SlideShare a Scribd company logo

Deliverables Step-12 SLA 3-5 pages

Download as DOCX, PDF
L
LinaCovington707

Deliverables: Step-12 SLA 3-5 pages Project 2: Nations Behaving Badly Start Here Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities. The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:  1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan. The US reports data exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor.  Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: "I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it."  You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation's server is at risk.  "The report shows that the pattern of network traffic is anomalous," says the CISO. "And the point of origin is internal. Someone at the summit is involved in this."  Given the nature of the summit, participants understand that all nations have a common goal. "None of the FVEY members would have done this," says a colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's mail."  The CISO says, "No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies."  Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.  Your CISO continues. "Let's get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that's part of what we're dealing with here? Or do you think there's more? Use our packet sniffing tools to a ...

Education
1 of 16
Deliverables: Step-12 SLA 3-5 pages Project 2: Nations Behaving Badly Start Here Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities. The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan. The US reports data exfiltration has been detected in the IDS
(intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor. Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: "I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it." You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation's server is at risk. "The report shows that the pattern of network traffic is anomalous," says the CISO. "And the point of origin is internal . Someone at the summit is involved in this." Given the nature of the summit, participants understand that all nations have a common goal. "None of the FVEY members would have done this," says a colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's mail." The CISO says, "No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies." Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor. Your CISO continues. "Let's get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that's part of what we're dealing with here? Or do you think there's more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors
and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event." "Our systems went down due to this attack. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report. "Remember, no one is above suspicion—not even our allies. Got it?" Everyone nods in agreement. The CISO says, "Good. Now get to work. I'm going to try to go back to sleep for a few hours." When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. Competencies Your work will be evaluated using the competencies listed below. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Step 1 As a part of your nation(Canada) team, an agreement needs to
be established in order to work efficiently on each project. Begin by revisiting your current team agreement document, which includes a suggested schedule for project completion. Update your team agreement with roles and assignments for this project. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When you have completed the plan, resubmit it for review in the dropbox below. Step 2Project 2: Nations Behaving Badly Step 2: Identify Attack Vectors You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems (operating system fundamentals, operating system protections), telecommunications (internet governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness. Review the materials on attack vectors if a refresher is needed. Once you've identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses. Step 3Project 2: Nations Behaving Badly Step 3: Discuss Attack Vectors and Known Attribution In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step. This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion as well as the identity of the hackers and actors who employ the attack vectors noted. Support Your Findings Support your comments with evidence from your research. Remember, the intent is to help your fellow team members with critical questions, suggestions, and improvement in a respectful and honest manner. Step 4Project 2: Nations Behaving Badly Step 4: Analyze Attack Vectors and Known Attribution You've discussed attack vectors and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group's findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. Step 5Project 2: Nations Behaving Badly Step 5: Develop the Vulnerability Assessment Matrix With the Attack Vector and Attribution Analysis complete, in this step your nation team will assess the impact of identified threats and prioritize the allocation of resources to mitigate or prevent risks. As a group, you will collaborate to develop and
submit one Vulnerability Assessment Matrix for your nation. This spreadsheet includes the following: · characterization of current and emerging vulnerabilities and threats (cybersecurity vulnerability) · identification of the attack vector(s) employed · your assessment (high, medium, or low) of the impact the vulnerability could have on your organization Submit your team's matrix for feedback. This matrix will be included in the final project deliverable, the Cybersecurity Risk Assessment. In the next step, you and your nation team members will conduct research on best practices and countermeasures for the kind of attack your nation team sustained at the summit. Step 6 Project 2: Nations Behaving Badly Step 6: Research Industry Best Practices and Countermeasures At this point, you and your team members have analyzed attack vectors and used your research to construct a vulnerability assessment matrix. The next step in the process of analyzing the intrusion is to look at common practices and countermeasures that can be used for the type of attack your team incurred at the summit. In this step, you and your team members will perform research on current best practices for authentication, authorization, and access control methods. You will also research possible countermeasures and cyber offense strategies that may be available. Review the materials on countermeasures and cyber offensives/warfare if needed. This research will help you make recommendations in the cybersecurity risk assessment, which you develop in the next step. Approach your research with transparency to support trust among your team. Review these resources on risk assessment and risk assessment approaches to prepare for the next step. The following links will provide you with resources on industry standards and best practices: · Security Operations · Software Development Security
