SlideShare a Scribd company logo

ISE 510 Final Project Guidelines and Rubric Overview The fi.docx

Download as DOCX, PDF
A
aryan532920

The final project for the course involves conducting an analysis of a security breach that has occurred at Limetree Inc., a research firm focused on healthcare and biotechnology, and providing recommendations for improving security measures. Students will take on the role of risk assessment experts, evaluating incident response processes, impacts of applicable regulations, and developing a security test plan and controls to prevent future breaches. The project is structured over three milestones leading to a comprehensive final submission that reflects learned skills and addresses critical security elements.

Education
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
ISE 510 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a security breach analysis and recommendations. The relevance of risk assessment cannot be overemphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Organizations seek to understand their compliance status for current regulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploited. For your final project, you will analyze an information security breach that has already occurred. This will place you in the role of a risk assessment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such roles will continue to gain relevance as organizations and governments continue to move sensitive financial information, personal health information (PHI), and personally identifiable information (PII) across publicly accessible networks and storage devices. For the final project for this course, you will analyze an information security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec) you will play in Module Three. In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach, and applicable regulations to the organization. Then, you will
develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur. The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven. The final product will be submitted in Module Nine. This assessment addresses the following course outcomes: through analysis of security breaches in ensuring business continuity in support of organizational goals information security of organizations test plans for networks, applications, or physical security assessment projects based on established cybersecurity standards website, and network vulnerabilities uce the impact of organizational culture and communication challenges that could affect cybersecurity risk assessment in a diversified world Prompt Your security breach analysis and recommendations should answer the following prompt: Using your Final Project Scenario and gameplay from the educational video game Agent Surefire: InfoSec that you will complete in Module Three, analyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and
recommendations that reduce the impact of organizational culture and communication challenges. Specifically, the following critical elements must be addressed: I. Introduction: Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your profile, you could consider the industry in which the business or organization operates and the product or service that is the focus, for example. II. II. Security Breach: In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breach and explaining how the breach occurred. Specifically, you should: A. Attack Location: Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For example, was the network attacked? Or was the company website hacked? B. Attack Method and Tools: Analyze the security breach to determine the method and tools that were used to effect the attack. In other words, how did the attack occur? C. Vulnerabilities: Based on your analysis, what vulnerabilities of the business or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer? III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach. Specifically, you should: A. Actions: What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business or organization do to address the vulnerabilities and resume normal system operations after the breach? B. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to
resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals? IV. Impact: In this section, you will discuss the possible impacts of applicable cybersecurity regulations to the business or organization. Specifically, you should: A. Application: Describe the government and industry regulations that apply to the business or organization in relation to the security breach. For example, what legislation, directives, and policies relate to the security breach? B. Impact: How do these regulations impact the business or organization and its information security? Support your response with specific examples. C. Financial and Legal Implications: Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example? V. Security Test Plan: In this section, you will develop a security test plan for the breached system, basing your plan on your analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST). Specifically, you should: A. Scope: Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed? B. Resources: Document the resources required for the risk assessment. In other words, what do you need to actually do the assessment? C. Hardware and Software: Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing?
D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created. VI. Risk Mitigation: In this section, you will create security controls to ensure that the breach will not reoccur. Specifically, you should: A. Security Controls: Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. These controls can be technical, administrative, or personnel security controls, for example. B. Vulnerabilities: How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities? C. Evaluation: What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated? VII. Conclusion: In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Specifically, you should: A. Communication: Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved? B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization. C. Recommendations: What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments? Milestones Milestone One: Kickoff Agenda In Module Three, you will submit a kickoff agenda. This milestone will be graded with the Milestone One Rubric. Milestone Two: Test Plan In Module Five, you will submit a test plan. This milestone will be graded with the Milestone Two
