20 pages. There are 16 steps in this project, and it should take about 17 days to complete. This project is longer in duration than others in the course because some of the work you will complete also lays the foundation for work to be completed in Projects 2, 3, and 4. Begin with Step 1, where you will complete preparatory exercises designed to familiarize you with the tools and processes to be used throughout the project.
Transcript
Narrator: You are a cybersecurity professional in the information security branch for a government agency in your assigned location. Today, you received an email from your CISO that directed you and other members of your team to a meeting about a new cybersecurity team assignment. As the meeting is about to start, you leave your office, head to the conference room, and take a seat next to your colleagues. Your CISO is there, standing in the front of the conference room.
CISO: Congratulations! You’ve been assigned to the cyber team for our agency at the Five Eyes (FVEY) global economic summit in the United Kingdom.
The summit will be held at a country club and resort near London. As part of the summit, your team is tasked with setting up and maintaining a secure communications network.
The network will need to be accessible by authorized users via cellular phones, laptops, desktops, and tablets. The network will also need to interface with the primary network servers here at the agency’s headquarters.
Colleague: Are we setting up a joint comms center with other members of Five Eyes?
CISO: No. Each nation will set up its own independent secure comms network. While the partner nations in FVEY do have intelligence sharing and mutual defense agreements, not all data is shared. Some allies in FVEY have occasionally “spied” on other members, hacked secure communications networks, or cut off intelligence sharing due to their own national security concerns, particularly with respect to protection of communications or intelligence collection sources and methods. There have been several incidents of anomalous network activity at our agency of late. Attribution of this activity is unknown. It may or may not be related to the upcoming FYVE summit. The summit begins in four weeks. Before you head off to the summit, however, there is a lot of preparatory work to be done. Get started!
Project 1: Global Economic Summit
Step 1: Complete the Preparatory Exercises
The first step in preparing your team for the summit is to individually complete preparatory lab exercises that will measure your readiness. These exercises are mandatory and will provide some basic review of the tools, techniques, and methods you will be using as you begin this cyber adventure of foreign intrigue at the Global Economic Summit.
You will perform each of the lab exercises and submit results, as well as the results of an electronic assessment, to the dropbox below. These submissions will show the CISO (your instructor) that you possess the fundamental skills for the summit. You will use what you have learned in your prior courses to prepare for your experiences within a cyber domain governed by international cyber law and policy.
Make notes of each step you take and take screenshots of all examination steps. Then, compile the screenshots into a single document and submit the proof of completion.
Complete This Lab
Here are some resources that will help you complete the lab:
Accessing the Virtual Lab Environment: Navigating the Workspace and the Lab Setup
Review the Workspace and Lab Machine Environment Tutorial
Lab Instructions: Preparatory Exercises
Self-Help Guide: Workspace: Getting Started and Troubleshooting
Getting Help: To obtain lab assistance, email [email protected] using the following template in the body of your email.
Your full name:
Your user ID:
Preferred email:
Your course and section number:
Detailed description of the issue that you are experiencing:
Machine type (PC, tablet, mobile device):
OS type and version:
Browser type and version:
Provide any information related to the issue that you are experiencing and attach any screenshot that you may be able to produce related to the issue.
https://vdi.umgc.edu.
Project 1: Global Economic Summit
Step 2: Establish Team Agreement Plan
You’ve completed the preparatory exercises. Now, get started on the tasks that will lead to your final deliverable. For more information about your final deliverable, refer to the following document: Cybersecurity Policy and Baseline Analysis Report Instructions.
The first step is to create the team dynamics you and the other members will need to complete the assignments. As a part of your nation team, an agreement needs to be established in order to work efficiently. Begin by reviewing the team agreement, which includes a suggested schedule for project completion. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When your team has completed the plan, the designated team member should submit it to the dropbox below for review.
Step 3: Research Your Country’s Policies
As a cybersecurity intelligence analyst assigned to your Five Eyes Alliance (FVEY) country’s team, there are several documents you will need to provide. Your team’s first responsibility will be to help other countries in attendance understand the policy framework within which your team will have to operate. Do not assume that all countries apply cybersecurity in the same way or with the same intentions.