· Security Assessment and Testing · Security Engineering Step 7Project 2: Nations Behaving Badly Step 7: Develop the Cybersecurity Risk Assessment In this step, your team will prepare the Cybersecurity Risk Assessment in the form of a PowerPoint presentation. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. The presentation should identify current measures for authentication, authorization, and access control, and clearly explain weaknesses in your organization's security (to include people, technology, and policy) that could result in successful exploitation of vulnerabilities and/or threats. The presentation should conclude with recommendations (e.g., continue to accept risks, accept some risks (identify them), mitigate some risks (identify them), mitigate all risks, etc.). Include the attack vector and attribution analysis, and the vulnerability matrix from the previous steps. Don’t try to shoehorn every point into your presentation. For guidance on creating presentations, refer to the following: · Creating and Delivering Professional Presentations · Record a Slide Show with Narration and Slide Timings · Converting PowerPoint and Uploading to YouTube Submit your Cybersecurity Risk Assessment PowerPoint for feedback by uploading it to YouTube. At the end of this project, your team will submit the presentation in the form of a YouTube link for grading. Step 8 Project 2: Nations Behaving Badly Step 8: Define Incident Response, Part 1 It's time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will
start from the security baseline analysis, which has been defined for all the nations' network topologies at the summit, using a network security baseline analyzer. Your nation team will work together to develop an eight- to 10- page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include: 1. roles and responsibilities 2. phases of incident response 3. scenario—provide an incident response plan in the case of distributed data exfiltration attacks, specifically the case of loss of communications 4. activities, authorities pertaining to roles and responsibilities 5. triggering conditions for actions 6. triggering conditions for closure 7. reports and products throughout the incident response activity 8. tools, techniques, and technologies 9. communications paths and parties involved 10. coordination paths and parties involved 11. external partners and stakeholders, and their place in the coordination and communication paths 12. security controls and tracking 13. recovery objectives and priorities Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response. Step 9Project 2: Nations Behaving Badly Step 9: Define Incident Response, Part 2 Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
14. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example. 15. data protection mechanisms 16. integrity controls (system integrity checks) after recovery 17. a plan to investigate the network behavior and a threat bulletin that explains this activity 18. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident 19. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain 20. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams. You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery. Step 10roject 2: Nations Behaving Badly Step 10: Execute Incident Response The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams. The CIOs have provided information on the anomalous activity in the following lab. Step 11Project 2: Nations Behaving Badly Step 11: Analyze Cyber Defense Information Take Note This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each other’s expertise in the subject area of the exercise. The findings will be included in your team’s Security Baseline Report. The attack continues. Now the CIO reports high-volume activity
shutting down web access to the summit and to the attending nations' government websites. In addition, the volume impact has also caused latency in third-party websites whose processes and data sharing are linked to the summit and to the nations' government websites. Your team now enters Workspace to analyze the .pcap files the CIOs had provided. You will analyze the .pcap files to understand some of the conditions that may have led to this high-volume traffic, an apparent DoS attack. Step 12Project 2: Nations Behaving Badly Step 12: Share the Cyber Defense Information With Nations Now that you have analyzed the .pcap contents, you and your team of analysts will prepare mitigation (risk analysis and mitigation) for this current attack as well as any future attacks. You will also provide risk countermeasure implementation to a data exfiltration attack. Compile these strategies in a FVEY Indicator Sharing Report to be shared with your FVEY allies. Include Snort rules signatures and prepare rules for firewalls that would have prevented the data exfiltration attack. Review these resources on intrusion detection and prevention (IDS/IPS) systems and IDS/IPS classification to refresh your understanding of communications and network security, intrusion detection, and intrusion prevention. Your report should include the following: · other possible sources of vulnerabilities and best practices to protect endpoints. · indicators for data exfiltration. · methods for protection in bring your own device (BYOD) mobile security. · an explanation of the importance of authorization and authentication mechanisms like CAC-PIV card readers. Review these resources on common access card (CAC) and multifactor authentication technologies if you need a refresher. · best practices for database protection (data loss prevention), which serves as the backbone to information sharing and
communications. How can obfuscation and masking be used to ensure database security? You don't want to just build a wall and block everything. Your team has conducted a risk assessment and developed an approach. In your report, share the tools, methods, and the actual net defenses your nation team has used. In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to protect the network and defend against the attacks. You must devise a plan and pull from the suite of net defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls. Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic and activities. Once your team has completed the sharing report, post it to the FVEY discussion where other nation teams can view it. Step 13Project 2: Nations Behaving Badly Step 13: Evaluate and Execute the Data Exfiltration Service- Level Agreement (SLA) You've communicated the attack to your other nation teams, your team has determined that all the nation teams were under data exfiltration attack, and they sustained latency or even unavailability of their networks. Now the CIOs have directed that the service-level agreements (SLAs) be reviewed on what the attack means to the cost and services rendered. Technologically trained professionals increase their marketability and hire-ability when they can demonstrate business acumen as well as technical expertise. And with more integrated environments following services on-demand structures such as cloud computing, it is imperative that cybersecurity professionals be able to assess if their organization is getting what it paid for. You may have determined a network topology for your nation team, or you may have researched a network topology and are
