SlideShare a Scribd company logo
Step-12 SLA 3-5 pages
Project 2: Nations Behaving Badly
Start Here
Despite work that cyber management teams perform in regard
to systems design, network security protocols, hardware and
software maintenance, training, policies, implementation,
maintenance, and monitoring, breaches can and do occur. In this
project, you will work with a team of other cyber professionals
to analyze and respond to anomalous network activities.
The graded submission for Project 2 is a packaged deliverable
to the CISO about risk and network intrusion, to be completed
as a team. The deliverable to the CISO will include the
following five parts:
1. Cybersecurity Risk Assessment including Vulnerability
2. Incident Response Plan
3. Service-Level Agreement
4. FVEY Indicator Sharing Report
5. Final Forensic Report
The project will take 15 days to complete. After reading the
scenario below, proceed to Step 1, where you will establish
your team agreement plan.
The US reports data exfiltration has been detected in the IDS
(intrusion detection system). All nations will perform forensic
analysis and collect corroborating information to identify the
bad actor.
Prior to the summit, your nation team was tasked with setting
up its own independent secure comms network. Now, at 3 a.m.,
just hours before the summit begins, you receive a text message
from your CISO that reads: "I need to meet with the team
immediately about an urgent matter. Please come to the
conference room next to my hotel room now so we can discuss
You quickly dress and head to the conference room. When you
arrive, she breaks the news to your team: The nation hosting the
summit has detected data exfiltration in its IDS (intrusion
detection system). It is likely that this pattern of network traffic
could also result in buffer overflows or other attacks such as
denial of service. Each nation's server is at risk.
"The report shows that the pattern of network traffic is
anomalous," says the CISO. "And the point of origin is internal .
Someone at the summit is involved in this."
Given the nature of the summit, participants understand that
all nations have a common goal. "None of the FVEY members
would have done this," says a colleague. "It's got to be the
Russians or the Chinese. Friends don't read each other's mail."
The CISO says, "No one is above suspicion here. Our FVEY
partners have been known to both collect intelligence and seek
to embarrass other partners when it suited their strategic needs.
It could have been anyone. Until we know for sure, though, we
will continue to regard them as allies."
Leaders of the nations at the summit agree they all need to
perform forensic analysis on their respective systems to identify
the bad actor.
Your CISO continues. "Let's get to the bottom of this. We’re all
familiar with data exfiltration attacks; do you think
that's part of what we're dealing with here? Or do you think
there's more? Use our packet sniffing tools to analyze the
network traffic. Additionally, we need to identify attack vectors
and attributes. Give me any information you can find on the
tools, techniques, and the identity of this bad actor. Also,
establish an incident response plan that we can use in case of
another cyber event."
"Our systems went down due to this attack. We need to examine
the service-level agreement to see what it will take to get the
summit back up and running. After our analysis, we need to
quickly let our allies know how to protect their networks
through an indicator sharing report.
"Remember, no one is above suspicion—not even our allies. Got
Everyone nods in agreement. The CISO says, "Good. Now get to
work. I'm going to try to go back to sleep for a few hours."
When you submit your project, your work will be evaluated
using the competencies listed below. You can use the list below
to self-check your work before submission.
Your work will be evaluated using the competencies listed
· 2.2: Locate and access sufficient information to investigate the
issue or problem.
· 4.4: Demonstrate diversity and inclusiveness in a team setting.
· 5.3: Support policy decisions with the application of specific
cybersecurity technologies and standards.
· 5.8: Apply procedures, practices, and technologies for
protecting web servers, web users, and their surrounding
· 6.1: Knowledge of methods and procedures to protect
information systems and data by ensuring their availability,
authentication, confidentiality, and integrity.
· 8.1: Employ ethics when planning and conducting forensic
investigations, and when testifying in court.
· 8.2: Incorporate international issues including culture and
foreign language to plans for investigations.
Step 1
As a part of your nation(Canada) team, an agreement needs to
be established in order to work efficiently on each project.
Begin by revisiting your current team agreement document,
which includes a suggested schedule for project completion.
Update your team agreement with roles and assignments for this
project. Your team will use this document as a guide to
establish a plan for completing and submitting the group tasks.
When you have completed the plan, resubmit it for review in
the dropbox below.
Step 2Project 2: Nations Behaving Badly
Step 2: Identify Attack Vectors
You and your nation state have just suffered an intrusion attack.
As a cybersecurity professional, one of the first steps is to
identify potential attack vectors. For each known cybersecurity
vulnerability and known threats (addressing cybersecurity
threats through risk management, international cybersecurity
approaches, you and your team members need to identify attack
vectors via information systems hardware, information systems
software, operating systems (operating system fundamentals,
operating system protections), telecommunications
(internet governance), and human factors (intrusion
motives/hacker psychology). Then, you must determine if any
attribution is known for the threat actor most likely involved in
exploiting each weakness.
Review the materials on attack vectors if a refresher is needed.
Once you've identified the attack vectors in this step, you will
be able to participate in the next step, in which you will discuss
your findings with colleagues and compare the findings with
their analyses.
Step 3Project 2: Nations Behaving Badly
Step 3: Discuss Attack Vectors and Known Attribution
In light of your research in the last step, you will now use your
group’s discussion board to share your thoughts with other
members of your nation team. Review the findings of classmates
in your group, noting points of agreement or disagreement,
asking critical questions, and making suggestions for