Rubric. Milestone Three: Incident Response Plan In Module Seven, you will submit an incident response plan. This milestone will be graded with the Milestone Three Rubric. Final Submission: Security Breach Analysis and Recommendations In Module Nine, you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. It should also be structured to follow the outline presented in the Prompt. This submission will be graded with the Final Project Rubric (below). ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations. Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes: Hardware/Software: Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat Applications/Databases: Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment. Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month. SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points. Configuration Highlights: Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to. Managed switches – There is no logging of network activities on any of the switches. Web server – Public-facing web server is part of the LAN. This
is where internet users get needed information on the company. The web servers are running the following services in addition: File & Print Services, Telnet, IIS. Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event. The following files types are allowed for inbound connection: EXE, DOC, XML, VBS. In addition, Telnet and FTP are allowed for inbound connection. Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year. Network configuration changes are determined by the IT manager and users are notified immediately once the changes are implemented. Documentation: I. There is no documented security policy, or computer use policy. II. II. There is no documented process for changes to the system. III. III. There is no contingency plan. System Backup: I. Backup is conducted daily by the network administrator, and tapes are kept safely in the computer room. Personnel/Physical Security: I. While users are not trained on security awareness, emails go out every month from the system administrator warning users of emerging threat. II. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices. III. III. Remote employees connect via virtual private network. Their laptops are configured exactly as the desktops in the office with unencrypted hard drives. IV. IV. Often users are allowed to bring in their own laptops, connect to corporate system, and complete their tasks, especially if they are having issues with laptops provided by the company.
Incident Response: At Limetree Inc., systems administrators are notified of computer incidents, and the administrators escalate to the IT manager, who reports incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents, even though Limetree Inc. has experienced quite a few. Corrective measures are taken immediately after an incident, though none of the measures was ever documented. ISE 510 Security Risk Analysis & Plan Security Breach Analysis and Recommendations Milestone 3: Incident Response Plan <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to MS#3_LAST_FIRST A few comments up front: -- After fixing any of my comments to this paper, it should be used, with minor modifications, for the FINAL PROJECT. -- Download and use this publication: Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (rev 2). Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-61r2.pdf -- Other resources that will be helpful: Valentin, J. (2013). Building an incident response team and IR process. Retrieved from http://resources.infosecinstitute.com/building-an-incident- response-team-and-ir-process/ SEI (n.d.) Create a CSIRT. Retrieved from http://www.cert.org/incident-management/products- services/creating-a-csirt.cfm Wright, C. (2011). Incident handler's handbook. Retrieved from https://www.sans.org/reading- room/whitepapers/incident/incident-handlers-handbook-33901 ========================================== Incident Response Plan Purpose Identify the purpose of the Incident Response Plan. Roles and Responsibilities of the Incident Response Plan Clearly identify and describe the roles and responsibilities in Limetree – you are allowed to make up roles typical to a medium sized company. (Hint: use one of the references listed above) Examples of Incidents at Limetree a) Give the definition of an ‘incident’ and b) give exactly 5 examples from Limetree. This can be a bulleted list with short descriptions. Pull the examples from Agent Surefire Game or Breach description. The examples should be diverse; don’t give two examples of the same incident type.
Current Incident Response Plan at Limetree Give a brief description of the current IR plan Proposed Incident Response Plan at Limetree: In each of the below phases, describe what Limetree should be doing, either proactively or during an active security breach, to enhance their Incident response. Don’t explain in generalities, be specific to Limetree. 1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery 6) Lessons Learned The Incident Response Process: Describe how the Incident Response process works from Preparation, the discovery of a new incident, all the way through Lessons Learned. This must include business recovery process – step 5 above. A process flow diagram is required for “Exemplary Score”. Drawings can be made in Visio, PowerPoint, or inserting shapes directly from Word. Hint: I usually prepare the process flow in a separate word document and then screen capture and paste into the final paper (as opposed to trying to insert shapes from scratch). References As academic practitioners, I’d recommend over 3 references (preferably over 5) placed here. I’d like you to “up your game” in the area of APA references. Remember, you’re experienced Graduate School students, and as such, you should be equipped to handle investigating strong academic papers and resources.
3

More Related Content

DOCX
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
DOCX
Cmgt 582 Effective Communication / snaptutorial.com
HarrisGeorg12
 
DOCX
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
DOCX
Cmgt 582 Education Specialist -snaptutorial.com
DavisMurphyC37
 