The first order of business will be to create a spreadsheet or table that represents a Cyber Policy Matrix of your country’s policies and/or laws that the government has instituted to address cybersecurity management and technology. You may need to conduct additional research on those policies to complete the matrix. Include a cogent explanation of each item listed.
Each team member should create his or her own matrix using the cyber policy matrix template as a guide. In a later step, you will collaborate with your team members on a revision of the matrix and include it in a set of conference materials to be given to your CISO.
Step 4: Determine Bad Actors
Your team has learned about the differences in the cyber culture as well as the laws and regulations that exist for the nations at the summit.
In hopes of finding the source of the anomalous network activity, the host of the summit has provided your team with the IP addresses associated with the anomalous behavior.
These IP addresses are unfamiliar, and you need to find out information about them and about their source. The host of the summit has given these IP addresses to each nation’ s cybersecurity team to analyze and take steps for defense and remediation of their nation team’s infrastructure. No other information is given.
As a team, you will provide an Attribution Report to the host of the summit, determining the bad actors. This two- to three-page report will be part of your Security Baseline Report.
You are familiar with ip2nation.com, and you want to examine the contents of the files, but first you want to determine the source. You need to be sure because any error can have ramifications in international diplomacy. You are also aware of AlienVault Open Threat Exchange and its capabilities for providing attribution for indicators, and additional information on adversaries.
You can use these two systems to help identify the indicator information. You and your team members will analyze the indicators and IP addresses using the systems.
Review the list of IP addresses that have been associated with the anomalous behavior.
Define what criteria you will use to confirm the attribution and determine which website serves to provide greater corroboration. Give reasons for that determination. Determine the effect on trusted relationships among the nations based on the international policy you have researched that governs the nations’ relationships with each other and with your nation team. Take your research seriously and properly cite your sources. Incorporate this information into your report.
This report will be provided by your team as part of the Security Baseline Report.
Step 5: Complete Chain of Custody Form
Each team member should complete a chain of custody form for digital evidence. That evidence from the eDiscovery process should include digital material taken from devices and media, as well from systems and hardware. This form will follow all digital evidence in this project. The chain of custody form will track dates and times, locations, and dispositions of devices that hold digital evidence.
Chain of custody deals with the collection and maintenance of evidence. You will need to use your best judgment in determining items that would be included on the chain of custody form, including hardware devices, storage devices, personal and mobile devices, and other items associated with criminal cyber activity.
In the field of digital forensics, standards may be published by open consortia, closed consortia, government agencies or proprietary, such as tool specific. It is a best practice to conduct an investigation aligned with established standards. Make sure you maintain consistency with all legal systems, allow for the use of a common language, provide durability to cross international boundaries, and instill confidence in the integrity of evidence.
Read more about chain of custody if you are not familiar with this concept.
In the next step, you will share your form with your teammates, combine your teammates’ findings into one form, and include it in a set of conference materials to be given to your CISO.
Step 6: Prepare and Review Preliminary Conference Materials
Each team member should now have completed his or her own policy matrix and the chain of custody form. In this step, you will review your teammates’ materials and collaborate with your team to create one policy matrix and one chain of custody form for your nation.
Use the Discussion area to coordinate and collaborate with your team. Time management is crucial as your team progresses. Be fair with yourself and your team with a plan, schedule, and priorities to set you and your team up for success.
When the team has completed the revised policy matrix and chain of custody form, submit them to your CISO for feedback. Refer to your team agreement to determine who will submit the policy agreement and chain of custody form, and when it will be submitted. Also, share your materials with the other nations within the Discussion area and begin your review of the other nations’ matrices and custody forms.
Step 7: Compare International Security Policies
Now that you and the team members have viewed the conference material submission from all the countries, add a column to the policy matrix for each country represented in the conference. In this column, you and the other members of your team will compare each of their policies to those of your country.