using that to base your analysis, citing the researched information using APA format. In these topologies, you will research the operating system vulnerabilities (operating system fundamentals, operating system protections). You will identify requirements for operating system security to address these vulnerabilities. You will then formulate a service-level agreement to mitigate the vulnerabilities, particularly for data exfiltration activities. Produce a three- to five-page Service-Level Agreement (SLA) that you believe is best to serve the nation teams’ security protections. If you research sample SLAs, provide citations. Include: · an agreement not to engage in testing data exfiltration without notifying the internet service provider (ISP) · metrics for availability · bandwidth requirements · monitoring from the ISP's network · traffic reports to be received and access to ISP information on net defense and best practices · testing nation teams’ configurations by ISP · other components needed to fulfill your nation team's requirements Perform an evaluation of the SLA that you created, and in a checklist format, report on the performance of the ISP during the data exfiltration attack. Conduct independent research if a checklist example is needed. If you model your checklist after an existing resource, cite and reference it using APA format. Estimate costs of services or any compensation owed to the nation team. Include written justification to the ISP for the downtime due to data exfiltration. This evaluation is included in the three- to five-page requirement. In the next step, you will take on "packet sniffing" in the lab, as you move to a digital forensics role in the investigation. Step 14Project 2: Nations Behaving Badly Step 14: Conduct Wireshark Packet Capture Analysis
It is time to help the CISO with the network intrusion. Your role here is to assume responsibility of analyzing a network packet capture file that was created during the network attack. You will conduct packet sniffing with Wireshark to gather information about the attacker, determine the resources that may have been compromised during the attack, and how the attacker compromised the resources. The CISO and response team believe there were attempts to scan the network for vulnerabilities and that an attacker may have discovered and exploited a vulnerability on one of the network servers. The attack may involve a brute-force password attack followed by a data breach where the attacker was able to download and read one or more files from a compromised server. Your objectives are to identify the attacker, identify the compromised server and service, identify the vulnerability that was exploited, and determine what data was breached or stolen. Your task is to enter Workspace and complete the Wireshark Packet Capture Analysis. Complete the lab report, including all answers to questions in the instructions linked below. Step 15Project 2: Nations Behaving Badly Step 15: Develop Final Forensic Report There are many digital forensic tools and techniques available to conduct an end-to-end forensic investigation. An end-to-end investigation tracks all elements of an attack, including how the attack began, what intermediate devices were used during the attack, and who was attacked. A typical investigation will involve visual analysis to statically review the contents of any drives, as well as dynamically review logs, artifacts (strategies for handling digital artifacts), and internet activity from the web history associated with the breached network (web browser forensics). The investigation concludes when the investigator examines all of the information, he or she correlates all of the events and all of the data from the various sources to get the whole picture, and prepares reports and evidence in a forensically sound
manner. In this scenario, you know that there has been an attempted/successful intrusion on the network, and you have completed the packet capture analysis using Wireshark. Your task is to write a Final Forensic Report that summarizes network forensics and the digital forensic tools and techniques for analyzing network incidents. This report will include your lab report from the previous step and should also be composed of network attack techniques, network attack vectors, and a comprehensive comparison of at least five tools used for analyzing network intrusions. This report will conclude with a recommendation for network administrators to meet the goals of hardening the infrastructure and protecting private data on the network. Submit the Final Forensic Report for review and feedback. Step 16 Project 2: Nations Behaving Badly Step 16: Deliver to Your CISO As a synthesis of the previous steps in this project, you will now submit the following for grading a packaged deliverable to the CISO that contains the following: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report Based on the feedback you have received, you should have revised the deliverables. Although many of these deliverables were initially developed in a team setting, each team member is responsible for submitting his or her own documents for individual assessment. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
Check Your Evaluation Criteria Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Deliverable: Step 7: Analyze Key Elements of NIST Standards and Submit the Team Report You have analyzed the linkage between technologies and the impacts of these relationships. Now, you will analyze the aspect of National Institute of Standards and Technology (NIST) standards for cloud computing as it affects your sector and complete the team sector brief. Write another brief, one to two pages, that addresses some of the following questions:
· Is cloud computing a good "fit" for your industry? · How does it benefit a cybersecurity solution? · Should it apply across all industries? Combine this information with the brief papers from the prior steps to create a three- to five-page Team Sector Brief. Your brief should also consider how your decisions might support other sectors. Introduce this brief with the one-page overview of your sector.