improvement or further research.
You should research incidents of known attribution of
the hackers and actors who employ the attack vectors previously
discussed by your group. This step provides a variety of options
and perspectives for your group to consider when drafting the
Attack Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known
attribution, which will help you to discern the motivation for
intrusion as well as the identity of the hackers and actors who
employ the attack vectors noted.
Support Your Findings
Support your comments with evidence from your
research. Remember, the intent is to help your fellow team
members with critical questions, suggestions, and improvement
in a respectful and honest manner.
Step 4Project 2: Nations Behaving Badly
Step 4: Analyze Attack Vectors and Known Attribution
You've discussed attack vectors and attribution with your nation
state team members. In this step, your group will prepare
an Attack Vector and Attribution Analysis of your group's
findings in the previous steps. The analysis should first identify
all possible attack vectors via hardware, software, operating
systems, telecommunications, and human factors. Next, you
should discuss whether attribution is known for the threat actor
(hackers and actors) likely involved in exploiting each
weakness. Integrate supporting research via in-text citations and
a reference list. This analysis will play a key role in the
development of a Vulnerability Assessment
Matrix and Cybersecurity Risk Assessment in the next few
Step 5Project 2: Nations Behaving Badly
Step 5: Develop the Vulnerability Assessment Matrix
With the Attack Vector and Attribution Analysis complete, in
this step your nation team will assess the impact of identified
threats and prioritize the allocation of resources to mitigate or
prevent risks. As a group, you will collaborate to develop and
submit one Vulnerability Assessment Matrix for your nation.
This spreadsheet includes the following:
· characterization of current and emerging vulnerabilities and
threats (cybersecurity vulnerability)
· identification of the attack vector(s) employed
· your assessment (high, medium, or low) of the impact the
vulnerability could have on your organization
Submit your team's matrix for feedback. This matrix will be
included in the final project deliverable, the Cybersecurity Risk
In the next step, you and your nation team members will
conduct research on best practices and countermeasures for the
kind of attack your nation team sustained at the summit.
Step 6
Project 2: Nations Behaving Badly
Step 6: Research Industry Best Practices and Countermeasures
At this point, you and your team members have analyzed attack
vectors and used your research to construct a vulnerability
assessment matrix. The next step in the process of analyzing the
intrusion is to look at common practices and countermeasures
that can be used for the type of attack your team incurred at the
In this step, you and your team members will perform research
on current best practices for authentication, authorization, and
access control methods. You will also research possible
countermeasures and cyber offense strategies that may be
available. Review the materials on countermeasures and cyber
offensives/warfare if needed. This research will help you make
recommendations in the cybersecurity risk assessment, which
you develop in the next step. Approach your research with
transparency to support trust among your team. Review these
resources on risk assessment and risk assessment approaches to
prepare for the next step. The following links will provide you
with resources on industry standards and best practices:
· Security Operations
· Software Development Security
· Security Assessment and Testing
· Security Engineering
Step 7Project 2: Nations Behaving Badly
Step 7: Develop the Cybersecurity Risk Assessment
In this step, your team will prepare the Cybersecurity Risk
Assessment in the form of a PowerPoint presentation. This is
one of your three final deliverables, which you will submit for
feedback as a group, and then for individual assessment at the
end of the project.
The presentation should identify current measures for
authentication, authorization, and access control, and clearly
explain weaknesses in your organization's security (to include
people, technology, and policy) that could result in successful
exploitation of vulnerabilities and/or threats. The presentation
should conclude with recommendations (e.g., continue to accept
risks, accept some risks (identify them), mitigate some risks
(identify them), mitigate all risks, etc.). Include the attack
vector and attribution analysis, and the vulnerability matrix
from the previous steps. Don’t try to shoehorn every point into
your presentation. For guidance on creating presentations, refer
to the following:
· Creating and Delivering Professional Presentations
· Record a Slide Show with Narration and Slide Timings
· Converting PowerPoint and Uploading to YouTube
Submit your Cybersecurity Risk Assessment PowerPoint for
feedback by uploading it to YouTube. At the end of this project,
your team will submit the presentation in the form of a
YouTube link for grading.
Step 8
Project 2: Nations Behaving Badly
Step 8: Define Incident Response, Part 1
It's time to begin work on the next phase of the final analysis of
the intrusion, which will include an incident response plan.
Such a plan provides a method for containing the impact from a
cybersecurity incident. It includes a plan for file
recovery and remediation from an incident. All the actions will
start from the security baseline analysis, which has been defined
for all the nations' network topologies at the summit, using a
network security baseline analyzer.
Your nation team will work together to develop an eight- to 10-
page Incident Response Plan to use in the event of a cyber
incident. This is one of your three final deliverables, which you
will submit for feedback as a group, and then for individual
assessment at the end of the project.
Begin your first half of the plan by focusing on the
environmental conditions and coordination mechanisms.
1. roles and responsibilities
2. phases of incident response
3. scenario—provide an incident response plan in the case of
distributed data exfiltration attacks, specifically the case of loss
of communications
4. activities, authorities pertaining to roles and responsibilities
5. triggering conditions for actions
6. triggering conditions for closure
7. reports and products throughout the incident response activity
8. tools, techniques, and technologies
9. communications paths and parties involved