In your comparison, be sure to address the following policy aspects of their submissions:
security and risk management
asset security
communications and network security
security engineering policies
identity and access management policy
data acquisition, preservation, analysis, and transfer
If one or more of the other countries lack a specific policy addressing any of these issues, note that in your updated report.
Step 8: Prepare the Network Security Checklist
You and the rest of the team have come to understand, using information from your research and current events, that there are different levels of sharing and collaboration between nations. There are trade and defense relationships between the nations.
The team now understands the policies that will provide data and communications governance of the network systems at the Global Economic Summit. This governance is also based on the trusted relationships between the nations and defines the access the nations will have to data, as well as the authentication mechanisms they will use in their communications with each other. The network configurations and the communications and data systems configurations will be designed to reflect these trusted relationships.
The policies your team has researched and developed will now be placed into networks, where information assurance concepts will be applied. These policies drive the security requirements of the systems being used. The risks and vulnerabilities on those systems and the security required to address those risks and vulnerabilities should also refer to the content within the cyber policy matrix.
Your team will create a two- to three-page Network Security Checklist that will include the components to be used for multilevel security communications in a multilevel trusted environment.
In your checklist, address the severity of threats from a security and risk management aspect. Remember that in previous documents you have researched policies on a global domain with regards to the relationships between nations. Those relationships have varying trust levels that translate into multilevel security in communications and information sharing, and are implemented technologically through policies for firewalls, public-key infrastructure (significance of public-key infrastructure), systems certification and accreditation, security vulnerability testing, SSL, IPSEC, and VPNs. Your network security checklist will encompass the levels of degrees of restrictions in these security components to defend against threats while allowing for communications and information sharing.
The checklist should include components of networks in software and hardware that will provide secure communications and data transmissions. Incorporate software and hardware components that could be on the network for secure data and communications transmission.
You and the other members of the team must first understand this inventory of your systems before evaluating risks and vulnerabilities. These are the steps prior to producing a baseline analysis of the network architecture of your nation team, and that of the nations you are communicating with at the Global Economic Summit.
You may research network components to include in your Network Security Checklist. This checklist will be used for the System Risk and Vulnerability Assessment and the Network Security Baseline you will compile for your nation team at the Global Economic Summit.
Your team will continue working on your checklist in the next step.
Step 9: Determine the Methodology and Create the Checklist
In this step, your team will continue to develop the security checklist. You and your team members will detail the method used to develop the checklist. While developing your checklist, you should include (but you are not limited to) the following components:
communications and data-sharing policies and the network devices that will be used to implement these policies
firewalls and how the rule sets will be determined
systems certification and accreditation demonstrations as required by network administrators who are hosting the summit
secure communications protocols
digital authentication mechanisms—How will your nation team establish PKI systems and develop public/private key mechanisms as well as digital certificates? Will your nation team have a centralized key storage system? How else will you establish trust between the nations? You do not have to build an encrypted communications system for your nation team, but you should provide your plan for trusted communications in your Network Security Checklist.
SSL and IPSEC protocols
VPNs
As a team, complete the two- to three-page Network Security Checklist.
Step 10: Conduct the System Security Risk and Vulnerability Assessment
Your Network Security Checklist is ready, and in this international domain, you and your team members will now prepare to assess the networks for communication and information sharing that have built-in multilevel security, based on trusted relationships between the different nations.
You have already seen that there are some suspicious behaviors involving the nations. The modes and methods of those behaviors vary, and the attack vectors are just as diverse. The attendees at the Global Economic Summit use different technologies for communications, and a cyber intelligence analyst must demonstrate an understanding of the threats to those devices. To that end, your team will collaborate in developing a System Security Risk and Vulnerability Report.
This report refers to the Network Security Checklist and to the policies you have created and researched that define the levels and ways of communication and data transmission between the nation teams.
Now that your team has provided the foundational network and policy information for your nation communications systems, you and your team members will identify the threats, risks, and vulnerabilities to those systems. Your team will determine the effect on your nation team and the other teams if those risks and threats are exploited. Your team will provide what means should be available to address the threats from a risk management perspective.
