SlideShare a Scribd company logo

ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx

Download as DOCX, PDF
C
christiandean12115

ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations. Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling. Highlight of Interview with Jack Sterling Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes: Hardware/Software: Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat Applications/Databases: Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment. Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month. SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points. Configuration Highlights: Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to. Managed switches – There is no logging of network activities on any of the switches. Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.

Education
1 of 14
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations. Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling. Highlight of Interview with Jack Sterling Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes: Hardware/Software: Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat Applications/Databases: Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment. Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy
every month. SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points. Configuration Highlights: Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to. Managed switches – There is no logging of network activities on any of the switches. Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the following services in addition: File & Print Services, Telnet, IIS. Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event. The following files types are allowed for inbound connection: EXE, DOC, XML, VBS. In addition, Telnet and FTP are allowed for inbound connection. Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year. Network configuration changes are determined by the IT manager and users are notified immediately once the changes are implemented. Documentation:
I. There is no documented security policy, or computer use policy. II. II. There is no documented process for changes to the system. III. III. There is no contingency plan. System Backup: I. Backup is conducted daily by the network administrator, and tapes are kept safely in the computer room. Personnel/Physical Security: I. While users are not trained on security awareness, emails go out every month from the system administrator warning users of emerging threat. II. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices. III. III. Remote employees connect via virtual private network. Their laptops are configured exactly as the desktops in the office with unencrypted hard drives. IV. IV. Often users are allowed to bring in their own laptops, connect to corporate system, and complete their tasks, especially if they are having issues with laptops provided by the company. Incident Response: At Limetree Inc., systems administrators are notified of computer incidents, and the administrators escalate to the IT manager, who reports incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents, even though Limetree Inc. has experienced quite a few. Corrective measures are taken immediately after an incident, though none of the measures was ever documented. ISE 510 Final Project Guidelines and Rubric Overview
The final project for this course is the creation of a security breach analysis and recommendations. The relevance of risk assessment cannot be overemphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Organizations seek to understand their compliance status for current regulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploited. For your final project, you will analyze an information security breach that has already occurred. This will place you in the role of a risk assessment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such roles will continue to gain relevance as organizations and governments continue to move sensitive financial information, personal health information (PHI), and personally identifiable information (PII) across publicly accessible networks and storage devices. For the final project for this course, you will analyze an information security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec) you will play in Module Three. In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach, and applicable regulations to the organization. Then, you will develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur. The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold
learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven. The final product will be submitted in Module Nine. This assessment addresses the following course outcomes: through analysis of security breaches in ensuring business continuity in support of organizational goals information security of organizations physical security assessment projects based on established cybersecurity standards elop risk mitigation strategies for addressing application, website, and network vulnerabilities culture and communication challenges that could affect cybersecurity risk assessment in a diversified world Prompt Your security breach analysis and recommendations should answer the following prompt: Using your Final Project Scenario and gameplay from the educational video game Agent Surefire: InfoSec that you will complete in Module Three, analyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and recommendations that reduce the impact of organizational culture and communication challenges. Specifically, the following critical elements must be addressed:
I. Introduction: Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your profile, you could consider the industry in which the business or organization operates and the product or service that is the focus, for example. II. II. Security Breach: In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breach and explaining how the breach occurred. Specifically, you should: A. Attack Location: Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For example, was the network attacked? Or was the company website hacked? B. Attack Method and Tools: Analyze the security breach to determine the method and tools that were used to effect the attack. In other words, how did the attack occur? C. Vulnerabilities: Based on your analysis, what vulnerabilities of the business or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer? III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach. Specifically, you should: A. Actions: What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business or organization do to address the vulnerabilities and resume normal system operations after the breach? B. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals? IV. Impact: In this section, you will discuss the possible
impacts of applicable cybersecurity regulations to the business or organization. Specifically, you should: A. Application: Describe the government and industry regulations that apply to the business or organization in relation to the security breach. For example, what legislation, directives, and policies relate to the security breach? B. Impact: How do these regulations impact the business or organization and its information security? Support your response with specific examples. C. Financial and Legal Implications: Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example? V. Security Test Plan: In this section, you will develop a security test plan for the breached system, basing your plan on your analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST). Specifically, you should: A. Scope: Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed? B. Resources: Document the resources required for the risk assessment. In other words, what do you need to actually do the assessment? C. Hardware and Software: Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing? D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created. VI. Risk Mitigation: In this section, you will create security controls to ensure that the breach will not reoccur. Specifically, you should:
A. Security Controls: Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. These controls can be technical, administrative, or personnel security controls, for example. B. Vulnerabilities: How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities? C. Evaluation: What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated? VII. Conclusion: In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Specifically, you should: A. Communication: Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved? B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization. C. Recommendations: What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments? Milestones Milestone One: Kickoff Agenda In Module Three, you will submit a kickoff agenda. This milestone will be graded with the Milestone One Rubric. Milestone Two: Test Plan In Module Five, you will submit a test plan. This milestone will be graded with the Milestone Two Rubric. Milestone Three: Incident Response Plan In Module Seven, you will submit an incident response plan. This milestone will be graded with the Milestone Three Rubric.
Final Submission: Security Breach Analysis and Recommendations In Module Nine, you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. It should also be structured to follow the outline presented in the Prompt. This submission will be graded with the Final Project Rubric (below). ISE 510 Security Risk Analysis & Plan Security Breach Analysis and Recommendations Milestone 1: Kickoff Agenda (60 points) <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions and all blue font before submission: Change file name to MS#1_LAST_FIRST A few comments up front: - Please take time to review a) The MS #1 Rubric, b) Final Project Rubric, and c) Final Project Scenario - There are 6 Agenda Items to be complete (the first one is done as an example). -The kickoff agenda should be 3–5 pages in length, using 12- point Times New Roman font and single spaced. All references are APA format. -Do not copy and paste anything off the internet without a
citation. The goal is to identify the top 5 agenda items that will help you complete the final Project - analyze an information security breach where you take the role of a risk assessment expert, coming in to determine how the breach occurred, the incident response processes that was initiated, the impact of the breach, and applicable regulations to the organization and develop strategies to mitigate against the breach reoccurring. ========================================== ==========================EXAMPLE Agenda Item #1: Company background and how the IT department fits into the Organization with respect to information security. Relevance: Information security can't function properly without support from upper management. The first thing to know is how serious the organization is about Information Security (IS); the answers will either support a strong corporate culture for Information Security, or one that is not as mature in that respect. Knowing some basic company background such as number of employees, number of IT employees, annual sales, Management and Organizational hierarchy, the Organizational mission, and in what ways the IT department supports the mission will be essential in performing any security related Risk Management. Description: The purpose of this agenda item is to get to know the company and how IT fits into the organizational hierarchy; some organizations do not value IT activities and ignore the security recommendations of the Cybersecurity professionals.
We hope to find an open and ongoing communication between the IT Cyber professionals and upper management; that there are resources dedicated to IS Security in personnel, processes, equipment, technology, and training. Most importantly, we hope to find that upper management has a strategic vision for their Cyber Security posture in the firm. Information gleaned from this agenda item will help us determine the root causes of the security breach, by discerning the organizational factors that lead up to the breach. The attendees required for this meeting include IT managers, Cyber security professionals in the IT department, line managers in each department, and any senior leaders (VIPs) that may be impacted by breaches, loss of data or productivity. ==============================END EXAMPLE Agenda Item #2: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM?
Who else needs to be in the meeting? Agenda Item #3: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #4: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response).
What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #5: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #6: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting
additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? 3