10. coordination paths and parties involved
11. external partners and stakeholders, and their place in the
coordination and communication paths
12. security controls and tracking
13. recovery objectives and priorities
Your team will continue working on the incident response plan
in the next step. You will consider the processes of an active
Step 9Project 2: Nations Behaving Badly
Step 9: Define Incident Response, Part 2
Your team in this step will continue developing the Incident
Response Plan. The second half of your report will focus on
events and processes of your active response plan. Include the
14. incident response checklist. Refer to the NIST Computer
Security Incident Handling Guide for an example.
15. data protection mechanisms
16. integrity controls (system integrity checks) after recovery
17. a plan to investigate the network behavior and a threat
bulletin that explains this activity
18. defined triggering mechanisms for continuing alerts and
notifications throughout the cyber incident
19. additional aspects of the incident response plan necessary to
contain a cyber incident on the international domain
20. diagrams of swim lanes of authorities, activities and process
flows, coordination and communication paths. Review the Swim
Lane Template to familiarize yourself with the concept of swim
lanes and swim lane diagrams.
You will complete your incident response plan in the next step.
Your incident response plan is critical in outlining your
activities during a cyberattack as well as providing direction for
Step 10roject 2: Nations Behaving Badly
Step 10: Execute Incident Response
The intrusion activity apparently is not over yet. The CIOs of
the nations are still detecting high-volume traffic on their
networks. Almost as soon as there is a surge in activity, network
functions and websites immediately become nonoperational.
Communications are also affected between the nation teams.
The CIOs have provided information on the anomalous activity
in the following lab.
Step 11Project 2: Nations Behaving Badly
Step 11: Analyze Cyber Defense Information
Take Note
This step includes a mandatory lab exercise. The teams should
work together on the exercise, relying on each other’s expertise
in the subject area of the exercise. The findings will be included
in your team’s Security Baseline Report.
The attack continues. Now the CIO reports high-volume activity
shutting down web access to the summit and to the attending
nations' government websites. In addition, the volume impact
has also caused latency in third-party websites whose processes
and data sharing are linked to the summit and to the nations'
government websites.
Your team now enters Workspace to analyze the .pcap files the
CIOs had provided. You will analyze the .pcap files to
understand some of the conditions that may have led to this
high-volume traffic, an apparent DoS attack.
Step 12Project 2: Nations Behaving Badly
Step 12: Share the Cyber Defense Information With Nations
Now that you have analyzed the .pcap contents, you and your
team of analysts will prepare mitigation (risk analysis and
mitigation) for this current attack as well as any future attacks.
You will also provide risk countermeasure implementation to
a data exfiltration attack. Compile these strategies in a FVEY
Indicator Sharing Report to be shared with your FVEY allies.
Include Snort rules signatures and prepare rules
for firewalls that would have prevented the data
exfiltration attack. Review these resources on intrusion
detection and prevention (IDS/IPS) systems and IDS/IPS
classification to refresh your understanding of communications
and network security, intrusion detection, and intrusion
Your report should include the following:
· other possible sources of vulnerabilities and best practices to
protect endpoints.
· indicators for data exfiltration.
· methods for protection in bring your own device
(BYOD) mobile security.
· an explanation of the importance of authorization and
authentication mechanisms like CAC-PIV card readers. Review
these resources on common access card (CAC) and multifactor
authentication technologies if you need a refresher.
· best practices for database protection (data loss prevention),
which serves as the backbone to information sharing and
communications. How can obfuscation and masking be used to
ensure database security?
You don't want to just build a wall and block everything. Your
team has conducted a risk assessment and developed an
approach. In your report, share the tools, methods, and the
actual net defenses your nation team has used.
In Project 1, your team identified the nations performing the
malicious activities. At this point, it is necessary to protect the
network and defend against the attacks. You must devise a plan
and pull from the suite of net defense tools available to you. For
intrusion detection and prevention, you must program rule sets
in firewalls.
Now that your nation team has identified the bad actors, your
nation will then build out Snort rules based on the traffic you
have analyzed to allow the permitted communications while
keeping out malicious traffic and activities.
Once your team has completed the sharing report, post it to the
FVEY discussion where other nation teams can view it.
Step 13Project 2: Nations Behaving Badly
Step 13: Evaluate and Execute the Data Exfiltration Service-
Level Agreement (SLA)
You've communicated the attack to your other nation teams,
your team has determined that all the nation teams were
under data exfiltration attack, and they sustained latency or
even unavailability of their networks. Now the CIOs have
directed that the service-level agreements (SLAs) be reviewed
on what the attack means to the cost and services rendered.
Technologically trained professionals increase their
marketability and hire-ability when they can demonstrate
business acumen as well as technical expertise. And with more
integrated environments following services on-demand
structures such as cloud computing, it is imperative that
cybersecurity professionals be able to assess if their
organization is getting what it paid for.
You may have determined a network topology for your nation
team, or you may have researched a network topology and are
using that to base your analysis, citing the researched
information using APA format. In these topologies, you will
research the operating system vulnerabilities (operating system
fundamentals, operating system protections). You will identify
requirements for operating system security to address these
You will then formulate a service-level agreement to mitigate
the vulnerabilities, particularly for data exfiltration activities.