The report, which you will continue to develop in the next step, should accomplish the following:
List the different threats to authentication and credentials.
Explain how social engineering can be a threat to credentials as well as the defenses against social engineering. How can social engineering be used to access email?
Explain the concept and use of public-key infrastructure and digital signatures (significance of public-key infrastructure) and how it is used to protect access to networks, ensure nonrepudiation of transmissions, and preserve the confidentiality of information sharing.
Describe “leapfrogging” across networks and what it means for the multiple networks. What is escalation in the cyberattack phase?
The material in the report can come from research of current events or from your experience.
Explain the ways you and the team members can perform remediation and mitigation against the threats you have identified. What are some of the countermeasures that can be used? Include these explanations in your System Security Risk and Vulnerability Report.
In the next step, you and team members will use these findings to write a system security risk and vulnerability assessment report.
Step 11: Write the System Security Risk and Vulnerability Report
You and your team members have gathered the information required for a two- to three-page System Security Risk and Vulnerability Report. Include the attack vectors to the nation system in the report. This report should comply with information assurance standards, practices, and procedures covered in the policies outlined in the policy matrix. This collected information is that needed in the baseline of your system and should be used to provide a security baseline report.
Step 12: Analyze the Security Baseline of the Global Economic Summit
Take Note
This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each other’s expertise in the subject area of the exercise. Include the results in your team’s Security Baseline Report.
Your team’s analysis of the policy matrix will allow team members to create an overview of the methods used to provide a Security Baseline Report of the organization and the need for evolving summit communications.
Your team’s baseline analysis should also include an evaluation of network forensics information such as traffic analysis and intrusion analysis, as well as the type of information needed for any future forensics investigations. The team’s evaluation of information needs for network forensics could include what is needed to support security software and hardware across multiple platforms, multiple applications, and multiple architectures to communicate with the other nations. All teams will do this by using security baseline tools to build an audit file and then scan their systems. The systems should be hardened based on the policies, procedures, and standards to ensure desired levels of enterprise-wide information assurance requirements developed by the Global Economic Summit.
In the Security Baseline Report, which also includes the Attribution Report, Network Security Checklist, and the System Security Risk and Vulnerabilities Report, your team will use scanning and auditing functions to determine the baseline security posture of your nation team system and those of the other nation teams.
As you perform your baseline, address the following tasks:
Define the components you are searching for in this baseline determination and what you would do in light of possible disasters.
Include the systems-level diagram of how your nation team is configured, which can be obtained from your lab documentation.
How would you recover information assets, and how would you ensure integrity of data if such a situation were to take place?
What are the steps to producing the scan and audit report? What are the communication ports to be used or closed during operation during the Global Economic Summit?
Conduct packet sniffing with Wireshark and explain how this analysis can be used to identify and exploit vulnerabilities.
How will you maintain a baseline of registers and images of data? How would you ensure integrity of these components over time?
What are different ways to implement security controls to a system after the security posture has been defined, in order to meet the policy requirements?
What are the missing security configurations or security updates, if any? Report on how these should be addressed to fortify the security posture of the nation system.
In your scanning, can you determine if there are missing security updates on target computers based on your access? If so, what were they, and what tool did you use for this scan? Is there security from/to the IP network to/from the PSTN caller? You will be given decryption information, and then you will determine what are the data types in transit. Identify if these are image files, or document files, and anything else.
Your team will provide all artifacts from the baseline scanning exercise and refer to them in the security baseline analysis report.
Additionally, you should assess (compare) security issues during the scans and provide issues created by social engineering. You should cover the following testing while implementing network infrastructure contingency and recovery plans in your comparison:
damage assessments
types of vulnerabilities and associated attacks
distributed computing model
information assurance (IA) principles
digital certificates
digital signatures (significance of public-key infrastructure)
These will be provided in the Security Baseline Report. Remember to discuss your findings with your team members while you take part in the lab.
Take screenshots of your completed exercises. Then, compile your screenshots into a single document to include in your Security Baseline Report.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.