Category: Cyber security

In this task, students are expected to select and thoroughly analyse a recent cybersecurity breach or attack on a business organization. The purpose of this case study analysis is to delve into the intricate details of the chosen incident, providing a holistic understanding of the event, its consequences, and the lessons that can be drawn from it.
Write a 1000 word report by following the instructions listed below :-
Choose a recent cybersecurity breach or attack on a business organization. (Eg – Uber, Netflix or any company of your choice)
Provide a detailed case study analysis, including the background of the company, the nature of the attack, the vulnerabilities exploited, and the aftermath.
Discuss the lessons that businesses can learn from this case and propose preventive measures.
Background Information: Provide a comprehensive background of the targeted organization. This should include details about the industry, size, and significance of the company within its sector.
Attack Description: Describe the nature of the cyber-attack, elucidating the specific tactics, techniques, and methods employed by the attackers. 
Vulnerabilities Exploited: Analyze the vulnerabilities within the organization’s security framework that the attackers exploited to carry out the cyber-attack. This could include software vulnerabilities, social engineering tactics, or other weaknesses.
Consequences and Impact: Discuss the repercussions of the cyber-attack on the targeted organization. Highlight how the attack affected the company’s operations, data, reputation, and financial standing.
Lessons and Takeaways: Explore the key lessons that businesses and cybersecurity professionals can learn from this particular case. These lessons should encompass preventive measures, incident response strategies, and the importance of proactive cybersecurity practices.

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Part I: Incident Analysis and Response
A.  Determine why the attack on Azumer Water’s infrastructure was successful, including the specific vulnerabilities that allowed the attack to occur. Provide details from the case study to support your claims.
B.  Explain how the confidentiality, integrity, and availability of Azumer Water’s operations and PII (personally identifying information) data have been compromised, using NIST, ISO 27002, or another industry-standard framework to support two claims of compromise.
C.  Identify a federal regulation this NGO violated, providing a specific example from the case study as evidence of Azumer Water’s noncompliance.
D.  Recommend immediate steps to mitigate the impact of the incident, using specific examples from the case study to justify how these steps would mitigate the impact.
E.  Explain how having an incident response plan in place will benefit Azumer Water, using details from the case study to support your explanation.
Part II: Risk Assessment and Management
F.  Discuss two processes to increase information assurance levels within the organization and bring Azumer Water into compliance with the violated federal regulation identified in part C.
G.  Recommend technical solutions to counter the remaining effects of the attack in the case study and to prevent future attacks.
H.  Recommend an organizational structure for IT and security management, including a logical delineation of roles and adequate coverage of responsibilities, to support the efficient discovery and mitigation of future incidents.
I.  Describe your risk management approach for Azumer Water based on the likelihood, severity, and impact categorization of two risks in the case study.
J.  Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
K.  Demonstrate professional communication in the content and presentation of your submission.