Recommended

Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 

Recommended

Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
You are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxYou are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxadampcarr67227
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfuzair
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfinfosec train
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmasterHafid CHEBRAOUI
 
Network Security
Network SecurityNetwork Security
Network SecurityUnited Nations Development Program
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide- Mark - Fullbright
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comBartholomew99
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comBaileya109
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxLinaCovington707
 
Essay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxEssay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxLinaCovington707
 

More Related Content

Similar to Deliverables Step-12 SLA 3-5 pages

You are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxYou are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxadampcarr67227
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfuzair
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfinfosec train
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comBartholomew99
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comBaileya109
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 

Similar to Deliverables Step-12 SLA 3-5 pages (20)

You are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxYou are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docx
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
Network Security
Network SecurityNetwork Security
Network Security
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 

More from LinaCovington707

ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxLinaCovington707
 
Essay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxEssay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxLinaCovington707
 
Essay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxEssay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxLinaCovington707
 
ESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxLinaCovington707
 
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxLinaCovington707
 
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxEpidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxLinaCovington707
 
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxEpidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxLinaCovington707
 
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxLinaCovington707
 
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxLinaCovington707
 
eproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxeproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxLinaCovington707
 
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxEnvisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxLinaCovington707
 
EnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxEnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxLinaCovington707
 
Environmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxEnvironmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxLinaCovington707
 
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxEnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxLinaCovington707
 
Ensuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxEnsuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxLinaCovington707
 
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxLinaCovington707
 
English EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxEnglish EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxLinaCovington707
 
Eng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxEng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxLinaCovington707
 
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxEnglish 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxLinaCovington707
 
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxLinaCovington707
 

More from LinaCovington707 (20)

ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
 
Essay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxEssay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docx
 
Essay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxEssay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docx
 
ESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docx
 
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
 
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxEpidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
 
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxEpidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
 
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
 
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
 
eproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxeproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docx
 
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxEnvisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
 
EnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxEnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docx
 
Environmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxEnvironmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docx
 
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxEnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
 
Ensuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxEnsuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docx
 
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
 
English EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxEnglish EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docx
 
Eng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxEng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docx
 
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxEnglish 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
 
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
 

Recently uploaded

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 

Recently uploaded (20)