PDF
Cmgt 400 cmgt400
GOODCourseHelp
 
DOCX
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
KeatonJennings98
 
DOCX
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
 
DOCX
Many companies and agencies conduct IT audits to test and assess the.docx
tienboileau
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
Cmgt 582 Effective Communication / snaptutorial.com
HarrisGeorg12
 
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
Cmgt 582 Education Specialist -snaptutorial.com
DavisMurphyC37
 
Cmgt 400 cmgt400
GOODCourseHelp
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
KeatonJennings98
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
 
Many companies and agencies conduct IT audits to test and assess the.docx
tienboileau
 

Similar to ISE 510 Final Project Guidelines and Rubric Overview The fi.docx (20)

DOCX
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
lefrancoishazlett
 
DOCX
Term Paper The Rookie Chief Information Security OfficerThis assi.docx
jacqueliner9
 
DOCX
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
PDF
2019 SANS Holiday Hack Challenge Deliverable
Curtis Brazzell
 
DOCX
Project 1Create an application that displays payroll informatio.docx
briancrawford30935
 
PPTX
Cyber Security Audit and Information Security.pptx
alamba570
 
DOCX
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 
DOCX
CMGT 400 Entire Course NEW
shyamuopfive
 
DOCX
Cmgt 400 Entire Course NEW
shyamuop
 
DOC
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
DOC
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
DOC
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
DOCX
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
DOCX
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
PDF
It Security Audit Process
Ram Srivastava
 
PDF
Module 2 - Cybersecurity On the Defense.pdf
Humphrey Humphrey
 
DOCX
Assignment ContentYou are part of a team selected by the C.docx
lesleyryder69361
 
DOCX
Assignment ContentYou are part of a team selected by the Chi.docx
lesleyryder69361
 
PPTX
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
DOCX
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
lefrancoishazlett
 
Term Paper The Rookie Chief Information Security OfficerThis assi.docx
jacqueliner9
 
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
2019 SANS Holiday Hack Challenge Deliverable
Curtis Brazzell
 
Project 1Create an application that displays payroll informatio.docx
briancrawford30935
 
Cyber Security Audit and Information Security.pptx
alamba570
 
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 
CMGT 400 Entire Course NEW
shyamuopfive
 
Cmgt 400 Entire Course NEW
shyamuop
 
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
It Security Audit Process
Ram Srivastava
 
Module 2 - Cybersecurity On the Defense.pdf
Humphrey Humphrey
 
Assignment ContentYou are part of a team selected by the C.docx
lesleyryder69361
 
Assignment ContentYou are part of a team selected by the Chi.docx
lesleyryder69361
 
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
Ad

More from aryan532920 (20)

DOCX
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
aryan532920
 
DOCX
According to the text, crime has been part of the human condition si.docx
aryan532920
 
DOCX
According to Ronald Story and Bruce Laurie, The dozen years between.docx
aryan532920
 
DOCX
According to Kirk (2016), most of your time will be spent work with .docx
aryan532920
 
DOCX
According to the Council on Social Work Education, Competency 5 Eng.docx
aryan532920
 
DOCX
According to Kirk (2016), most of our time will be spent working.docx
aryan532920
 
DOCX
According to Kirk (2016), most of your time will be spent working wi.docx
aryan532920
 
DOCX
According to Davenport (2014) the organizational value of healthcare.docx
aryan532920
 
DOCX
According to the authors, privacy and security go hand in hand; .docx
aryan532920
 
DOCX
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
aryan532920
 
DOCX
According to Klein (2016), using ethical absolutism and ethical .docx
aryan532920
 
DOCX
According to Franks and Smallwood (2013), information has become.docx
aryan532920
 
DOCX
According to the Council on Social Work Education, Competency 5.docx
aryan532920
 
DOCX
According to the authors, privacy and security go hand in hand; and .docx
aryan532920
 
DOCX
According to recent surveys, China, India, and the Philippines are t.docx
aryan532920
 
DOCX
According to the authors, countries that lag behind the rest of the .docx
aryan532920
 
