here has been an increase in the number of cybersecurity incident reports. You realize that you need to increase awareness of security standards. In your security monitoring of the company networks, you use tools that track employee behavior.
You want company leadership to understand the technologies used in wireless networks and mobile device management, and you want those leaders to be educated about the implementation, threats, and safeguards for all devices-- including personal units that are used for work related tasks. You believe that executive leadership needs to incorporate these kinds of safeguards as part of its business strategy. You decide to compile a cybersecurity incident report that you will send to management. You will list the actions, defense, and preventative measures you have taken to address threats and why.
The report will incorporate terminology definitions, information about the cyber kill chain, and impact assessments. Your cyber incident report will need to illustrate the threats you discovered and the resolutions you employed. You want leadership to be confident about the strategy you have used to defend the company's networks.
Today's companies face many different security challenges to their networks, and a company's incident manager needs to be ready to respond to potential threats. Some of those threats can occur from the actions of well-intentioned employees who fail to follow security protocols, and others can arise from disgruntled workers who may be able to access accounts on personal devices long after leaving an organization.
Wireless devices and bring your own device (BYOD) computing in the workplace often increase productivity and convenience, but such ubiquitous access to resources can be a significant threat to organizational security, and BYOD computing adds another layer of concern for the incident manager.
Remote management, such as tracking and data swipes, helps to locate devices containing company data and to eliminate any unauthorized viewing of that data. Authentication, access controls, and strong encryption are just some of the security measures that need to be part of a secure wireless network and mobile device management practices in the workplace. However, security will need to evolve in order to protect against employees who may have malicious intent. It will need to include behavior cues as well as effective countermeasures, as the need for greater employee availability drives more wireless computing and BYOD integration in the workplace.
For this project, you will take a close look at the variety of threats facing an incident manager as you develop a
cybersecurity incident report (CIR)
for management with an
executive summary,
along with an
executive briefing
for a company. For details on the length of the assignments, see the final step of the project.
There are seven steps to complete the project. Each step will highlight the types of threats you will encounter. Most s.
here has been an increase in the number of cybersecurity incident re.docx
1. here has been an increase in the number of cybersecurity
incident reports. You realize that you need to increase
awareness of security standards. In your security monitoring of
the company networks, you use tools that track employee
behavior.
You want company leadership to understand the technologies
used in wireless networks and mobile device management, and
you want those leaders to be educated about the implementation,
threats, and safeguards for all devices-- including personal units
that are used for work related tasks. You believe that executive
leadership needs to incorporate these kinds of safeguards as part
of its business strategy. You decide to compile a cybersecurity
incident report that you will send to management. You will list
the actions, defense, and preventative measures you have taken
to address threats and why.
The report will incorporate terminology definitions, information
about the cyber kill chain, and impact assessments. Your cyber
incident report will need to illustrate the threats you discovered
and the resolutions you employed. You want leadership to be
confident about the strategy you have used to defend the
company's networks.
Today's companies face many different security challenges to
their networks, and a company's incident manager needs to be
ready to respond to potential threats. Some of those threats can
occur from the actions of well-intentioned employees who fail
to follow security protocols, and others can arise from
disgruntled workers who may be able to access accounts on
personal devices long after leaving an organization.
Wireless devices and bring your own device (BYOD) computing
in the workplace often increase productivity and convenience,
but such ubiquitous access to resources can be a significant
2. threat to organizational security, and BYOD computing adds
another layer of concern for the incident manager.
Remote management, such as tracking and data swipes, helps to
locate devices containing company data and to eliminate any
unauthorized viewing of that data. Authentication, access
controls, and strong encryption are just some of the security
measures that need to be part of a secure wireless network and
mobile device management practices in the workplace.
However, security will need to evolve in order to protect against
employees who may have malicious intent. It will need to
include behavior cues as well as effective countermeasures, as
the need for greater employee availability drives more wireless
computing and BYOD integration in the workplace.
For this project, you will take a close look at the variety of
threats facing an incident manager as you develop a
cybersecurity incident report (CIR)
for management with an
executive summary,
along with an
executive briefing
for a company. For details on the length of the assignments, see
the final step of the project.
There are seven steps to complete the project. Each step will
highlight the types of threats you will encounter. Most steps in
this project should take no more than two hours to complete,
and the project as a whole should take no more than two weeks
to complete. Begin with the workplace scenario, and then
continue to Step 1.
Deliverables
cybersecurity incident report (CIR), slides to support executive
briefing
3. Since the company you work for has instituted a bring your own
device (BYOD)policy, security attitudes have been lax and all
sorts of devices, authorized and unauthorized, have been found
connected to the company's wireless infrastructure. In this first
step, you will develop a wireless and BYOD security plan for
the company.
Use the
NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153
to provide an executive summary to answer other security
concerns related to BYOD and wireless. Within your
cybersecurity incident report, provide answers to the threat of
unauthorized equipment or rogue access points on the company
wireless network and the methods to find other rogue access
points. Describe how to detect rogue access points and how they
can actually connect to the network. Describe how to identify
authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework
and approach could be used to improve the incident response
times for networks.
Include this at the beginning of your CIR as the basis for all
wireless- and BYOD-related problems within the network. Title
the section "Wireless and BYOD Security Plan."
Click the following link to learn more about security
management:
Security Management
.
In the next step, you will explore a scenario on suspicious
behavior, and your report will provide another section of your
CIR.
4. Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own
device (BYOD)policy, security attitudes have been lax and all
sorts of devices, authorized and unauthorized, have been found
connected to the company's wireless infrastructure. In this first
step, you will develop a wireless and BYOD security plan for
the company.
