The cios have provided information on the anomalous activity. enter

 

Despite all of the work that a cyber management team may do with respect to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities.

The graded deliverable for Project 2 is a packaged deliverable to the CISO of the risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:

  1. Cybersecurity Risk Assessment including Vulnerability Matrix
  2. Incident Response Plan
  3. Service-Level Agreement
  4. FVEY Indicator Sharing Report
  5. Final Forensic Report

The project should take about 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan.

Map of world with key cities marked in the United States, Europe, and Africa. Lines are drawn between cities to show cyber attacks.

The US reports exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify who was the bad actor.

Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: “I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it.”

You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could result in buffer overflows or other vulnerabilities such as denial of service. Each nation’s server is at risk.

“The report shows that the pattern of network traffic is anomalous,” says the CISO. “And the point of origin is internal. Someone at the summit is involved in this.”

Given the nature of the summit, participants understand that all nations are allied and have a common goal. “None of the FVEY members would have done this,” says a colleague. “It’s got to be the Russians or the Chinese. Friends don’t read each other’s mail.”

The CISO says, “No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies.”

Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.

Your CISO continues. “Let’s get to the bottom of this. We’re all familiar with DDoS attacks; do you think that’s what we’re dealing with here? Or do you think there’s more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event.”

“Our systems went down due to this DDoS. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.

“Remember, no one is above suspicion—not even our allies. Got it?”

Everyone nods in agreement. The CISO says, “Good. Now get to work. I’m going to try to go back to sleep for a few hours.”

COMPETENCIES

Your work will be evaluated using the competencies listed below.

2.2: Locate and access sufficient information to investigate the issue or problem.

4.4: Demonstrate diversity and inclusiveness in a team setting.

5.3: Support policy decisions with the application of specific cybersecurity technologies and standards.

8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court.

8.2: Incorporate international issues including culture and foreign language to plans for investigations.

5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations.

6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity.

My Areas of the project

1. You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk managementinternational cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardwareinformation systems software, operating systems (operating systems fundamentalsoperating system protections), telecommunications (Internet Governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.

Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.

In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.

You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.

This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion and the identity of the hackers and actors who employ the attack vectors noted.

You’ve discussed attack vector and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team member should submit the analysis to the dropbox below.

Submission for Group 4: Project 2: Attack Vector and Attribution Analysis

2.

It’s time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will start from the security baseline analysis, which has been defined for all the nations’ network topologies at the summit, using a network security baseline analyzer.

Your nation team will work together to develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project.

Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include:

  1. roles and responsibilities
  2. phases of incident response
  3. scenario: provide an incident response plan in the case of distributed denial-of-service (DDoS) attacks, specifically the case of loss of communications
  4. activities, authorities pertaining to roles and responsibilities
  5. triggering conditions for actions
  6. triggering conditions for closure
  7. reports and products throughout the incident response activity
  8. tools, techniques, and technologies
  9. communications paths and parties involved
  10. coordination paths and parties involved
  11. external partners and stakeholders, and their place in the coordination and communication paths
  12. security controls and tracking
  13. recovery objectives and priorities

Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams.

The CIOs have provided information on the anomalous activity. Enter Workspace to obtain the lab materials describing the network traffic activity.

After obtaining and reviewing the lab materials, collaborate with your nation team to decide the next course of action as determined by the eight- to 10-page Incident Response Plan you’ve been developing. Include an analysis of the lab materials, describing your findings. Provide this information with your Incident Response Plan, which is one of three final deliverables in this project.

Once your team has completed the response plan, a designated team member should submit it for review and feedback. The Incident Response Plan is one of your three final deliverables, which you will submit for feedback as a group, then for individual assessment at the end of the project.

Submission for Group 4: Project 2: Incident Response Plan

My Areas of the project

1. You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk managementinternational cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardwareinformation systems software, operating systems (operating systems fundamentalsoperating system protections), telecommunications (Internet Governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.

Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.

In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.

You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.

This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion and the identity of the hackers and actors who employ the attack vectors noted.

You’ve discussed attack vector and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team member should submit the analysis to the dropbox below.

Submission for Group 4: Project 2: Attack Vector and Attribution Analysis

2.