DOCX
According to Peskin et al. (2013) in our course reader, Studies on .docx
aryan532920
 
DOCX
According to Franks and Smallwood (2013), information has become the.docx
aryan532920
 
DOCX
According to Ang (2011), how is Social Media management differen.docx
aryan532920
 
DOCX
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
aryan532920
 
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
aryan532920
 
According to the text, crime has been part of the human condition si.docx
aryan532920
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
aryan532920
 
According to Kirk (2016), most of your time will be spent work with .docx
aryan532920
 
According to the Council on Social Work Education, Competency 5 Eng.docx
aryan532920
 
According to Kirk (2016), most of our time will be spent working.docx
aryan532920
 
According to Kirk (2016), most of your time will be spent working wi.docx
aryan532920
 
According to Davenport (2014) the organizational value of healthcare.docx
aryan532920
 
According to the authors, privacy and security go hand in hand; .docx
aryan532920
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
aryan532920
 
According to Klein (2016), using ethical absolutism and ethical .docx
aryan532920
 
According to Franks and Smallwood (2013), information has become.docx
aryan532920
 
According to the Council on Social Work Education, Competency 5.docx
aryan532920
 
According to the authors, privacy and security go hand in hand; and .docx
aryan532920
 
According to recent surveys, China, India, and the Philippines are t.docx
aryan532920
 
According to the authors, countries that lag behind the rest of the .docx
aryan532920
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
aryan532920
 
According to Franks and Smallwood (2013), information has become the.docx
aryan532920
 
According to Ang (2011), how is Social Media management differen.docx
aryan532920
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
aryan532920
 
Ad

Recently uploaded (20)

PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
advance database management system book.pdf
hinamannan364
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PDF
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PPTX
Unit 4 Skeletal System.ppt.pptxopresentatiom
umair817123
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
advance database management system book.pdf
hinamannan364
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
RMMM.pdf make it easy to upload and study
sajedul2
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
Lesson notes of climatology university.
sgladness67
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
Unit 4 Skeletal System.ppt.pptxopresentatiom
umair817123
 