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 

Deliverables Step-12 SLA 3-5 pages

  • 1. Deliverables: Step-12 SLA 3-5 pages Project 2: Nations Behaving Badly Start Here Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities. The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan. The US reports data exfiltration has been detected in the IDS
  • 2. (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor. Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: "I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it." You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation's server is at risk. "The report shows that the pattern of network traffic is anomalous," says the CISO. "And the point of origin is internal . Someone at the summit is involved in this." Given the nature of the summit, participants understand that all nations have a common goal. "None of the FVEY members would have done this," says a colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's mail." The CISO says, "No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies." Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor. Your CISO continues. "Let's get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that's part of what we're dealing with here? Or do you think there's more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors
  • 3. and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event." "Our systems went down due to this attack. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report. "Remember, no one is above suspicion—not even our allies. Got it?" Everyone nods in agreement. The CISO says, "Good. Now get to work. I'm going to try to go back to sleep for a few hours." When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. Competencies Your work will be evaluated using the competencies listed below. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Step 1 As a part of your nation(Canada) team, an agreement needs to
  • 4. be established in order to work efficiently on each project. Begin by revisiting your current team agreement document, which includes a suggested schedule for project completion. Update your team agreement with roles and assignments for this project. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When you have completed the plan, resubmit it for review in the dropbox below. Step 2Project 2: Nations Behaving Badly Step 2: Identify Attack Vectors You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems (operating system fundamentals, operating system protections), telecommunications (internet governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness. Review the materials on attack vectors if a refresher is needed. Once you've identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses. Step 3Project 2: Nations Behaving Badly Step 3: Discuss Attack Vectors and Known Attribution In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
  • 5. You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step. This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion as well as the identity of the hackers and actors who employ the attack vectors noted. Support Your Findings Support your comments with evidence from your research. Remember, the intent is to help your fellow team members with critical questions, suggestions, and improvement in a respectful and honest manner. Step 4Project 2: Nations Behaving Badly Step 4: Analyze Attack Vectors and Known Attribution You've discussed attack vectors and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group's findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. Step 5Project 2: Nations Behaving Badly Step 5: Develop the Vulnerability Assessment Matrix With the Attack Vector and Attribution Analysis complete, in this step your nation team will assess the impact of identified threats and prioritize the allocation of resources to mitigate or prevent risks. As a group, you will collaborate to develop and
  • 6. submit one Vulnerability Assessment Matrix for your nation. This spreadsheet includes the following: · characterization of current and emerging vulnerabilities and threats (cybersecurity vulnerability) · identification of the attack vector(s) employed · your assessment (high, medium, or low) of the impact the vulnerability could have on your organization Submit your team's matrix for feedback. This matrix will be included in the final project deliverable, the Cybersecurity Risk Assessment. In the next step, you and your nation team members will conduct research on best practices and countermeasures for the kind of attack your nation team sustained at the summit. Step 6 Project 2: Nations Behaving Badly Step 6: Research Industry Best Practices and Countermeasures At this point, you and your team members have analyzed attack vectors and used your research to construct a vulnerability assessment matrix. The next step in the process of analyzing the intrusion is to look at common practices and countermeasures that can be used for the type of attack your team incurred at the summit. In this step, you and your team members will perform research on current best practices for authentication, authorization, and access control methods. You will also research possible countermeasures and cyber offense strategies that may be available. Review the materials on countermeasures and cyber offensives/warfare if needed. This research will help you make recommendations in the cybersecurity risk assessment, which you develop in the next step. Approach your research with transparency to support trust among your team. Review these resources on risk assessment and risk assessment approaches to prepare for the next step. The following links will provide you with resources on industry standards and best practices: · Security Operations · Software Development Security