Produce a three- to five-page Service-Level Agreement
(SLA) that you believe is best to serve the nation teams’
security protections. If you research sample SLAs, provide
· an agreement not to engage in testing data exfiltration without
notifying the internet service provider (ISP)
· metrics for availability
· bandwidth requirements
· monitoring from the ISP's network
· traffic reports to be received and access to ISP information on
net defense and best practices
· testing nation teams’ configurations by ISP
· other components needed to fulfill your nation team's
Perform an evaluation of the SLA that you created, and in a
checklist format, report on the performance of the ISP during
the data exfiltration attack. Conduct independent research if a
checklist example is needed. If you model your checklist after
an existing resource, cite and reference it using APA format.
Estimate costs of services or any compensation owed to the
nation team. Include written justification to the ISP for the
downtime due to data exfiltration. This evaluation is included in
the three- to five-page requirement.
In the next step, you will take on "packet sniffing" in the lab,
as you move to a digital forensics role in the investigation.
Step 14Project 2: Nations Behaving Badly
Step 14: Conduct Wireshark Packet Capture Analysis
It is time to help the CISO with the network intrusion. Your role
here is to assume responsibility of analyzing a network packet
capture file that was created during the network attack. You will
conduct packet sniffing with Wireshark to gather information
about the attacker, determine the resources that may have been
compromised during the attack, and how the attacker
compromised the resources.
The CISO and response team believe there were attempts to
scan the network for vulnerabilities and that an attacker may
have discovered and exploited a vulnerability on one of the
network servers. The attack may involve a brute-force password
attack followed by a data breach where the attacker was able to
download and read one or more files from a compromised
Your objectives are to identify the attacker, identify the
compromised server and service, identify the vulnerability that
was exploited, and determine what data was breached or stolen.
Your task is to enter Workspace and complete the Wireshark
Packet Capture Analysis. Complete the lab report, including all
answers to questions in the instructions linked below.
Step 15Project 2: Nations Behaving Badly
Step 15: Develop Final Forensic Report
There are many digital forensic tools and techniques available
to conduct an end-to-end forensic investigation. An end-to-end
investigation tracks all elements of an attack, including how the
attack began, what intermediate devices were used during the
attack, and who was attacked. A typical investigation will
involve visual analysis to statically review the contents of any
drives, as well as dynamically review logs, artifacts (strategies
for handling digital artifacts), and internet activity from the web
history associated with the breached network (web browser
The investigation concludes when the investigator examines all
of the information, he or she correlates all of the events and all
of the data from the various sources to get the whole picture,
and prepares reports and evidence in a forensically sound
In this scenario, you know that there has been an
attempted/successful intrusion on the network, and you have
completed the packet capture analysis using Wireshark. Your
task is to write a Final Forensic Report that summarizes
network forensics and the digital forensic tools and techniques
for analyzing network incidents. This report will include your
lab report from the previous step and should also be composed
of network attack techniques, network attack vectors, and a
comprehensive comparison of at least five tools used for
analyzing network intrusions. This report will conclude with a
recommendation for network administrators to meet the goals of
hardening the infrastructure and protecting private data on the
Submit the Final Forensic Report for review and feedback.
Step 16
Project 2: Nations Behaving Badly
Step 16: Deliver to Your CISO
As a synthesis of the previous steps in this project, you will
now submit the following for grading a packaged deliverable to
the CISO that contains the following:
1. Cybersecurity Risk Assessment including Vulnerability
2. Incident Response Plan
3. Service-Level Agreement
4. FVEY Indicator Sharing Report
5. Final Forensic Report
Based on the feedback you have received, you should
have revised the deliverables. Although many of these
deliverables were initially developed in a team setting, each
team member is responsible for submitting his or her own
documents for individual assessment.
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them in your work.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them. To view the
complete grading rubric, click My Tools, select Assignments
from the drop-down menu, and then click the project title.
· 2.2: Locate and access sufficient information to investigate the
issue or problem.
· 4.4: Demonstrate diversity and inclusiveness in a team setting.
· 5.3: Support policy decisions with the application of specific
cybersecurity technologies and standards.
· 5.8: Apply procedures, practices, and technologies for
protecting web servers, web users, and their surrounding
· 6.1: Knowledge of methods and procedures to protect
information systems and data by ensuring their availability,
authentication, confidentiality, and integrity.
· 8.1: Employ ethics when planning and conducting forensic
investigations, and when testifying in court.
· 8.2: Incorporate international issues including culture and
foreign language to plans for investigations.
Step 7: Analyze Key Elements of NIST Standards and Submit
the Team Report
You have analyzed the linkage between technologies and the
impacts of these relationships. Now, you will analyze the aspect
of National Institute of Standards and Technology (NIST)
standards for cloud computing as it affects your sector and
complete the team sector brief.
Write another brief, one to two pages, that addresses some of
the following questions:
· Is cloud computing a good "fit" for your industry?
· How does it benefit a cybersecurity solution?
· Should it apply across all industries?
Combine this information with the brief papers from the prior
steps to create a three- to five-page Team Sector Brief. Your
brief should also consider how your decisions might support
other sectors. Introduce this brief with the one-page overview of
your sector.

