Instructions:
*** Need task completed for D's portion of the project:
3-pages for a SAR;
3-pages for an AAR
covering the topic "Assessing Suspicious Activity" ***
Team e-mail discussing Instructions about the Project:
Team,
I was talking with Team member #2 in class today and the outlines don't match up to the assignment. I propose we write in the order of the assignment and each do 3 pages for each paper. The SAR will be the assessment prior to implementation of our recommendations and the AAR is the assessment afterwards. The breakdown will look like this:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
If we each do 3 pages we will hit the 15 required. I can put it all together and edit if needed, and someone else or I can do the PowerPoint.
Thanks,
Team Lead
------------------------------------------------------------------------------------------------------------------------------
Team Lead,
Based on the reading of our assignments, I see that there are only 4-roles in the assignment (see bold below). My understanding is that you need me to write up 3 pages on "the cyber threats and vulnerabilities that are facing the US critical infrastructure" (separate from the SAR and AAR); 3-pages for the SAR, and 3-pages for the AAR. If this is the case, what role do you want me to write up for the SAR and AAR? Also, we are not to follow the SAR and AAR outlines?
Roles:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
Thanks,
D
-------------------------------------------------------------------------------------------------------------------------------------
D,
The two outlines are nearly identical for different projects. Team member #3, Team member #4, and I are on board with writing to the tasks vs the outline. If you agree, the task you will do is Task 2 for the Project 4. This task is called "Assessing Suspicious Activity" and we will need 3 pages on this for the SAR and 3 pages for the AAR.
Thanks,
Team Lead
-------------------------------------- SEE PROJECT DETAILS BELOW-----------------------------------------------
US critical infrastructure-power—water, oil and natural gas, military systems, financial systems—have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the Internet and other digital controls systems. The lesson learned in defending and mitigating cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing is key for success and survival.
This is a group exercise, representing collaboration across all sectors, to support and defend US critical infrastructure. In the working world, a team like this would include some agencies, some industrial partners, and some private se.
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Instructions Need task completed for Ds portion of the pr.docx
1. Instructions:
*** Need task completed for D's portion of the project:
3-pages for a SAR;
3-pages for an AAR
covering the topic "Assessing Suspicious Activity" ***
Team e-mail discussing Instructions about the Project:
Team,
I was talking with Team member #2 in class today and the
outlines don't match up to the assignment. I propose we write in
the order of the assignment and each do 3 pages for each paper.
The SAR will be the assessment prior to implementation of our
recommendations and the AAR is the assessment afterwards.
The breakdown will look like this:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
If we each do 3 pages we will hit the 15 required. I can put it all
together and edit if needed, and someone else or I can do the
PowerPoint.
Thanks,
Team Lead
---------------------------------------------------------------------------
---------------------------------------------------
Team Lead,
Based on the reading of our assignments, I see that there are
only 4-roles in the assignment (see bold below). My
understanding is that you need me to write up 3 pages on "the
cyber threats and vulnerabilities that are facing the US critical
infrastructure" (separate from the SAR and AAR); 3-pages for
2. the SAR, and 3-pages for the AAR. If this is the case, what role
do you want me to write up for the SAR and AAR? Also, we are
not to follow the SAR and AAR outlines?
Roles:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
Thanks,
D
---------------------------------------------------------------------------
----------------------------------------------------------
D,
The two outlines are nearly identical for different projects.
Team member #3, Team member #4, and I are on board with
writing to the tasks vs the outline. If you agree, the task you
will do is Task 2 for the Project 4. This task is called
"Assessing Suspicious Activity" and we will need 3 pages on
this for the SAR and 3 pages for the AAR.
Thanks,
Team Lead
-------------------------------------- SEE PROJECT DETAILS
BELOW-----------------------------------------------
3. US critical infrastructure-power—water, oil and natural gas,
military systems, financial systems—have become the target of
cyber and physical attacks as more critical infrastructure
systems are integrated with the Internet and other digital
controls systems. The lesson learned in defending and
mitigating cyberattacks is that no entity can prevent or resolve
cyberattacks on its own. Collaboration and information sharing
is key for success and survival.
This is a group exercise, representing collaboration across all
sectors, to support and defend US critical infrastructure. In the
working world, a team like this would include some agencies,
some industrial partners, and some private sector corporations.
Each organization has different strengths and skills, different
access to information, and different authorities to report to.
When the sectors work together and leverage resources and
skills, the result is that everyone benefits from the defense and
protection of US IT infrastructure. In your teams, you can
model the same collaboration, leveraging each other's expertise,
sharing each other's knowledge, teaching each other, and
providing contributions specific to your role in the scenario.
