For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
1. CST 630 Project 1Risk, Threat, and Vulnerability Management
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis
baseline of the IT systems, which will include a data-flow diagram of
connections and endpoints, and all types of access points, including
wireless. The baseline report will be part of the overall security
assessment report (SAR).
You will get your information from a data-flow diagram and report from
the Microsoft Threat Modeling Tool 2016. The scope should include
network IT security for the whole organization. Click the following to
view the data-flow diagram: [diagram and report]
Include the following areas in this portion of the SAR:
a. Security requirements and goals for the preliminary security
baseline activity.
b. Typical attacks to enterprise networks and their descriptions.
Include Trojans, viruses, worms, denial of service, session
hijacking, and social engineering. Include the impacts these attacks
have on an organization.
c. Network infrastructure and diagram, including configuration and
connections. Describe the security posture with respect to these
components and the security employed: LAN, MAN, WAN,
enterprise. Use these questions to guide you:
2. a. What are the security risks and concerns?
b. What are ways to get real-time understanding of the security
posture at any time?
c. How regularly should the security of the enterprise network
be tested, and what type of tests should be used?
d. What are the processes in play, or to be established to
respond to an incident?
e. Workforce skill is a critical success factor in any security
program, and any security assessment must also review this
component. Lack of a skilled workforce could also be a
security vulnerability. Does the security workforce have the
requisite technical skills and command of the necessary
toolsets to do the job required?
f. Is there an adequate professional development roadmap in
place to maintain and/or improve the skill set as needed?
g. Describe the ways to detect these malicious code and what
tactics bad actors use for evading detection.
d. Public and private access areas, web access points. Include in the
network diagram the delineation of open and closed networks,
where they co-exist. In the open network and closed
network portion, show the connections to the Internet.
e. Physical hardware components. Include routers and switches.
What security weaknesses or vulnerabilities are within these
devices?
f. Operating systems, servers, network management systems.
a. data in transit vulnerabilities
1. endpoint access vulnerabilities
2. external storage vulnerabilities
3. virtual private network vulnerabilities
4. media access control vulnerabilities
5. ethernet vulnerabilities
b. Possible applications. This network will incorporate a BYOD
(bring your own device) policy in the near future. The IT auditing
team and leadership need to understand current mobile applications
3. and possible future applications and other wireless integrations.
You will use some of this information in Project 2 and also in
Project 5.
The overall SAR should detail the security measures needed, or
implementations status of those in progress, to address the identified
vulnerabilities. Include:
a. remediation
b. mitigation
c. countermeasure
d. recovery
Through your research, provide the methods used to provide the
protections and defenses.
From the identification of risk factors in the risk model, identify the
appropriate security controls from NIST SP 800-53A and determine
their applicability to the risks identified.
The baseline should make up at least three of the 12 pages of the overall
report.
When you have completed your security analysis baseline, move on to
the next step, in which you will use testing procedures that will help
determine the company's overall network defense strategy.
Step 2: Determine a Network Defense Strategy
You've completed your initial assessment of the company's security with
your baseline analysis. Now it's time to determine the best defenses for
your network.
Start by reading a publication by the National Institute of Standards and
Technology, NIST-SP-800-115 Technical Guide to Information Security
Testing and Assessment, and outline how you would test violations.
Identify how you will assess the effectiveness of these controls and write
test procedures that could be used to test for effectiveness. Write them in
a manner to allow a future information systems security officer to use
4. them in preparing for an IT security audit or IT certification and
accreditation. Within this portion of the SAR, explain the different
testing types (black box testing, white box testing).
Include these test plans in the SAR. The strategy should take up at least
two of the 12 pages of the overall report.
Click the following link to learn more about cybersecurity for process
control systems: Cybersecurity for Process Control Systems
After you've completed this step, it's time to define the process of
penetration testing. In the next step, you'll develop rules of engagement
(ROE).
Step 3: Plan the Penetration Testing Engagement
Now that you've completed your test plans, it's time to define
your penetration testing process. Include all involved processes, people,
and timeframe. Develop a letter of intent to the organization, and within
the letter, include some formal rules of engagement (ROE). The process
and any documents can be notional or can refer to actual use cases. If
actual use cases are included, cite them using APA format.
This portion should be about two pages of the overall 12-page report.
After you have outlined the steps of a penetration testing process, in the
next step you will perform penetration testing. During the testing, you
will determine if the security components are updated and if the latest
patches are implemented, and if not, determine where the security gaps
are.