INTRODUCTION
In today’s digital world, most fraud can be tracked electronically. In this task, you will use Basis Technology’s Autopsy application to analyze a storage device for evidence related to a possible violation of company policy. You will analyze the storage device for data files, deleted data files, directories, or drive partitions. You will provide screenshots of your evidence, and then write a final report.
To access the Autopsy application and the files you need to recover, you will use the “Performance Assessment Lab Area” web link. Instructions for how to access the tools are included in the lab area.
SCENARIO
An oil company’s senior management has reason to suspect that John Smith, one of the company’s mechanical engineers, allegedly took information that was clearly identified as proprietary. The company’s legal office has requested digital evidence regarding the potential violation of company policy, which prohibits the sharing of proprietary information without prior approval. The employee was not authorized to access proprietary information. All employees sign nondisclosure agreements (NDAs) and acceptable use policies (AUPs). Senior management and the legal office have approved the request for digital evidence.
You are a member of the investigative team that has been assigned to examine the digital evidence captured from the suspect’s office laptop computer. You will create an incident report to present the findings to senior management.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
A.  Write a report for the team of investigators by doing the following:
1.  Describe all steps taken in Autopsy to create the forensic system case file. Provide screenshots of these steps.
2.  Describe all steps taken in Autopsy to identify potential evidence including data files, deleted data files, directories, or drive partitions. Provide screenshots of these steps.
3.  Summarize the findings you identified during your investigation and the conclusions you made regarding the suspect and the collected evidence. Provide screenshots from Autopsy or reports to support your findings and conclusions.
B.  Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
C.  Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, csv, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
RUBRIC
A1:STEPS USED TO CREATE FORENSIC CASE FILE
NOT EVIDENT
The submission does not describe the steps taken in Autopsy to create the forensic system case file or does not provide screenshots of these steps.
APPROACHING COMPETENCE
The submission describes the steps taken in Autopsy to create the forensic system case file, but the description contains inaccuracies, or 1 or more steps are missing or not described. Or the provided screenshots do not reflect each step.
COMPETENT
The submission accurately describes all steps taken in Autopsy to create the forensic system case file. The provided screenshots reflect each step.
A2:STEPS USED TO IDENTIFY POTENTIAL EVIDENCE
NOT EVIDENT
The submission does not describe the steps taken in Autopsy to identify potential evidence or does not provide screenshots of these steps.
APPROACHING COMPETENCE
The submission describes the steps taken in Autopsy to identify potential evidence, but the description contains inaccuracies, or 1 or more steps are missing or not described. Or the description is missing either data files, deleted data files, directories, or drive partitions. Or the provided screenshots do not reflect each step.
COMPETENT
The submission accurately describes all steps taken in Autopsy to identify potential evidence, including data files, deleted data files, directories, and drive partitions. The provided screenshots reflect each step.
A3:SUMMARY OF FINDINGS AND CONCLUSIONS
NOT EVIDENT
The submission summarizes neither the findings identified during the investigation, nor the conclusions made regarding the suspect or the collected evidence. Or Autopsy screenshots or reports are not provided.
APPROACHING COMPETENCE
The submission summarizes either the findings identified during the investigation, or the conclusions made regarding the suspect and the collected evidence, but it does not summarize both. Or the summary contains inaccuracies. Autopsy screenshots or reports are provided, but they do not support the summarized findings or conclusions.
COMPETENT
The submission accurately summarizes both the findings identified during the investigation and the conclusions made regarding the suspect and the collected evidence. The provided Autopsy screenshots or reports support the summarized findings and conclusions.
B:SOURCES
NOT EVIDENT
The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized.
APPROACHING COMPETENCE
The submission includes in-text citations for sources that are quoted, paraphrased, or summarized and a reference list; however, the citations or reference list is incomplete or inaccurate.
COMPETENT
The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available or the candidate does not use sources.
C:PROFESSIONAL COMMUNICATION
NOT EVIDENT
Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic.
APPROACHING COMPETENCE
Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective.
COMPETENT
Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
WEB LINKS
https://lrps.wgu.edu/provision/272148024

Topic 1: SSID
Service Set Identifier (SSID), also known as the wireless network name, identifies the wireless network. An SSID is configured on the wireless AP (on the access point for the infrastructure mode) or on an initial wireless client (for ad hoc mode). The SSID is periodically advertised by the wireless AP or the initial wireless client using a special 802.11 MAC management frame. Do some research on securing the SSID on wireless networks and share your findings with your classmates. Include a relevant question to your classmates. Cite your resources. 
Topic 2: Cloud Computing
Cloud Computing goes hand-in-hand with virtualization. Do some research on this topic and describe a scenario of a cloud company’s infrastructure that is virtualized. What is one reason to incorporate virtualization into cloud computing? What are the security risks for clients using a cloud-based service? Cite your resources.
CITE ALL SOURCES AND SEPARATE THEM PER TOPIC

Locate at least one article within the past year involving a cybercrime case in which investigators used forensics. You will need to cite at least two current, quality academic and/or professional resources in your post.
Please respond to the following in a post of at least 200 words:
Summarize the article you located.
Explain why you selected this particular article as opposed to others.
Specify how investigators used forensic analysis to analyze the crime.
Provide the link to the article.

