For more course tutorials visit www.newtonhelp.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network. Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan."

1. CST 630 Project 2 Incident Response
Click Here to Buy the Tutorial
http://www.newtonhelp.com/CST-630/product-29121-
CST-630-Project-2-Incident-Response
For more course tutorials visit
www.newtonhelp.com
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own
device (BYOD) policy, security attitudes have been lax and all sorts
of devices, authorized and unauthorized, have been found connected
to the company's wireless infrastructure. In this first step, you will
develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks
(WLANs) Special Publication 800-153 to provide an executive
summary to answer other security concerns related to BYOD and
wireless. Within your cybersecurity incident report, provide answers
to the threat of unauthorized equipment or rogue access points on the
company wireless network and the methods to find other rogue access
points. Describe how to detect rogue access points and how they can
actually connect to the network. Describe how to identify authorized
access points within your network.

2. Within your plan, include how the Cyber Kill Chain framework and
approach could be used to improve the incident response times for
networks.
Include this at the beginning of your CIR as the basis for all wireless-
and BYOD-related problems within the network. Title the section
"Wireless and BYOD Security Plan."
Click the following link to learn more about security management:
Security Management.
In the next step, you will explore a scenario on suspicious behavior,
and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's
time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious
behavior. You decide to track the employee's movements by using

3. various tools and techniques. You know the location and time stamps
associated with the employee's mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could
take place in the workplace. How would you protect against both
identity theft and MAC spoofing? Address if it is feasible to
determine if MAC spoofing and identity theft has taken place in the
workplace. Include a whitelist of approved devices for this network.
Examples may include authorized access points, firewalls, and other
similar devices.
Are there any legal issues, problems, or concerns with your actions?
What should be conducted before starting this investigation? Were
your actions authorized, was the notification valid, or are there any
other concerns? Include your responses as part of the CIR with the
title "Tracking Suspicious Behavior."
In the next step, you will explore another workplace scenario, and
your responses will help you formulate a continuous improvement
plan, which will become another part of your CIR.

4. Step 3: Develop a Continuous Improvement Plan
Now that you've completed the section on tracking suspicious
behavior for your CIR, you are confronted with another situation in
the workplace.
You receive a memo for continuous improvement in the wireless
network of your company, and you are asked to provide a report on
the wireless network used in your company. You have been
monitoring the activities on the WPA2. Provide for your leadership a
description of wired equivalent privacy and also Wi-Fi protected
access networks, for education purposes. Include the pros and cons of
each type of wireless network, as well as WPA2.
Since WPA2 uses encryption to provide secure communications,
define the scheme for using preshared keys for encryption. Is this
FIPS 140-2 compliant, and if not, what is necessary to attain this?
Include this for leadership. Include a list of other wireless protocols,
such as Bluetooth, and provide a comparative analysis of four
protocols including the pros, cons, and suitability for your company.
Include your responses as part of the CIR with the title "Continuous
Improvement Plan."
In the next step, you will look at yet another workplace scenario, and
you will use that incident to show management how remote
configuration management works.

5. Step 4: Develop Remote Configuration Management
You've completed the continuous improvement plan portion of the
CIR. Now, it's time to show how your company has implemented
remote configuration management.
Start your incident report with a description of remote configuration
management and how it is used in maintaining the security posture of
your company's network. Then, consider the following scenario:
An undocumented device is found on the company network. You
have determined that the owner of the device should be removed from
the network. Implement this and explain how you would remove the
employee's device. How would you show proof that the device was
removed?
Include your responses as part of the CIR with the title "Remote
Configuration Management."
In the next step, you will illustrate how you investigate possible
employee misconduct.

6. Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you would
investigate possible employee misconduct. You have been given a
report that an employee has recorded logins during unofficial duty
hours. The employee has set up access through an ad-hoc wireless
network. Provide a definition of ad hoc wireless networks and identify
the threats and vulnerabilities to a company. How could this network
contribute to the company infrastructure and how would you protect
against those threats? Use notional information or actual case data and
discuss.
Address self-configuring dynamic networks on open access
architecture and the threats and vulnerabilities associated with them,
as well as the possible protections that should be implemented. From
your position as an incident manager, how would you detect an
employee connecting to a self-configuring network or an ad hoc
network? Provide this information in the report. How would signal
hiding be a countermeasure for wireless networks? What are the
countermeasures for signal hiding? How is the service set identifier
(SSID) used by cybersecurity professionals on wireless networks?
Are these always broadcast, and if not, why not? How would you
validate that the user is working outside of business hours?
Include your responses as part of the CIR with the title "Employee
Misconduct."
In the next step, you will use lab tools to analyze wireless traffic.

7. Step 6: Analyze Wireless Traffic
You've completed several steps that you will use to present your CIR.
In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to precaptured files of wireless traffic on the
company network. This is another way to monitor employee behavior
and detect any malicious behavior, intentional or even unintentional.
Note: You will use the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace
and the Lab Setup.
Click here to access the Project 2 Workspace Exercise Instructions.
Explore the tutorials and user guides to learn more about the tools you
will use. Then, enter Workspace.
Include your responses from the lab as part of the CIR with the title
"Wireless Traffic Analysis."

8. Step 7: Prepare the Cybersecurity Incident Report, Executive
Briefing, and Executive Summary
You've completed all of the individual steps for your cybersecurity
incident report. It's time to combine the reports you completed in the
previous steps into a single CIR.
The assignments for this project are as follows:
Executive briefing: This is a three- to five-slide visual presentation for
business executives and board members.
Executive summary: This is a one-page summary at the beginning of
your CIR.
Cybersecurity Incident Report (CIR): Your report should be a
minimum 12-page double-spaced Word document with citations in
APA format. The page count does not include figures, diagrams,
tables or citations.
Submit all three documents to the assignment folder.
Deliverables: Cybersecurity Incident Report (CIR), Slides to Support
Executive Briefing

9. Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9

10. Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9