Step 4: Conduct a Network Penetration Test
You've defined the penetration testing process, and in this step, you will
scan the network for vulnerabilities. Though you have some preliminary
information about the network, you will perform a black box test to
assess the current security posture. Black box testing is performed with
little or no information about the network and organization.
---------------------------------------------------------------------------------------------------------
5. CST 630 Project 2 Incident Response
For more course tutorials visit
www.newtonhelp.com
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own device
(BYOD) policy, security attitudes have been lax and all sorts of devices,
authorized and unauthorized, have been found connected to the
company's wireless infrastructure. In this first step, you will develop a
wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153 to provide an executive summary
to answer other security concerns related to BYOD and wireless. Within
your cybersecurity incident report, provide answers to the threat of
unauthorized equipment or rogue access points on the company wireless
network and the methods to find other rogue access points. Describe
how to detect rogue access points and how they can actually connect to
the network. Describe how to identify authorized access points within
your network.
6. Within your plan, include how the Cyber Kill Chain framework and
approach could be used to improve the incident response times for
networks.
Include this at the beginning of your CIR as the basis for all wireless-
and BYOD-related problems within the network. Title the section
"Wireless and BYOD Security Plan."
Click the following link to learn more about security management:
Security Management.
In the next step, you will explore a scenario on suspicious behavior, and
your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's time
to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious behavior.
You decide to track the employee's movements by using various tools
and techniques. You know the location and time stamps associated with
the employee's mobile device.
7. How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could
take place in the workplace. How would you protect against both
identity theft and MAC spoofing? Address if it is feasible to determine if
MAC spoofing and identity theft has taken place in the workplace.
Include a whitelist of approved devices for this network. Examples may
include authorized access points, firewalls, and other similar devices.
Are there any legal issues, problems, or concerns with your actions?
What should be conducted before starting this investigation? Were your
actions authorized, was the notification valid, or are there any other
concerns? Include your responses as part of the CIR with the title
"Tracking Suspicious Behavior."
In the next step, you will explore another workplace scenario, and your
responses will help you formulate a continuous improvement plan,
which will become another part of your CIR.
---------------------------------------------------------------------------------------------------------
CST 630 Project 3 Enterprise Network Security
For more course tutorials visit
www.newtonhelp.com
8. Project 3
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for
mergers and acquisitions, keep in mind that the networks of companies
going through an M&A can be subject to cyberattack. As you work
through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more
focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of
the media streaming company. You have to explain to the executives
that before any systems are integrated, their security policies will need to
be reviewed.
Conduct a policy gap analysis to ensure the target company's security
policies follow relevant industry standards as well as local, state, and
national laws and regulations. In other words, you need to make sure the
new company will not inherit any statutory or regulatory noncompliance
from either of the two original companies. This step would also identify
what, if any, laws and regulations the target company is subject to. If
those are different from the laws and regulations the acquiring company
is subject to, then this document should answer the following questions:
9. How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would you ensure compliance with those laws and regulations?
The streaming company that is being acquired has a current customer
base of 150,000 users, who on average pay $14.99 in monthly fees.
Based on the overall income, use PCI Standards DSS 12 requirements,
and the PCI DSS Quick Reference Guide to identify a secure strategy,
and operating system protections to protect the credit card data.
Select at least two appropriate requirements from the PCI Standards
DSS 12 set of requirements and explain how the controls should be
implemented, how they will change the current network, and any costs
associated with implementing the change.
In the next step, you will review the streaming protocols that the
companies are using.
Step 2: Review Protocols for Streaming Services
After reviewing the policies from the company and the policy gap
analysis, the M&A leader asks you about the protocols used by the
streaming company. He wants to know if the protocols used would
affect the current state of cybersecurity within the current company
environment. For this section, review the protocols, explain how they
work along with any known vulnerabilities, and how to secure the
company from cyberattacks. Start with researching the commonly
10. known streaming protocols and the vulnerabilities of those protocols.
Some examples are the Real-Time Streaming Protocol (RTSP), Real-
Time Transport Protocol (RTP) and the Real-Time Transport Control
Protocol (RTCP).
Additionally, the leadership wants to know if any vulnerabilities
identified would or could lead to a no-go on the M&A.
In other words:
You need to identify what streaming the companies are doing and the
specific technology they are leveraging.
What are the technical vulnerabilities associated with the protocols
involved?
Have those been mitigated? And to what extent (i.e., has the risk been
reduced to zero, reduced somewhat, shifted to a third party, etc.)?