This is the Risk Management Framework Exercise that measures competencies in implementing this framework to support the Authorization and Risk Management for an information system and/or mission application. The NIST documents students use in this assessment are used not only in DoD but throughout the Federal government and NIST’s approach is consistent with how this is done throughout industry as well. 
During HCC engagement with employers in the area, the need for students to understand RMF was clearly identified. 
Students are required to review the following two videos before the exercise:
RMF that is presented by Frank Mayer, CISSP using a Creative Commons Licensed presentation by Professor Pinto of Old Dominion University. 
NIST Risk Management Framework Introduction l NIST Certification l ARECyber LLC 
The creator of this video licensed it under the Creative Commons so we can use it without restrictions and this is the link to this Video on You Tube https://www.youtube.com/watch?v=SBrBmSfUz2Y&feature=youtu.be
Review the attached RMF Slides to this assignment as well.
College-level writing is expected on all assignments; refer to assignment rubric.   This course capstone assignment is worth 10 percent of your grade and it will be a Three Part exercise that is only here in Blackboard, NOT in your course textbook and is outside of the virtual labs used for the other exercises
Part 1 – Properly Categorize a System  First Step in class you will go to this quick start link on The Risk Management Framework from NIST URL =   https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-Quick-Start-Guides   and then you will use the National Institute of Standards and Technology  (NSIT) documents that are attached to this assessment here in Blackboard to complete this exercise. You will need to use all the documents just as references since you will not have the time to read all of them.
Your organization has competed the preparation  stage of the risk management  process and it is going to make sure that its new unmanned vehicle that is used to deliver parts and tools to units throughout the organization’s depot is secure and can securely perform its mission.  
You will Categorize the information system based on FIPS 199, NIST SP 800-60, and organizational guidance and then Document the categorization recommendation with your rationale and provide that as a document that is uploaded to Blackboard. You will upload your work for this assignment in Blackboard.   List the other members of your team on your input.
Second Step for Part 1 for the Student Team:  Go to Figure 1: NIST Risk Management Framework, on page 7 in the NIST Special Publication 800-60 Volume I, Revision 1. Study the figure.  In this exercise you will just be doing the categorization for the system described in the “System Description” document attached to this assessment in Blackboard.  You will use the High Water Mark of impact and Categorize this information system based on the potential impact to an organization and its ability to accomplish its mission, protect assets, fulfill its legal responsibilities, and maintain day-to-day functions; The generalized format for expressing the security category ( SC ) of an information system is: SC information system = {(confidentiality, impact) , (integrity, impact) , (availability, impact) }, where the acceptable values for potential impact are low, moderate, or high.
Write a brief paragraph that identifies what the impact level for this system should be for confidentiality, integrity, and availability and then based on your analysis determine what the overall system categorization should be, that is low, moderate, or high. 
Part 2 – Developing  Policy – Use the National Institute of Standards and Technology,  NISTR 7621, Small Business Information Security The Fundamentals, guide that is attached to this assignment and go to Appendix  E—Sample Policy & Procedure Statements, then create concise policy statements for the system described in the “System Description” document to address access control, both physical and access to the control laptop via password control and issuance, training requirements, contingency actions in case the system suddenly fails, and acceptable use of the system by the operators.  You are not expected to write a complete policy but you are expected to come up with what should be the top six policy statements that need to be used for the policy that is being developed. 
For example, one policy statement could be: All users of the laptop computer that controls the drone will have their own account and password that will be at least ten characters long and will consist of both letters, numbers, and special characters.  This password will be changed every three months. 
Part 3 – Case Study – You are in a security working group that is responsible to ensure that the system described in the “System Description” document attached to this assessment in Blackboard meets security requirements, that is security controls, in a manner that will not introduce significant risk to depot operations. The chief  network engineer, who has been working at the depot for thirty years, insists during the working group that the wireless link used to control the drone should not be encrypted as this would be a waste of time and resources.  He also argues that using encryption for this link could cause issues in the future as this system is being maintained.  The security control that applies to the requirement for wireless encryption is referenced by the Security Control Number AC-18(1) in Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.   
Based on your analysis completed  in part 1 of this assessment, what recommendation would you make as a team to the Senior Executive in charge of the depot and to the Senior Executive who is the Authorization Official at higher headquarters?  Your team must be able to rigorously defend your recommendation before Senior Executives who have a stake in this system’s operations so you must provide a strong and concise recommendation paragraph that your team can defend. 
Submit responses on a single three part Word Document through Blackboard, no later than xxxx (DUE DATE).  (Provide APA Style References on your submissions to refer to the NIST publications you cite in your team’s responses.)
PLEASE TEXT ME IF YOU HAVE ANY QUESTIONS! 
READ THE RUBRIC! 
I HAVE LINKS TO ALL OF THE INFORMATION! 
IT IS NOT REALLY AN ESSAY BUT RATHER RESPONSES ON A SINGLE THREE PART DOCUMENT! 
PLEASE READ RUBRIC CAREFULLY! 