More Related Content

Similar to Deliverables Step-12 SLA 3-5 pages

You are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxYou are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxadampcarr67227
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfuzair
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project  (407422)Cyber Security DepartmentGraduation Project  (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfinfosec train
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
Sec 572 Effective Communication -
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication -
Sec 572 Effective Communication - tutorialrank.comBartholomew99
Sec 572 Education Organization /
Sec 572  Education Organization / snaptutorial.comSec 572  Education Organization /
Sec 572 Education Organization / snaptutorial.comBaileya109
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
SEC 572 Inspiring Innovation /
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation /
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
Sec 572 Education
Sec 572 Education Specialist-snaptutorial.comSec 572 Education
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.

Similar to Deliverables Step-12 SLA 3-5 pages (20)

You are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docxYou are a network analyst on the fly-away team for the FBIs cyberse.docx
You are a network analyst on the fly-away team for the FBIs cyberse.docx
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project  (407422)Cyber Security DepartmentGraduation Project  (407422)
Cyber Security DepartmentGraduation Project (407422)
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
Network Security
Network SecurityNetwork Security
Network Security
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Sec 572 Effective Communication -
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication -
Sec 572 Effective Communication -
Sec 572 Education Organization /
Sec 572  Education Organization / snaptutorial.comSec 572  Education Organization /
Sec 572 Education Organization /
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
SEC 572 Inspiring Innovation /
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation /
SEC 572 Inspiring Innovation /
Sec 572 Education
Sec 572 Education Specialist-snaptutorial.comSec 572 Education
Sec 572 Education
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise

More from LinaCovington707

ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxLinaCovington707
Essay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxEssay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxLinaCovington707
Essay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxEssay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxLinaCovington707
ESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxLinaCovington707
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxLinaCovington707
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxEpidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxLinaCovington707
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxEpidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxLinaCovington707
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxLinaCovington707
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxLinaCovington707
eproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxeproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxLinaCovington707
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxEnvisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxLinaCovington707
EnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxEnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxLinaCovington707
Environmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxEnvironmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxLinaCovington707
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxEnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxLinaCovington707
Ensuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxEnsuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxLinaCovington707
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxLinaCovington707
English EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxEnglish EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxLinaCovington707
Eng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxEng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxLinaCovington707
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxEnglish 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxLinaCovington707
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxLinaCovington707

More from LinaCovington707 (20)

ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docxESSAY #4In contrast to thinking of poor people as deserving of bei.docx
ESSAY #4In contrast to thinking of poor people as deserving of bei.docx
Essay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docxEssay # 3 Instructions Representations of War and Genocide .docx
Essay # 3 Instructions Representations of War and Genocide .docx
Essay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docxEssay 1 What is the role of the millennial servant leader on Capito.docx
Essay 1 What is the role of the millennial servant leader on Capito.docx
ESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docxESSAY #6Over the course of the quarter, you have learned to apply .docx
ESSAY #6Over the course of the quarter, you have learned to apply .docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docxErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
ErrorsKeyboarding ErrorsCapitlalization ErrorsAbbreviation err.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docxEpidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemiological ApplicationsDescribe how the concept of multifacto.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docxEpidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
Epidemic, Endemic, and Pandemic Occurrence of Disease(s)One aspect.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docxENVIRONMENTShould the US support initiatives that restrict carbo.docx
ENVIRONMENTShould the US support initiatives that restrict carbo.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docxePortfolio CompletionResourcesDiscussion Participation Scoring.docx
ePortfolio CompletionResourcesDiscussion Participation Scoring.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docxeproduction and Animal BehaviorReproduction Explain why asexually.docx
eproduction and Animal BehaviorReproduction Explain why asexually.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docxEnvisioning LeadershipIdentifying a challenge that evokes your pas.docx
Envisioning LeadershipIdentifying a challenge that evokes your pas.docx
EnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docxEnvironmentOur environment is really important. We need to under.docx
EnvironmentOur environment is really important. We need to under.docx
Environmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docxEnvironmental Awareness and Organizational Sustainability  Please .docx
Environmental Awareness and Organizational Sustainability  Please .docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docxEnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
EnterobacteriaceaeThe family Enterobacteriaceae contains some or.docx
Ensuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docxEnsuring your local region is prepared for any emergency is a comp.docx
Ensuring your local region is prepared for any emergency is a comp.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docxENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
ENG 2480 Major Assignment #3Essay #2 CharacterAnaly.docx
English EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docxEnglish EssayMLA format500 words or moreThis is Caue types of .docx
English EssayMLA format500 words or moreThis is Caue types of .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docxEng 2480 British Literature after 1790NameApplying Wilde .docx
Eng 2480 British Literature after 1790NameApplying Wilde .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docxEnglish 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
English 1C Critical Thinking Essay (6 - 6 12 pages, MLA 12pt font .docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docxENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx
ENGL 227World FictionEssay #2Write a 2-3 page essay (with work.docx