Recommended

ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxchristiandean12115
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
After reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxAfter reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 

Recommended

ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxchristiandean12115
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
After reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxAfter reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..Sprintzeal
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docxaryan532920
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comBaileyaby
 
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docxchristiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docxchristiandean12115
 

More Related Content

Similar to ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx

Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..Sprintzeal
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docxaryan532920
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comBaileyaby
 

Similar to ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx (20)

Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
Topic11
Topic11Topic11
Topic11
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.com
 

More from christiandean12115

100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docxchristiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docxchristiandean12115
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docxchristiandean12115
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docxchristiandean12115
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docxchristiandean12115
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docxchristiandean12115
 
10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docxchristiandean12115
 
10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docxchristiandean12115
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docxchristiandean12115
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docxchristiandean12115
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docxchristiandean12115
 
10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docxchristiandean12115
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docxchristiandean12115
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docxchristiandean12115
 
10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docxchristiandean12115
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docxchristiandean12115
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docxchristiandean12115
 
10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docxchristiandean12115
 
10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docxchristiandean12115
 

More from christiandean12115 (20)

100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
 
10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx10.1 What are three broad mechanisms that malware can use to propa.docx
10.1 What are three broad mechanisms that malware can use to propa.docx
 
10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx10.0 ptsPresentation of information was exceptional and included.docx
10.0 ptsPresentation of information was exceptional and included.docx
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx10 What does a golfer, tennis player or cricketer (or any othe.docx
10 What does a golfer, tennis player or cricketer (or any othe.docx
 