· Financial Services Representative: special task in Step 3
· Law Enforcement Representative: special task in Step 4
· Intelligence Agency Representative: special task in Step 5
· Homeland Security Representative: special task in Step 6
There are seven steps that will help you create your final
deliverables. The deliverables for this project are as follows:
4. 1. Security Assessment Report (SAR): This report should be a 3
page double-spaced Word document with citations in APA
format. The page count does not include figures, diagrams,
tables, or citations.
2. After Action Report (AAR): This report should be a 5 page
double-spaced Word document with citations in APA format.
The page count does not include figures, diagrams, tables, or
citations.
3. This is a 5-8 slide PowerPoint presentation for executives
along with a narrated or In-Class Presentation summarizing your
SAR and AAR report.
Step 1: Establishing Roles
As described in the scenario, you will be working in a small
team (usually five members). Your instructor has provided an
area for your group discussions, collaboration, and file sharing.
Take some time to learn about your teammates (introductions,
LinkedIn profiles and bios) to understand the experience and
expertise of the team members.
Studies on teamwork outline the typical team stages of forming,
storming, norming, and performing (see Tuckman, Bruce W.
(1965), "Developmental sequence in small
groups," Psychological Bulletin, 63, 384-399.) This guidance
on teamwork may be helpful.
In order to do well, you and your team members must start
communicating or "forming" immediately and discuss how you
will divide the work. Review the project and if you have
portions of the work that play well to your strengths, make this
known to your team members. Then develop a project plan and
schedule to get the work done.
Finally, agree on a communications plan, which allows your
5. team members to know where the project stands. During this
stage, you may have disagreements or differences of opinion
about roles and division of work. This is a normal aspect of
"storming."
Once you start agreeing on roles and tasks, you are well on your
way to "norming." You should settle on a collaboration space
and share drafts of your work in your classroom team locker so
your team members and the instructor can see the work
progression. All team members must contribute, but the
deliverables need to be cohesive. Therefore, each of you will
need to review each other's work and help each other.
While you may have to use collaborative tools outside the
classroom, maintain the key documents in the respective team
project locker in the classroom. Your team will use this area to
establish ground rules for communication and collaboration.
Team members will gain an overview of the entire project,
establish roles, agree on the division of work, and complete and
sign the Team Project Charter.
If you decide to use Google Docs for your collaborative work,
you could also choose a Google drive with appropriate sharing
with your team members and your instructor, and provide
information on this in your team locker. Part of teamwork is
looking at each other's work and providing constructive
feedback and improvements.
If you sense problems during your team communications
sessions, discuss risk management and project adjustments your
team may need to make. If you sense trouble, contact your
instructor and request intervention as soon as you recognize
issues.
After the plan is completed, elect one person to attach or link
the final document to the team project locker. This step should
have been completed early in the term between Weeks 2 and 4.
Setting up the team roles and expectations is an important part
of this project and completing the charter is critical to the
project's success. When you have completed this important step,
move to the next step.
6. Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It's time to get to
work. You have a suite of tools at your disposal from your work
in Project 1, Project 2, and Project 3, which can be used
together to create a full common operating picture of the cyber
threats and vulnerabilities that are facing the US critical
infrastructure. Begin by selecting the following links to brush
up on your knowledge:
1. network security
2. mission critical systems
3. penetration testing
To be completed by all team members: Leverage the network
security skills of using port scans, network scanning tools, and
analyzing Wireshark files, to assess any suspicious network
activity and network vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative:
Provide a description of the impact the threat would have on the
financial services sector. These impact statements can include
the loss of control of the systems, the loss of data integrity or
confidentiality, exfiltration of data, or something else. Also
provide impact assessments as a result of this security incident
to the financial services sector.
To be completed by all team members: Provide submissions
from the Information Sharing Analysis Councils related to the
financial sector. You can also propose fictitious submissions.
Also, review the resources for Industrial Control Systems, and
advise the importance of them to the financial services sector.
Explain the risks associated with the Industrial Controls
Systems.
Step 4: Law Enforcement
To be completed by the Law Enforcement
Representative: Provide a description of the impact the threat
would have on the law enforcement sector. These impact
statements can include the loss of control of systems, the loss of
data integrity or confidentiality, exfiltration of data, or
7. something else. Also provide impact assessments as a result of
this security incident to the law enforcement sector.
Step 5: The Intelligence Community
To be completed by all team members: Provide an overview of
the life cycle of a cyber threat. Explain the different threat
vectors that cyber actors use, and provide a possible list of
nation-state actors that have targeted the US financial services
industry before.