  • 7. · Security Assessment and Testing · Security Engineering Step 7Project 2: Nations Behaving Badly Step 7: Develop the Cybersecurity Risk Assessment In this step, your team will prepare the Cybersecurity Risk Assessment in the form of a PowerPoint presentation. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. The presentation should identify current measures for authentication, authorization, and access control, and clearly explain weaknesses in your organization's security (to include people, technology, and policy) that could result in successful exploitation of vulnerabilities and/or threats. The presentation should conclude with recommendations (e.g., continue to accept risks, accept some risks (identify them), mitigate some risks (identify them), mitigate all risks, etc.). Include the attack vector and attribution analysis, and the vulnerability matrix from the previous steps. Don’t try to shoehorn every point into your presentation. For guidance on creating presentations, refer to the following: · Creating and Delivering Professional Presentations · Record a Slide Show with Narration and Slide Timings · Converting PowerPoint and Uploading to YouTube Submit your Cybersecurity Risk Assessment PowerPoint for feedback by uploading it to YouTube. At the end of this project, your team will submit the presentation in the form of a YouTube link for grading. Step 8 Project 2: Nations Behaving Badly Step 8: Define Incident Response, Part 1 It's time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will
  • 8. start from the security baseline analysis, which has been defined for all the nations' network topologies at the summit, using a network security baseline analyzer. Your nation team will work together to develop an eight- to 10- page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include: 1. roles and responsibilities 2. phases of incident response 3. scenario—provide an incident response plan in the case of distributed data exfiltration attacks, specifically the case of loss of communications 4. activities, authorities pertaining to roles and responsibilities 5. triggering conditions for actions 6. triggering conditions for closure 7. reports and products throughout the incident response activity 8. tools, techniques, and technologies 9. communications paths and parties involved 10. coordination paths and parties involved 11. external partners and stakeholders, and their place in the coordination and communication paths 12. security controls and tracking 13. recovery objectives and priorities Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response. Step 9Project 2: Nations Behaving Badly Step 9: Define Incident Response, Part 2 Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
  • 9. 14. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example. 15. data protection mechanisms 16. integrity controls (system integrity checks) after recovery 17. a plan to investigate the network behavior and a threat bulletin that explains this activity 18. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident 19. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain 20. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams. You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery. Step 10roject 2: Nations Behaving Badly Step 10: Execute Incident Response The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams. The CIOs have provided information on the anomalous activity in the following lab. Step 11Project 2: Nations Behaving Badly Step 11: Analyze Cyber Defense Information Take Note This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each other’s expertise in the subject area of the exercise. The findings will be included in your team’s Security Baseline Report. The attack continues. Now the CIO reports high-volume activity
  • 10. shutting down web access to the summit and to the attending nations' government websites. In addition, the volume impact has also caused latency in third-party websites whose processes and data sharing are linked to the summit and to the nations' government websites. Your team now enters Workspace to analyze the .pcap files the CIOs had provided. You will analyze the .pcap files to understand some of the conditions that may have led to this high-volume traffic, an apparent DoS attack. Step 12Project 2: Nations Behaving Badly Step 12: Share the Cyber Defense Information With Nations Now that you have analyzed the .pcap contents, you and your team of analysts will prepare mitigation (risk analysis and mitigation) for this current attack as well as any future attacks. You will also provide risk countermeasure implementation to a data exfiltration attack. Compile these strategies in a FVEY Indicator Sharing Report to be shared with your FVEY allies. Include Snort rules signatures and prepare rules for firewalls that would have prevented the data exfiltration attack. Review these resources on intrusion detection and prevention (IDS/IPS) systems and IDS/IPS classification to refresh your understanding of communications and network security, intrusion detection, and intrusion prevention. Your report should include the following: · other possible sources of vulnerabilities and best practices to protect endpoints. · indicators for data exfiltration. · methods for protection in bring your own device (BYOD) mobile security. · an explanation of the importance of authorization and authentication mechanisms like CAC-PIV card readers. Review these resources on common access card (CAC) and multifactor authentication technologies if you need a refresher. · best practices for database protection (data loss prevention), which serves as the backbone to information sharing and
  • 11. communications. How can obfuscation and masking be used to ensure database security? You don't want to just build a wall and block everything. Your team has conducted a risk assessment and developed an approach. In your report, share the tools, methods, and the actual net defenses your nation team has used. In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to protect the network and defend against the attacks. You must devise a plan and pull from the suite of net defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls. Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic and activities. Once your team has completed the sharing report, post it to the FVEY discussion where other nation teams can view it. Step 13Project 2: Nations Behaving Badly Step 13: Evaluate and Execute the Data Exfiltration Service- Level Agreement (SLA) You've communicated the attack to your other nation teams, your team has determined that all the nation teams were under data exfiltration attack, and they sustained latency or even unavailability of their networks. Now the CIOs have directed that the service-level agreements (SLAs) be reviewed on what the attack means to the cost and services rendered. Technologically trained professionals increase their marketability and hire-ability when they can demonstrate business acumen as well as technical expertise. And with more integrated environments following services on-demand structures such as cloud computing, it is imperative that cybersecurity professionals be able to assess if their organization is getting what it paid for. You may have determined a network topology for your nation team, or you may have researched a network topology and are