Recently uploaded

Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringDenish Jangid
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdfTelling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdfTechSoup
Basic_QTL_Marker-assisted_Selection_Sourabh.pptSourabh Kumar
How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17Celine George
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...sanghavirahi2
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfVivekanand Anglo Vedic Academy
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17Celine George
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticspragatimahajan3
2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptx2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptxmansk2
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General QuizPragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General QuizPragya - UEM Kolkata Quiz Club
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxbennyroshan06
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational ResourcesThe Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resourcesaileywriter
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...Sayali Powar
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsCol Mukteshwar Prasad
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...Abhinav Gaur Kaptaan
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePedroFerreira53928

Recently uploaded (20)

Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdfTelling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17
Mattingly "AI & Prompt Design: Limitations and Solutions with LLMs"
Mattingly "AI & Prompt Design: Limitations and Solutions with LLMs"Mattingly "AI & Prompt Design: Limitations and Solutions with LLMs"
Mattingly "AI & Prompt Design: Limitations and Solutions with LLMs"
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptx2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptx
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General QuizPragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational ResourcesThe Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resources
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...
Research Methods in Psychology | Cambridge AS Level | Cambridge Assessment In...
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service

Deliverables Step-12 SLA 3-5 pages

  • 1. Deliverables: Step-12 SLA 3-5 pages Project 2: Nations Behaving Badly Start Here Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities. The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan. The US reports data exfiltration has been detected in the IDS
  • 2. (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor. Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: "I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it." You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation's server is at risk. "The report shows that the pattern of network traffic is anomalous," says the CISO. "And the point of origin is internal . Someone at the summit is involved in this." Given the nature of the summit, participants understand that all nations have a common goal. "None of the FVEY members would have done this," says a colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's mail." The CISO says, "No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies." Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor. Your CISO continues. "Let's get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that's part of what we're dealing with here? Or do you think there's more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors
  • 3. and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event." "Our systems went down due to this attack. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report. "Remember, no one is above suspicion—not even our allies. Got it?" Everyone nods in agreement. The CISO says, "Good. Now get to work. I'm going to try to go back to sleep for a few hours." When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. Competencies Your work will be evaluated using the competencies listed below. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Step 1 As a part of your nation(Canada) team, an agreement needs to
  • 4. be established in order to work efficiently on each project. Begin by revisiting your current team agreement document, which includes a suggested schedule for project completion. Update your team agreement with roles and assignments for this project. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When you have completed the plan, resubmit it for review in the dropbox below. Step 2Project 2: Nations Behaving Badly Step 2: Identify Attack Vectors You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems (operating system fundamentals, operating system protections), telecommunications (internet governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness. Review the materials on attack vectors if a refresher is needed. Once you've identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses. Step 3Project 2: Nations Behaving Badly Step 3: Discuss Attack Vectors and Known Attribution In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
  • 5. You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step. This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion as well as the identity of the hackers and actors who employ the attack vectors noted. Support Your Findings Support your comments with evidence from your research. Remember, the intent is to help your fellow team members with critical questions, suggestions, and improvement in a respectful and honest manner. Step 4Project 2: Nations Behaving Badly Step 4: Analyze Attack Vectors and Known Attribution You've discussed attack vectors and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group's findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. Step 5Project 2: Nations Behaving Badly Step 5: Develop the Vulnerability Assessment Matrix With the Attack Vector and Attribution Analysis complete, in this step your nation team will assess the impact of identified threats and prioritize the allocation of resources to mitigate or prevent risks. As a group, you will collaborate to develop and
  • 6. submit one Vulnerability Assessment Matrix for your nation. This spreadsheet includes the following: · characterization of current and emerging vulnerabilities and threats (cybersecurity vulnerability) · identification of the attack vector(s) employed · your assessment (high, medium, or low) of the impact the vulnerability could have on your organization Submit your team's matrix for feedback. This matrix will be included in the final project deliverable, the Cybersecurity Risk Assessment. In the next step, you and your nation team members will conduct research on best practices and countermeasures for the kind of attack your nation team sustained at the summit. Step 6 Project 2: Nations Behaving Badly Step 6: Research Industry Best Practices and Countermeasures At this point, you and your team members have analyzed attack vectors and used your research to construct a vulnerability assessment matrix. The next step in the process of analyzing the intrusion is to look at common practices and countermeasures that can be used for the type of attack your team incurred at the summit. In this step, you and your team members will perform research on current best practices for authentication, authorization, and access control methods. You will also research possible countermeasures and cyber offense strategies that may be available. Review the materials on countermeasures and cyber offensives/warfare if needed. This research will help you make recommendations in the cybersecurity risk assessment, which you develop in the next step. Approach your research with transparency to support trust among your team. Review these resources on risk assessment and risk assessment approaches to prepare for the next step. The following links will provide you with resources on industry standards and best practices: · Security Operations · Software Development Security