Review this threat response and recovery resource and use what
you learned from the resource to provide or propose an
analytical method in which you are able to detect the threat,
identify the threat, and perform threat response and recovery.
Identify the stage of the cyber threat life cycle where you would
observe different threat behaviors. Include ways to defend
against the threat, and protect against the threat. Provide this
information in the SAR and AAR.
To be completed by the Intelligence Community Representative:
Provide intelligence on the nation-state actor, their cyber tools,
techniques, and procedures. Leverage available threat reporting
such as from FireEye, Mandiant, and other companies and
government entities that provide intelligence reports. Also
include the social engineering methods used by the nation-state
actor and their reasons for attacking US critical infrastructure.
Include this information in the SAR and AAR.
Step 6: Homeland Security
To be completed by the Homeland Security Representative: Use
the US-CERT and other similar resources to discuss the
vulnerabilities and exploits that might have been used by the
attackers.
Explore the resources for risk mitigation and provide the risk,
response, and risk mitigation steps that should be taken if an
entity suffers the same type of attack.
To be completed by all team members: Provide a risk-threat
8. matrix and provide a current state snapshot of the risk profile of
the financial services sector. These reports will be part of an
overall risk assessment, which will be included in the SAR and
AAR.
Review and refer to this risk assessment resource to aid you in
developing this section of the report.
Step 7: The SAR and AAR
All team members: After you compile your research, and your
own critical assessments and analysis, determine which
information is appropriate for a Security Assessment Report
(SAR) that will be submitted to the White House, and an After
Action Report (AAR) that will be submitted to the rest of the
analyst community.
1. Prepare your SAR for the White House Cyber National
Security Staff, describing the threat, the motivations of the
threat actor, the vulnerabilities that are possible for the threat
actor to exploit, current and expected impact on US financial
services critical infrastructure, the path forward to eliminate or
reduce the risks, and the actions taken to defend and prevent
against this threat in the future.
2. Prepare the AAR. This knowledge management report will be
provided to the cyber threat analyst community, which includes
the intelligence community, the law enforcement community,
the defense and civilian community, the private sector, and
academia. The purpose of the AAR is to share the systems life
cycle methodology, rationale, and critical thinking used to
resolve this cyber incident.
The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This report should be a
3-page double-spaced Word document with citations in APA
format. The page count does not include figures, diagrams,
tables, or citations.
2. After Action Report (AAR): This report should be a 3 page
double-spaced Word document with citations in APA format.
The page count does not include figures, diagrams, tables, or
citations.
9. 3. A 5-8 slide PowerPoint presentation for executives along
with narration or In-Class presentation by each team member
summarizing a portion of your SAR and AAR report.
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them in your work.
· 1.1: Organize document or presentation clearly in a manner
that promotes understanding and meets the requirements of the
assignment.
· 2.3: Evaluate the information in a logical and organized
manner to determine its value and relevance to the problem.
· 4.1: Lead and/or participate in a diverse group to accomplish
projects and assignments.
· 4.3: Contribute to team projects, assignments, or
organizational goals as an engaged member of a team.
· 8.4: Possess knowledge of proper and effective communication
in case of an incident or crisis.
CYB610 Project 4
You are part of a collaborative team that was created to address
cyber threats and exploitation
of US financial systems critical infrastructure. Your team has be
en assembled by the White
House Cyber National security staff to provide situational aware
ness about a current network
breach and cyber attack against several financial service institut
ions.
10. Your team consists of four roles, a representative from the finan
cial services sector who has
discovered the network breach and the cyber attacks. These atta
cks include distributed denial
of service attacks, DDOS, web defacements, sensitive data exfil
tration, and other attack vectors
typical of this nation state actor. A representative from law enfo
rcement who has provided
additional evidence of network attacks found using network def
ense tools.
A representative from the intelligence agency who has identifie
d the nation state actor from
numerous public and government provided threat intelligence re
ports. This representative will
provide threat intelligence on the tools, techniques, and procedu
res of this nation state actor. A
representative from the Department of Homeland Security who
will provide the risk, response,
and recovery actions taken as a result of this cyber threat.
Your team will have to provide education and security awarenes
s to the financial services sector
about the threats, vulnerabilities, risks, and risk mitigation and r
emediation procedures to be
implemented to maintain a robust security posture.
Finally, your team will take the lessons learned from this cyber
incident and share that
knowledge with the rest of the cyber threat analysis community.
At the end of the response to
this cyber incident, your team will provide two deliverables, a s
ituational analysis report, or SAR,
to the White House Cyber National security staff and an After A
ction Report and lesson learned
to the cyber threat analyst community.