  • 12. using that to base your analysis, citing the researched information using APA format. In these topologies, you will research the operating system vulnerabilities (operating system fundamentals, operating system protections). You will identify requirements for operating system security to address these vulnerabilities. You will then formulate a service-level agreement to mitigate the vulnerabilities, particularly for data exfiltration activities. Produce a three- to five-page Service-Level Agreement (SLA) that you believe is best to serve the nation teams’ security protections. If you research sample SLAs, provide citations. Include: · an agreement not to engage in testing data exfiltration without notifying the internet service provider (ISP) · metrics for availability · bandwidth requirements · monitoring from the ISP's network · traffic reports to be received and access to ISP information on net defense and best practices · testing nation teams’ configurations by ISP · other components needed to fulfill your nation team's requirements Perform an evaluation of the SLA that you created, and in a checklist format, report on the performance of the ISP during the data exfiltration attack. Conduct independent research if a checklist example is needed. If you model your checklist after an existing resource, cite and reference it using APA format. Estimate costs of services or any compensation owed to the nation team. Include written justification to the ISP for the downtime due to data exfiltration. This evaluation is included in the three- to five-page requirement. In the next step, you will take on "packet sniffing" in the lab, as you move to a digital forensics role in the investigation. Step 14Project 2: Nations Behaving Badly Step 14: Conduct Wireshark Packet Capture Analysis
  • 13. It is time to help the CISO with the network intrusion. Your role here is to assume responsibility of analyzing a network packet capture file that was created during the network attack. You will conduct packet sniffing with Wireshark to gather information about the attacker, determine the resources that may have been compromised during the attack, and how the attacker compromised the resources. The CISO and response team believe there were attempts to scan the network for vulnerabilities and that an attacker may have discovered and exploited a vulnerability on one of the network servers. The attack may involve a brute-force password attack followed by a data breach where the attacker was able to download and read one or more files from a compromised server. Your objectives are to identify the attacker, identify the compromised server and service, identify the vulnerability that was exploited, and determine what data was breached or stolen. Your task is to enter Workspace and complete the Wireshark Packet Capture Analysis. Complete the lab report, including all answers to questions in the instructions linked below. Step 15Project 2: Nations Behaving Badly Step 15: Develop Final Forensic Report There are many digital forensic tools and techniques available to conduct an end-to-end forensic investigation. An end-to-end investigation tracks all elements of an attack, including how the attack began, what intermediate devices were used during the attack, and who was attacked. A typical investigation will involve visual analysis to statically review the contents of any drives, as well as dynamically review logs, artifacts (strategies for handling digital artifacts), and internet activity from the web history associated with the breached network (web browser forensics). The investigation concludes when the investigator examines all of the information, he or she correlates all of the events and all of the data from the various sources to get the whole picture, and prepares reports and evidence in a forensically sound
  • 14. manner. In this scenario, you know that there has been an attempted/successful intrusion on the network, and you have completed the packet capture analysis using Wireshark. Your task is to write a Final Forensic Report that summarizes network forensics and the digital forensic tools and techniques for analyzing network incidents. This report will include your lab report from the previous step and should also be composed of network attack techniques, network attack vectors, and a comprehensive comparison of at least five tools used for analyzing network intrusions. This report will conclude with a recommendation for network administrators to meet the goals of hardening the infrastructure and protecting private data on the network. Submit the Final Forensic Report for review and feedback. Step 16 Project 2: Nations Behaving Badly Step 16: Deliver to Your CISO As a synthesis of the previous steps in this project, you will now submit the following for grading a packaged deliverable to the CISO that contains the following: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report Based on the feedback you have received, you should have revised the deliverables. Although many of these deliverables were initially developed in a team setting, each team member is responsible for submitting his or her own documents for individual assessment. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
  • 15. Check Your Evaluation Criteria Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Deliverable: Step 7: Analyze Key Elements of NIST Standards and Submit the Team Report You have analyzed the linkage between technologies and the impacts of these relationships. Now, you will analyze the aspect of National Institute of Standards and Technology (NIST) standards for cloud computing as it affects your sector and complete the team sector brief. Write another brief, one to two pages, that addresses some of the following questions:
  • 16. · Is cloud computing a good "fit" for your industry? · How does it benefit a cybersecurity solution? · Should it apply across all industries? Combine this information with the brief papers from the prior steps to create a three- to five-page Team Sector Brief. Your brief should also consider how your decisions might support other sectors. Introduce this brief with the one-page overview of your sector.