  • 7. · Security Assessment and Testing · Security Engineering Step 7Project 2: Nations Behaving Badly Step 7: Develop the Cybersecurity Risk Assessment In this step, your team will prepare the Cybersecurity Risk Assessment in the form of a PowerPoint presentation. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. The presentation should identify current measures for authentication, authorization, and access control, and clearly explain weaknesses in your organization's security (to include people, technology, and policy) that could result in successful exploitation of vulnerabilities and/or threats. The presentation should conclude with recommendations (e.g., continue to accept risks, accept some risks (identify them), mitigate some risks (identify them), mitigate all risks, etc.). Include the attack vector and attribution analysis, and the vulnerability matrix from the previous steps. Don’t try to shoehorn every point into your presentation. For guidance on creating presentations, refer to the following: · Creating and Delivering Professional Presentations · Record a Slide Show with Narration and Slide Timings · Converting PowerPoint and Uploading to YouTube Submit your Cybersecurity Risk Assessment PowerPoint for feedback by uploading it to YouTube. At the end of this project, your team will submit the presentation in the form of a YouTube link for grading. Step 8 Project 2: Nations Behaving Badly Step 8: Define Incident Response, Part 1 It's time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will
  • 8. start from the security baseline analysis, which has been defined for all the nations' network topologies at the summit, using a network security baseline analyzer. Your nation team will work together to develop an eight- to 10- page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project. Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include: 1. roles and responsibilities 2. phases of incident response 3. scenario—provide an incident response plan in the case of distributed data exfiltration attacks, specifically the case of loss of communications 4. activities, authorities pertaining to roles and responsibilities 5. triggering conditions for actions 6. triggering conditions for closure 7. reports and products throughout the incident response activity 8. tools, techniques, and technologies 9. communications paths and parties involved 10. coordination paths and parties involved 11. external partners and stakeholders, and their place in the coordination and communication paths 12. security controls and tracking 13. recovery objectives and priorities Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response. Step 9Project 2: Nations Behaving Badly Step 9: Define Incident Response, Part 2 Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
  • 9. 14. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example. 15. data protection mechanisms 16. integrity controls (system integrity checks) after recovery 17. a plan to investigate the network behavior and a threat bulletin that explains this activity 18. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident 19. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain 20. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams. You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery. Step 10roject 2: Nations Behaving Badly Step 10: Execute Incident Response The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams. The CIOs have provided information on the anomalous activity in the following lab. Step 11Project 2: Nations Behaving Badly Step 11: Analyze Cyber Defense Information Take Note This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each other’s expertise in the subject area of the exercise. The findings will be included in your team’s Security Baseline Report. The attack continues. Now the CIO reports high-volume activity
  • 10. shutting down web access to the summit and to the attending nations' government websites. In addition, the volume impact has also caused latency in third-party websites whose processes and data sharing are linked to the summit and to the nations' government websites. Your team now enters Workspace to analyze the .pcap files the CIOs had provided. You will analyze the .pcap files to understand some of the conditions that may have led to this high-volume traffic, an apparent DoS attack. Step 12Project 2: Nations Behaving Badly Step 12: Share the Cyber Defense Information With Nations Now that you have analyzed the .pcap contents, you and your team of analysts will prepare mitigation (risk analysis and mitigation) for this current attack as well as any future attacks. You will also provide risk countermeasure implementation to a data exfiltration attack. Compile these strategies in a FVEY Indicator Sharing Report to be shared with your FVEY allies. Include Snort rules signatures and prepare rules for firewalls that would have prevented the data exfiltration attack. Review these resources on intrusion detection and prevention (IDS/IPS) systems and IDS/IPS classification to refresh your understanding of communications and network security, intrusion detection, and intrusion prevention. Your report should include the following: · other possible sources of vulnerabilities and best practices to protect endpoints. · indicators for data exfiltration. · methods for protection in bring your own device (BYOD) mobile security. · an explanation of the importance of authorization and authentication mechanisms like CAC-PIV card readers. Review these resources on common access card (CAC) and multifactor authentication technologies if you need a refresher. · best practices for database protection (data loss prevention), which serves as the backbone to information sharing and
  • 11. communications. How can obfuscation and masking be used to ensure database security? You don't want to just build a wall and block everything. Your team has conducted a risk assessment and developed an approach. In your report, share the tools, methods, and the actual net defenses your nation team has used. In Project 1, your team identified the nations performing the malicious activities. At this point, it is necessary to protect the network and defend against the attacks. You must devise a plan and pull from the suite of net defense tools available to you. For intrusion detection and prevention, you must program rule sets in firewalls. Now that your nation team has identified the bad actors, your nation will then build out Snort rules based on the traffic you have analyzed to allow the permitted communications while keeping out malicious traffic and activities. Once your team has completed the sharing report, post it to the FVEY discussion where other nation teams can view it. Step 13Project 2: Nations Behaving Badly Step 13: Evaluate and Execute the Data Exfiltration Service- Level Agreement (SLA) You've communicated the attack to your other nation teams, your team has determined that all the nation teams were under data exfiltration attack, and they sustained latency or even unavailability of their networks. Now the CIOs have directed that the service-level agreements (SLAs) be reviewed on what the attack means to the cost and services rendered. Technologically trained professionals increase their marketability and hire-ability when they can demonstrate business acumen as well as technical expertise. And with more integrated environments following services on-demand structures such as cloud computing, it is imperative that cybersecurity professionals be able to assess if their organization is getting what it paid for. You may have determined a network topology for your nation team, or you may have researched a network topology and are