Use the
NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153
to provide an executive summary to answer other security
concerns related to BYOD and wireless. Within your
cybersecurity incident report, provide answers to the threat of
unauthorized equipment or rogue access points on the company
wireless network and the methods to find other rogue access
points. Describe how to detect rogue access points and how they
can actually connect to the network. Describe how to identify
authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework
and approach could be used to improve the incident response
times for networks.
Include this at the beginning of your CIR as the basis for all
wireless- and BYOD-related problems within the network. Title
the section "Wireless and BYOD Security Plan."
Click the following link to learn more about security
management:
Security Management
.
In the next step, you will explore a scenario on suspicious
5. behavior, and your report will provide another section of your
CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now
it's time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious
behavior. You decide to track the employee's movements by
using various tools and techniques. You know the location and
time stamps associated with the employee's mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing
could take place in the workplace. How would you protect
against both identity theft and MAC spoofing? Address if it is
feasible to determine if MAC spoofing and identity theft has
taken place in the workplace. Include a whitelist of approved
devices for this network. Examples may include authorized
access points, firewalls, and other similar devices.
Are there any legal issues, problems, or concerns with your
actions? What should be conducted before starting this
investigation? Were your actions authorized, was the
notification valid, or are there any other concerns? Include your
responses as part of the CIR with the title "Tracking Suspicious
Behavior."
In the next step, you will explore another workplace scenario,
and your responses will help you formulate a continuous
improvement plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan
6. Now that you've completed the section on tracking suspicious
behavior for your CIR, you are confronted with another
situation in the workplace.
You receive a memo for continuous improvement in the wireless
network of your company, and you are asked to provide a report
on the wireless network used in your company. You have been
monitoring the activities on the WPA2. Provide for your
leadership a description of wired equivalent privacy and also
Wi-Fi protected access networks, for education purposes.
Include the pros and cons of each type of wireless network, as
well as WPA2.
Since WPA2 uses encryption to provide secure communications,
define the scheme for using preshared keys for encryption. Is
this FIPS 140-2 compliant, and if not, what is necessary to
attain this? Include this for leadership. Include a list of other
wireless protocols, such as Bluetooth, and provide a
comparative analysis of four protocols including the pros, cons,
and suitability for your company.
Include your responses as part of the CIR with the title
"Continuous Improvement Plan."
In the next step, you will look at yet another workplace
scenario, and you will use that incident to show management
how remote configuration management works.
Step 4: Develop Remote Configuration Management
You've completed the continuous improvement plan portion of
the CIR. Now, it's time to show how your company has
implemented remote configuration management.
Start your incident report with a description of remote
configuration management and how it is used in maintaining the
7. security posture of your company's network. Then, consider the
following scenario:
An undocumented device is found on the company network. You
have determined that the owner of the device should be removed
from the network. Implement this and explain how you would
remove the employee's device. How would you show proof that
the device was removed?
Include your responses as part of the CIR with the title "Remote
Configuration Management."
In the next step, you will illustrate how you investigate possible
employee misconduct.
Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you
would investigate possible employee misconduct. You have
been given a report that an employee has recorded logins during
unofficial duty hours. The employee has set up access through
an ad-hoc wireless network. Provide a definition of ad hoc
wireless networks and identify the threats and vulnerabilities to
a company. How could this network contribute to the company
infrastructure and how would you protect against those threats?
Use notional information or actual case data and discuss.
Address self-configuring dynamic networks on open access
architecture and the threats and vulnerabilities associated with
them, as well as the possible protections that should be
implemented. From your position as an incident manager, how
would you detect an employee connecting to a self-configuring
network or an ad hoc network? Provide this information in the
report. How would signal hiding be a countermeasure for
wireless networks? What are the countermeasures for signal
hiding? How is the service set identifier (SSID) used by
8. cybersecurity professionals on wireless networks? Are these
always broadcast, and if not, why not? How would you validate
that the user is working outside of business hours?
Include your responses as part of the CIR with the title
"Employee Misconduct."
In the next step, you will use lab tools to analyze wireless
traffic.
Step 7: Prepare the Cybersecurity Incident Report, Executive
Briefing, and Executive Summary
You've completed all of the individual steps for your
cybersecurity incident report. It's time to combine the reports
you completed in the previous steps into a single CIR.
The assignments for this project are as follows:
Executive briefing: This is a three- to five-slide visual
presentation for business executives and board members.
Executive summary: This is a one-page summary at the
beginning of your CIR.
Cybersecurity Incident Report (CIR): Your report should be a
minimum 12-page double-spaced Word document with citations
in APA format. The page count does not include figures,
diagrams, tables or citations.
Submit all three documents to the assignment folder.
Deliverables: Cybersecurity Incident Report (CIR), Slides to
Support Executive Briefing
9. Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9
Step 6: Analyze Wireless Traffic
You've completed several steps that you will use to present your
CIR. In this step, as part of a virtual lab, you will analyze
wireless traffic.
You are given access to precaptured files of wireless traffic on
the company network. This is another way to monitor employee
behavior and detect any malicious behavior, intentional or even
unintentional.
Complete This Lab
Here are some resources that will help you complete the lab:
Accessing the Virtual Lab Environment:
Navigating the Workspace and the Lab Setup
.
Review the
Workspace and Lab Machine Environment Tutorial
Lab Instructions:
Incident Response Lab Exercise
Self-Help Guide:
Workspace: Getting Started and Troubleshooting
10. Provide any information related to the issue that you are
experiencing and attach any screenshot that you may be able to
produce related to the issue.
Include your responses from the lab as part of the CIR with the
title "Wireless Traffic Analysis."