10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx10 September 2018· Watch video· Take notes withfor students.docx
10 September 2018· Watch video· Take notes withfor students.docx
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx10 Research-Based Tips for Enhancing Literacy Instruct.docx
10 Research-Based Tips for Enhancing Literacy Instruct.docx
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
 
10 Most Common Err.docx
10 Most Common Err.docx10 Most Common Err.docx
10 Most Common Err.docx
 
10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx10 Introduction Ask any IT manager about the chall.docx
10 Introduction Ask any IT manager about the chall.docx
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx10 Customer Acquisition and Relationship ManagementDmitry .docx
10 Customer Acquisition and Relationship ManagementDmitry .docx
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
 
10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx10 ers. Although one can learn definitions favor- able to .docx
10 ers. Although one can learn definitions favor- able to .docx
 
10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx10 academic sources about the topic (Why is America so violent).docx
10 academic sources about the topic (Why is America so violent).docx
 

Recently uploaded

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Recently uploaded (20)

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx

  • 1. ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations. Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling. Highlight of Interview with Jack Sterling Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes: Hardware/Software: Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat Applications/Databases: Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment. Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy
  • 2. every month. SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points. Configuration Highlights: Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to. Managed switches – There is no logging of network activities on any of the switches. Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the following services in addition: File & Print Services, Telnet, IIS. Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event. The following files types are allowed for inbound connection: EXE, DOC, XML, VBS. In addition, Telnet and FTP are allowed for inbound connection. Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year. Network configuration changes are determined by the IT manager and users are notified immediately once the changes are implemented. Documentation:
  • 3. I. There is no documented security policy, or computer use policy. II. II. There is no documented process for changes to the system. III. III. There is no contingency plan. System Backup: I. Backup is conducted daily by the network administrator, and tapes are kept safely in the computer room. Personnel/Physical Security: I. While users are not trained on security awareness, emails go out every month from the system administrator warning users of emerging threat. II. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices. III. III. Remote employees connect via virtual private network. Their laptops are configured exactly as the desktops in the office with unencrypted hard drives. IV. IV. Often users are allowed to bring in their own laptops, connect to corporate system, and complete their tasks, especially if they are having issues with laptops provided by the company. Incident Response: At Limetree Inc., systems administrators are notified of computer incidents, and the administrators escalate to the IT manager, who reports incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents, even though Limetree Inc. has experienced quite a few. Corrective measures are taken immediately after an incident, though none of the measures was ever documented. ISE 510 Final Project Guidelines and Rubric Overview
  • 4. The final project for this course is the creation of a security breach analysis and recommendations. The relevance of risk assessment cannot be overemphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Organizations seek to understand their compliance status for current regulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploited. For your final project, you will analyze an information security breach that has already occurred. This will place you in the role of a risk assessment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such roles will continue to gain relevance as organizations and governments continue to move sensitive financial information, personal health information (PHI), and personally identifiable information (PII) across publicly accessible networks and storage devices. For the final project for this course, you will analyze an information security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec) you will play in Module Three. In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach, and applicable regulations to the organization. Then, you will develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur. The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold
  • 5. learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven. The final product will be submitted in Module Nine. This assessment addresses the following course outcomes: through analysis of security breaches in ensuring business continuity in support of organizational goals information security of organizations physical security assessment projects based on established cybersecurity standards elop risk mitigation strategies for addressing application, website, and network vulnerabilities culture and communication challenges that could affect cybersecurity risk assessment in a diversified world Prompt Your security breach analysis and recommendations should answer the following prompt: Using your Final Project Scenario and gameplay from the educational video game Agent Surefire: InfoSec that you will complete in Module Three, analyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and recommendations that reduce the impact of organizational culture and communication challenges. Specifically, the following critical elements must be addressed:
  • 6. I. Introduction: Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your profile, you could consider the industry in which the business or organization operates and the product or service that is the focus, for example. II. II. Security Breach: In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breach and explaining how the breach occurred. Specifically, you should: A. Attack Location: Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For example, was the network attacked? Or was the company website hacked? B. Attack Method and Tools: Analyze the security breach to determine the method and tools that were used to effect the attack. In other words, how did the attack occur? C. Vulnerabilities: Based on your analysis, what vulnerabilities of the business or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer? III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach. Specifically, you should: A. Actions: What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business or organization do to address the vulnerabilities and resume normal system operations after the breach? B. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals? IV. Impact: In this section, you will discuss the possible