  • 12. using that to base your analysis, citing the researched information using APA format. In these topologies, you will research the operating system vulnerabilities (operating system fundamentals, operating system protections). You will identify requirements for operating system security to address these vulnerabilities. You will then formulate a service-level agreement to mitigate the vulnerabilities, particularly for data exfiltration activities. Produce a three- to five-page Service-Level Agreement (SLA) that you believe is best to serve the nation teams’ security protections. If you research sample SLAs, provide citations. Include: · an agreement not to engage in testing data exfiltration without notifying the internet service provider (ISP) · metrics for availability · bandwidth requirements · monitoring from the ISP's network · traffic reports to be received and access to ISP information on net defense and best practices · testing nation teams’ configurations by ISP · other components needed to fulfill your nation team's requirements Perform an evaluation of the SLA that you created, and in a checklist format, report on the performance of the ISP during the data exfiltration attack. Conduct independent research if a checklist example is needed. If you model your checklist after an existing resource, cite and reference it using APA format. Estimate costs of services or any compensation owed to the nation team. Include written justification to the ISP for the downtime due to data exfiltration. This evaluation is included in the three- to five-page requirement. In the next step, you will take on "packet sniffing" in the lab, as you move to a digital forensics role in the investigation. Step 14Project 2: Nations Behaving Badly Step 14: Conduct Wireshark Packet Capture Analysis
  • 13. It is time to help the CISO with the network intrusion. Your role here is to assume responsibility of analyzing a network packet capture file that was created during the network attack. You will conduct packet sniffing with Wireshark to gather information about the attacker, determine the resources that may have been compromised during the attack, and how the attacker compromised the resources. The CISO and response team believe there were attempts to scan the network for vulnerabilities and that an attacker may have discovered and exploited a vulnerability on one of the network servers. The attack may involve a brute-force password attack followed by a data breach where the attacker was able to download and read one or more files from a compromised server. Your objectives are to identify the attacker, identify the compromised server and service, identify the vulnerability that was exploited, and determine what data was breached or stolen. Your task is to enter Workspace and complete the Wireshark Packet Capture Analysis. Complete the lab report, including all answers to questions in the instructions linked below. Step 15Project 2: Nations Behaving Badly Step 15: Develop Final Forensic Report There are many digital forensic tools and techniques available to conduct an end-to-end forensic investigation. An end-to-end investigation tracks all elements of an attack, including how the attack began, what intermediate devices were used during the attack, and who was attacked. A typical investigation will involve visual analysis to statically review the contents of any drives, as well as dynamically review logs, artifacts (strategies for handling digital artifacts), and internet activity from the web history associated with the breached network (web browser forensics). The investigation concludes when the investigator examines all of the information, he or she correlates all of the events and all of the data from the various sources to get the whole picture, and prepares reports and evidence in a forensically sound
  • 14. manner. In this scenario, you know that there has been an attempted/successful intrusion on the network, and you have completed the packet capture analysis using Wireshark. Your task is to write a Final Forensic Report that summarizes network forensics and the digital forensic tools and techniques for analyzing network incidents. This report will include your lab report from the previous step and should also be composed of network attack techniques, network attack vectors, and a comprehensive comparison of at least five tools used for analyzing network intrusions. This report will conclude with a recommendation for network administrators to meet the goals of hardening the infrastructure and protecting private data on the network. Submit the Final Forensic Report for review and feedback. Step 16 Project 2: Nations Behaving Badly Step 16: Deliver to Your CISO As a synthesis of the previous steps in this project, you will now submit the following for grading a packaged deliverable to the CISO that contains the following: 1. Cybersecurity Risk Assessment including Vulnerability Matrix 2. Incident Response Plan 3. Service-Level Agreement 4. FVEY Indicator Sharing Report 5. Final Forensic Report Based on the feedback you have received, you should have revised the deliverables. Although many of these deliverables were initially developed in a team setting, each team member is responsible for submitting his or her own documents for individual assessment. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
  • 15. Check Your Evaluation Criteria Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title. · 2.2: Locate and access sufficient information to investigate the issue or problem. · 4.4: Demonstrate diversity and inclusiveness in a team setting. · 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards. · 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. · 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity. · 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court. · 8.2: Incorporate international issues including culture and foreign language to plans for investigations. Deliverable: Step 7: Analyze Key Elements of NIST Standards and Submit the Team Report You have analyzed the linkage between technologies and the impacts of these relationships. Now, you will analyze the aspect of National Institute of Standards and Technology (NIST) standards for cloud computing as it affects your sector and complete the team sector brief. Write another brief, one to two pages, that addresses some of the following questions:
  • 16. · Is cloud computing a good "fit" for your industry? · How does it benefit a cybersecurity solution? · Should it apply across all industries? Combine this information with the brief papers from the prior steps to create a three- to five-page Team Sector Brief. Your brief should also consider how your decisions might support other sectors. Introduce this brief with the one-page overview of your sector.