ISE 510 Final Project Guidelines and Rubric Overview The fi.docx

  • 1. ISE 510 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a security breach analysis and recommendations. The relevance of risk assessment cannot be overemphasized as organizations establish or reaffirm their security posture, especially in the wake of overwhelming computer security breaches at many organizations in the United States and around the world, including government agencies. Organizations seek to understand their compliance status for current regulations as well as their vulnerability in order to adopt a proper approach to manage risks. It is equally important to conduct a risk assessment after a system breach has occurred to better understand the threats and the vulnerabilities exploited. For your final project, you will analyze an information security breach that has already occurred. This will place you in the role of a risk assessment expert, coming in to determine how the breach occurred and develop strategies to mitigate against the breach reoccurring. Risk assessment experts can fill the positions of penetration testers, information security auditors, and independent verification and validation analysts, for example. Such roles will continue to gain relevance as organizations and governments continue to move sensitive financial information, personal health information (PHI), and personally identifiable information (PII) across publicly accessible networks and storage devices. For the final project for this course, you will analyze an information security breach provided in the Final Project Scenario document and the educational video game (Agent Surefire: InfoSec) you will play in Module Three. In your analysis, you will discuss how the breach occurred, the incident response processes that were initiated, the impact of the breach, and applicable regulations to the organization. Then, you will
  • 2. develop a security test plan for the breached system and create security controls to ensure that the breach will not reoccur. The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three, Five, and Seven. The final product will be submitted in Module Nine. This assessment addresses the following course outcomes: through analysis of security breaches in ensuring business continuity in support of organizational goals information security of organizations test plans for networks, applications, or physical security assessment projects based on established cybersecurity standards website, and network vulnerabilities uce the impact of organizational culture and communication challenges that could affect cybersecurity risk assessment in a diversified world Prompt Your security breach analysis and recommendations should answer the following prompt: Using your Final Project Scenario and gameplay from the educational video game Agent Surefire: InfoSec that you will complete in Module Three, analyze the information security breach to determine how the breach occurred, evaluate the incident response processes, and assess the impact of the breach and applicable regulations on the business or organization. Then use your analysis to develop a security test plan, security controls to mitigate risk, and
  • 3. recommendations that reduce the impact of organizational culture and communication challenges. Specifically, the following critical elements must be addressed: I. Introduction: Provide a brief profile of the business or organization that has been attacked, including its organizational goals. In your profile, you could consider the industry in which the business or organization operates and the product or service that is the focus, for example. II. II. Security Breach: In this section, you will analyze one current information security breach, describing the business or organization that has been affected by this breach and explaining how the breach occurred. Specifically, you should: A. Attack Location: Determine what part of the business or organization was attacked by analyzing the security breach that occurred. For example, was the network attacked? Or was the company website hacked? B. Attack Method and Tools: Analyze the security breach to determine the method and tools that were used to effect the attack. In other words, how did the attack occur? C. Vulnerabilities: Based on your analysis, what vulnerabilities of the business or organization were exploited? How were the vulnerabilities discovered? For example, were the vulnerabilities discovered by an employee, a third party, or a customer? III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach. Specifically, you should: A. Actions: What incident response actions were initiated to minimize the impact of the breach? In other words, what did the business or organization do to address the vulnerabilities and resume normal system operations after the breach? B. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to
  • 4. resume normal system operations after the breach. In other words, how effective were these incident response actions in ensuring business continuity and supporting the organization’s goals? IV. Impact: In this section, you will discuss the possible impacts of applicable cybersecurity regulations to the business or organization. Specifically, you should: A. Application: Describe the government and industry regulations that apply to the business or organization in relation to the security breach. For example, what legislation, directives, and policies relate to the security breach? B. Impact: How do these regulations impact the business or organization and its information security? Support your response with specific examples. C. Financial and Legal Implications: Discuss possible financial and legal implications of the security breach for the business or organization. Will the business or organization be subject to any fines or sanctions because of the security breach, for example? V. Security Test Plan: In this section, you will develop a security test plan for the breached system, basing your plan on your analysis of the security breach and established cybersecurity standards such as those from the National Institute of Standards and Technology (NIST). Specifically, you should: A. Scope: Determine the scope of the risk assessment. For example, what assets, threats, and vulnerabilities will need to be addressed? Will the risk assessment need to include networks, applications, or physical security systems? What policies and procedures will need to be reviewed? B. Resources: Document the resources required for the risk assessment. In other words, what do you need to actually do the assessment? C. Hardware and Software: Create a list of system hardware and software within the target of the risk assessment. In other words, what are the parts of the system that you are assessing?