  • 7. impacts of applicable cybersecurity regulations to the business or organization. Specifically, you should: A. Application: Describe the government and industry regulations that apply to the business or organization in relation to the security breach. For example, what legislation, directives, and policies relate to the security breach? B. Impact: How do these regulations impact the business or organization and its information security? Support your response with specific examples. C. Financial and Legal Implications: Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example? V. Security Test Plan: In this section, you will develop a security test plan for the breached system, basing your plan on your analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST). Specifically, you should: A. Scope: Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed? B. Resources: Document the resources required for the risk assessment. In other words, what do you need to actually do the assessment? C. Hardware and Software: Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing? D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created. VI. Risk Mitigation: In this section, you will create security controls to ensure that the breach will not reoccur. Specifically, you should:
  • 8. A. Security Controls: Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. These controls can be technical, administrative, or personnel security controls, for example. B. Vulnerabilities: How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities? C. Evaluation: What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated? VII. Conclusion: In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Specifically, you should: A. Communication: Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved? B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization. C. Recommendations: What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments? Milestones Milestone One: Kickoff Agenda In Module Three, you will submit a kickoff agenda. This milestone will be graded with the Milestone One Rubric. Milestone Two: Test Plan In Module Five, you will submit a test plan. This milestone will be graded with the Milestone Two Rubric. Milestone Three: Incident Response Plan In Module Seven, you will submit an incident response plan. This milestone will be graded with the Milestone Three Rubric.
  • 9. Final Submission: Security Breach Analysis and Recommendations In Module Nine, you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. It should also be structured to follow the outline presented in the Prompt. This submission will be graded with the Final Project Rubric (below). ISE 510 Security Risk Analysis & Plan Security Breach Analysis and Recommendations Milestone 1: Kickoff Agenda (60 points) <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions and all blue font before submission: Change file name to MS#1_LAST_FIRST A few comments up front: - Please take time to review a) The MS #1 Rubric, b) Final Project Rubric, and c) Final Project Scenario - There are 6 Agenda Items to be complete (the first one is done as an example). -The kickoff agenda should be 3–5 pages in length, using 12- point Times New Roman font and single spaced. All references are APA format. -Do not copy and paste anything off the internet without a
  • 10. citation. The goal is to identify the top 5 agenda items that will help you complete the final Project - analyze an information security breach where you take the role of a risk assessment expert, coming in to determine how the breach occurred, the incident response processes that was initiated, the impact of the breach, and applicable regulations to the organization and develop strategies to mitigate against the breach reoccurring. ========================================== ==========================EXAMPLE Agenda Item #1: Company background and how the IT department fits into the Organization with respect to information security. Relevance: Information security can't function properly without support from upper management. The first thing to know is how serious the organization is about Information Security (IS); the answers will either support a strong corporate culture for Information Security, or one that is not as mature in that respect. Knowing some basic company background such as number of employees, number of IT employees, annual sales, Management and Organizational hierarchy, the Organizational mission, and in what ways the IT department supports the mission will be essential in performing any security related Risk Management. Description: The purpose of this agenda item is to get to know the company and how IT fits into the organizational hierarchy; some organizations do not value IT activities and ignore the security recommendations of the Cybersecurity professionals.
  • 11. We hope to find an open and ongoing communication between the IT Cyber professionals and upper management; that there are resources dedicated to IS Security in personnel, processes, equipment, technology, and training. Most importantly, we hope to find that upper management has a strategic vision for their Cyber Security posture in the firm. Information gleaned from this agenda item will help us determine the root causes of the security breach, by discerning the organizational factors that lead up to the breach. The attendees required for this meeting include IT managers, Cyber security professionals in the IT department, line managers in each department, and any senior leaders (VIPs) that may be impacted by breaches, loss of data or productivity. ==============================END EXAMPLE Agenda Item #2: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM?
  • 12. Who else needs to be in the meeting? Agenda Item #3: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #4: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response).
  • 13. What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #5: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? Agenda Item #6: State the Agenda Item title. Less than 40 words Relevance: Provide clear justification for the agenda item you selected and why it is relevant to our security breach analysis and recommendations project. 100-200 words. Description: Provide convincing and insightful description of the item selected and how it is geared toward collecting
  • 14. additional information, providing clarification, or identifying a future interview topic. Your audience is the Security Manager. 100-200 words. Ideas that may help you brainstorm for this response: (Don't just answer these one-by-one; instead weave them into a clear response). What is the purpose of this agenda Item? What do you hope to find? Focus on how this builds the "security breach analysis and recommendations project" Be sure this is more important than another item not asked. What question do you want answered from SM? Who else needs to be in the meeting? 3