It’s time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will start from the security baseline analysis, which has been defined for all the nations’ network topologies at the summit, using a network security baseline analyzer.

Your nation team will work together to develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project.

Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include:

  1. roles and responsibilities
  2. phases of incident response
  3. scenario: provide an incident response plan in the case of distributed denial-of-service (DDoS) attacks, specifically the case of loss of communications
  4. activities, authorities pertaining to roles and responsibilities
  5. triggering conditions for actions
  6. triggering conditions for closure
  7. reports and products throughout the incident response activity
  8. tools, techniques, and technologies
  9. communications paths and parties involved
  10. coordination paths and parties involved
  11. external partners and stakeholders, and their place in the coordination and communication paths
  12. security controls and tracking
  13. recovery objectives and priorities

Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:

  1. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
  2. data protection mechanisms
  3. integrity controls (system integrity checks) after recovery
  4. a plan to investigate the network behavior and a threat bulletin that explains this activity
  5. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
  6. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
  7. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.

You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.

The intrusion activity apparently is not over yet. The CIOs of the nations are still detecting high-volume traffic on their networks. Almost as soon as there is a surge in activity, network functions and websites immediately become nonoperational. Communications are also affected between the nation teams.

The CIOs have provided information on the anomalous activity. Enter Workspace to obtain the lab materials describing the network traffic activity.

After obtaining and reviewing the lab materials, collaborate with your nation team to decide the next course of action as determined by the eight- to 10-page Incident Response Plan you’ve been developing. Include an analysis of the lab materials, describing your findings. Provide this information with your Incident Response Plan, which is one of three final deliverables in this project.

Once your team has completed the response plan, a designated team member should submit it for review and feedback. The Incident Response Plan is one of your three final deliverables, which you will submit for feedback as a group, then for individual assessment at the end of the project.

Submission for Group 4: Project 2: Incident Response Plan

Calculate your paper price
Pages (550 words)
Approximate price: -

Why Choose Us

Quality Papers

We value our clients. For this reason, we ensure that each paper is written carefully as per the instructions provided by the client. Our editing team also checks all the papers to ensure that they have been completed as per the expectations.

Professional Academic Writers

Over the years, our Acme Homework has managed to secure the most qualified, reliable and experienced team of writers. The company has also ensured continued training and development of the team members to ensure that it keep up with the rising Academic Trends.

Affordable Prices

Our prices are fairly priced in such a way that ensures affordability. Additionally, you can get a free price quotation by clicking on the "Place Order" button.

On-Time delivery

We pay strict attention on deadlines. For this reason, we ensure that all papers are submitted earlier, even before the deadline indicated by the customer. For this reason, the client can go through the work and review everything.

100% Originality

At Papers Owl, all papers are plagiarism-free as they are written from scratch. We have taken strict measures to ensure that there is no similarity on all papers and that citations are included as per the standards set.

Customer Support 24/7

Our support team is readily available to provide any guidance/help on our platform at any time of the day/night. Feel free to contact us via the Chat window or support email: support@acmehomework.com.

Try it now!

Calculate the price of your order

We'll send you the first draft for approval by at
Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Papers Owl has stood as the world’s leading custom essay writing services providers. Once you enter all the details in the order form under the place order button, the rest is up to us.

Essays

Essay Writing Services

At Papers Owl, we prioritize on all aspects that bring about a good grade such as impeccable grammar, proper structure, zero-plagiarism and conformance to guidelines. Our experienced team of writers will help you completed your essays and other assignments.

Admissions

Admission and Business Papers

Be assured that you’ll definitely get accepted to the Master’s level program at any university once you enter all the details in the order form. We won’t leave you here; we will also help you secure a good position in your aspired workplace by creating an outstanding resume or portfolio once you place an order.

Editing

Editing and Proofreading

Our skilled editing and writing team will help you restructure you paper, paraphrase, correct grammar and replace plagiarized sections on your paper just on time. The service is geared toward eliminating any mistakes and rather enhancing better quality.

Coursework

Technical papers

We have writers in almost all fields including the most technical fields. You don’t have to worry about the complexity of your paper. Simply enter as much details as possible in the place order section.

error: Content is protected !!