  • 5. D. Tools: Determine the necessary tools for the risk assessment, based the list of system hardware and software you created. VI. Risk Mitigation: In this section, you will create security controls to ensure that the breach will not reoccur. Specifically, you should: A. Security Controls: Create at least five security controls that mitigate future risks by ensuring that the security breach will not reoccur. These controls can be technical, administrative, or personnel security controls, for example. B. Vulnerabilities: How will the security controls you created mitigate risks by reducing application, website, and network vulnerabilities? C. Evaluation: What are the criteria for measuring the controls to ensure they are properly implemented? In other words, how will the security controls be evaluated? VII. Conclusion: In this section, you will recommend methods to reduce the impact of organizational culture and communication challenges. Specifically, you should: A. Communication: Document interpersonal communication issues encountered within the risk assessment team. How were the issues resolved? B. Organizational Culture: What challenges to organizational culture occurred as a result of the security breach? In your response, consider the impact of the security breach on the reputation of the business or organization. C. Recommendations: What methods can you recommend to reduce the impact of these communication and organizational cultural issues in future risk assessments? Milestones Milestone One: Kickoff Agenda In Module Three, you will submit a kickoff agenda. This milestone will be graded with the Milestone One Rubric. Milestone Two: Test Plan In Module Five, you will submit a test plan. This milestone will be graded with the Milestone Two
  • 6. Rubric. Milestone Three: Incident Response Plan In Module Seven, you will submit an incident response plan. This milestone will be graded with the Milestone Three Rubric. Final Submission: Security Breach Analysis and Recommendations In Module Nine, you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. It should also be structured to follow the outline presented in the Prompt. This submission will be graded with the Final Project Rubric (below). ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations. Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
  • 7. Highlight of Interview with Jack Sterling Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes: Hardware/Software: Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat Applications/Databases: Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment. Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month. SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points. Configuration Highlights: Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to. Managed switches – There is no logging of network activities on any of the switches. Web server – Public-facing web server is part of the LAN. This
  • 8. is where internet users get needed information on the company. The web servers are running the following services in addition: File & Print Services, Telnet, IIS. Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event. The following files types are allowed for inbound connection: EXE, DOC, XML, VBS. In addition, Telnet and FTP are allowed for inbound connection. Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year. Network configuration changes are determined by the IT manager and users are notified immediately once the changes are implemented. Documentation: I. There is no documented security policy, or computer use policy. II. II. There is no documented process for changes to the system. III. III. There is no contingency plan. System Backup: I. Backup is conducted daily by the network administrator, and tapes are kept safely in the computer room. Personnel/Physical Security: I. While users are not trained on security awareness, emails go out every month from the system administrator warning users of emerging threat. II. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices. III. III. Remote employees connect via virtual private network. Their laptops are configured exactly as the desktops in the office with unencrypted hard drives. IV. IV. Often users are allowed to bring in their own laptops, connect to corporate system, and complete their tasks, especially if they are having issues with laptops provided by the company.
  • 9. Incident Response: At Limetree Inc., systems administrators are notified of computer incidents, and the administrators escalate to the IT manager, who reports incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents, even though Limetree Inc. has experienced quite a few. Corrective measures are taken immediately after an incident, though none of the measures was ever documented. ISE 510 Security Risk Analysis & Plan Security Breach Analysis and Recommendations Milestone 3: Incident Response Plan <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to MS#3_LAST_FIRST A few comments up front: -- After fixing any of my comments to this paper, it should be used, with minor modifications, for the FINAL PROJECT. -- Download and use this publication: Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (rev 2). Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
  • 10. 00-61r2.pdf -- Other resources that will be helpful: Valentin, J. (2013). Building an incident response team and IR process. Retrieved from http://resources.infosecinstitute.com/building-an-incident- response-team-and-ir-process/ SEI (n.d.) Create a CSIRT. Retrieved from http://www.cert.org/incident-management/products- services/creating-a-csirt.cfm Wright, C. (2011). Incident handler's handbook. Retrieved from https://www.sans.org/reading- room/whitepapers/incident/incident-handlers-handbook-33901 ========================================== Incident Response Plan Purpose Identify the purpose of the Incident Response Plan. Roles and Responsibilities of the Incident Response Plan Clearly identify and describe the roles and responsibilities in Limetree – you are allowed to make up roles typical to a medium sized company. (Hint: use one of the references listed above) Examples of Incidents at Limetree a) Give the definition of an ‘incident’ and b) give exactly 5 examples from Limetree. This can be a bulleted list with short descriptions. Pull the examples from Agent Surefire Game or Breach description. The examples should be diverse; don’t give two examples of the same incident type.
  • 11. Current Incident Response Plan at Limetree Give a brief description of the current IR plan Proposed Incident Response Plan at Limetree: In each of the below phases, describe what Limetree should be doing, either proactively or during an active security breach, to enhance their Incident response. Don’t explain in generalities, be specific to Limetree. 1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery 6) Lessons Learned The Incident Response Process: Describe how the Incident Response process works from Preparation, the discovery of a new incident, all the way through Lessons Learned. This must include business recovery process – step 5 above. A process flow diagram is required for “Exemplary Score”. Drawings can be made in Visio, PowerPoint, or inserting shapes directly from Word. Hint: I usually prepare the process flow in a separate word document and then screen capture and paste into the final paper (as opposed to trying to insert shapes from scratch). References As academic practitioners, I’d recommend over 3 references (preferably over 5) placed here. I’d like you to “up your game” in the area of APA references. Remember, you’re experienced Graduate School students, and as such, you should be equipped to handle investigating strong academic papers and resources.
  • 12. 3