What residual risk to the target company's assets and IP remain?
Would those risks extend to the current (takeover) company after the
merger?
a. Would that be bad enough to cancel the M&A?
If the response to #5 is yes, then, what should the target company do to
further mitigate the risk? How should the takeover company mitigate the
risk?
--------------------------------------------------------------------------------------------------------
11. CST 630 Project 4Secure Videoconferencing Communications
For more course tutorials visit
www.newtonhelp.com
Project 4
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system is
to develop a set of functional requirements for videoconferencing that
you believe the media company will nee based on its geographic
dispersion and business needs.
In developing those requirements, research three videoconferencing
solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and
explain their capabilities, advantages, and disadvantages. Identify costs
as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a
section of your Proposal for Secure Videoconferencing. In the next step,
you will review the challenges of implementing those solutions.
Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements for secure
videoconferencing for the company and outlined three potential
solutions. Part of your final proposal should also include the advantages
and disadvantages of the implementation options for the three systems
you selected. This section of the proposal also must include the changes
the media company will need to make to implement the systems.
12. Additionally, explain how system administration or privileged identity
management will operate with these systems. You will also need to
examine how data exfiltration will occur with each of the new systems.
The changes to the systems and challenges for the implementation of
these potential solutions will be an important section of your Proposal
for Secure Videoconferencing. In the next step, you will take a closer
look at the track records of each of the potential videoconferencing
vendors.
Step 3: Identify Vendor Risks
You've finished outlining the pros and cons of three videoconferencing
systems. Now, it'S time to take a close look at how they serve their
clients. This will take some research. Look at the systems' known
vulnerabilities and exploits. Examine and explain the past history of
each vendor with normal notification timelines, release of patches, or
work-arounds (solutions within the system without using a patch). Your
goal is to know the timeliness of response with each company in helping
customers stay secure.
This step will be a section of your Proposal for Secure
Videoconferencing.
In the next step, you will outline best practices for secure
videoconferencing that will be part of your overall proposal to
management
Step 4: Develop Best Practices for Secure Videoconferencing
The last few steps have been devoted to analyzing potential
videoconferencing solutions. But obtaining a trusted vendor is just part
of the security efforts. Another important step is to ensure that users and
system administrators conduct the company's videoconferencing in a
secure manner. In this step, outline security best practices for
videoconferencing that you would like users and systems administrators
to follow. Discuss how these best practices will improve security and
minimize risks of data exfiltration as well as snooping.
13. This "best practices" section will be part of the overall Proposal for
Secure Videoconferencing.
In the next step, you will develop system integrity checks within a
virtual lab environment.
Step 5: Develop System Integrity Checks
As part of the overall proposal, the CISO has asked you to develop
system integrity checks for files shared between users of the
videoconferencing systems. These checks will ensure file protection and
prevent exfiltration of sensitive files.
The lab exercise will show how this is done. In this step, you will
generate a lab report that will be part of your final assignment. The lab
instructions will tell you what the report needs to contain.
Note:
You will use the tools in Workspace for this step. If you need help
outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace and
the lab Setup.
Click here to access the Project Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/).
This will be a section of your Proposal for Secure Videoconferencing.
Now, you are ready for the final step, which will be to put all of the
components of the proposal together for management. Remember, your
task is to recommend the best videoconferencing system for the
company. Part of that proposal includes a set of high-level executive
briefing slides.
Step 6: Submit Your Proposal for Secure Videoconferencing and
All Related Materials
14. It’s time to prepare your materials on secure videoconferencing for
management. Your task is to recommend a system that best meets the
business functionality and security requirements of the company. As part
of that recommendation, you will also prepare a set of high-level
executive briefing slides to give the CEO and CIO an overview of your
study.
The assignments for this project are as follows:
1. Executive briefing: This is a three- to five-slide visual presentation
for business executives and board members.
2. Executive summary: This is a one-page summary at the beginning
of your Proposal for Secure Videoconferencing.
3. Proposal for Secure Videoconferencing: Your report should be a
minimum six-page double- spaced Word document with citations
in APA format. The page count does not include figures, diagrams,
tables or citations.
4. Lab report: Generated from Workspace.
Submit all four components to the assignment folder.
---------------------------------------------------------------------------------------------------------
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides +
lab report)
For more course tutorials visit
www.newtonhelp.com
15. CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab
report)
---------------------------------------------------------------------------------------------------------