Purpose
This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.
Learning Objectives and Outcomes
Successful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:
Evaluate compliance laws relevant to the U.S. Department of Defense.
Assess policy frameworks appropriate for an organization in a given scenario.
Evaluate security controls and standards for the seven domains of a typical IT infrastructure.
Develop DoD-compliant policies for an organization’s IT infrastructure.
Required Source Information and Tools
Web References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on August 26, 2020.
The following tools and resources will be needed to complete this project:
Course textbook
Internet access
DoD instructions or directives
https://www.esd.whs.mil/dd/
Risk Management Framework (RMF) for DoD Information Technology (IT) https://www.esd.whs.mil/Portals/54/Documents/DD/is…
U.S. Department of Defense (DoD) Chief Information Office Library
https://dodcio.defense.gov/Library/
Department of Defense Information Security Program
https://www.esd.whs.mil/Portals/54/Documents/DD/is…
Department of Defense Internet Services and Internet-Based Capabilities
https://www.esd.whs.mil/Portals/54/Documents/DD/is…
You may consult other relevant sources, if needed. If so, include citations for those sources in the final deliverable for this report.
Deliverables
This project is divided into several parts, each with a deliverable. The first three parts are research drafts, which should include organized lists and notes gathered during research, sources, and in some cases policy drafts. These documents should be organized and readable, but are not polished reports.
Item
Deliverables
Project Part 1
U.S. Compliance Laws Research
Submit a draft of your research of DOD-specific requirements for an organization’s IT infrastructure and U.S. compliance laws that may affect the firm.
Project Part 2
Infrastructure Research A
Submit a draft of (1) which policy framework(s) will be followed for the project and (2) DoD-compliant policies, standards, and controls that affect the User, Workstation, LAN, and LAN-to-WAN Domains.
Project Part 3
Infrastructure Research B
Submit a bulleted list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains.
Project Part 4
Final Report
Submit the final report of your class project.
Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.
As a security professional for Blue Stripe Tech, you are responsible for developing security policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the “Tasks” section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.
Blue Stripe Tech’s computing environment includes the following:
12 servers running the latest edition of Microsoft Server, providing the following:
Active Directory (AD)
Domain Name System (DNS)
Dynamic Host Configuration Protocol (DHCP)
Enterprise resource planning (ERP) application (Oracle)
A research and development (R&D) engineering network segment for testing, separate from the production environment
Microsoft Exchange Server for email
Email filter
Cloud-based secure web gateway (web security, data loss protection, next-generation firewall, cloud application security, advanced threat protection)
Two Linux servers running Apache Server to host your website
400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other productivity tools
Tasks
Develop a list of compliance laws required for DoD contracts.
Determine which policy framework(s) will be used for this project.
List controls placed on domains in the IT infrastructure.
List required standards for common devices, categorized by IT domain.
Develop DoD-compliant policies for the organization’s IT infrastructure.
Describe the policies, standards, and controls that would make the organization DoD compliant.
Develop a high-level deployment plan for implementation of these polices, standards, and controls.
Write a professional report that includes all of the above content-related items and citations for all sources.
Submission RequirementsFormat: Microsoft Word (or compatible)
Font: Arial, size 12, double-space
Citation style: Your school’s preferred style guide
Length of draft research documents: 2–4 pages
Length of final report: 14–18 pages
Self-Assessment Checklist for Final ReportI developed a list of compliance laws required for DoD contracts.
I listed controls placed on domains in typical IT infrastructure.
I listed required standards for common devices, categorized by IT domain.
I developed DoD-compliant policies and standards for my organization’s IT infrastructure
I described the policies, standards, and controls that would make my organization DoD compliant.
I listed all applicable DoD frameworks in the final report.
I developed a high-level deployment plan for implementation of these polices, standards, and controls.
I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.
I included citations for all sources used in the report.
I followed the submission guidelines.
Assignment Criteria ( 100 Points)Synthesis of Concepts80
Writing Standards – APA format20
Timeliness – 10% penalty per week for late work

“The Devil in the chips”-Essay question, Provide three main sources that you used for essay question answer. make sure to follow APA format proper references and citation should be included. Answer should be in 2 and half pages.

You have been working on components of your project plan throughout this course and incorporating feedback from your instructor. You are now ready to pull everything together and finalize the project plan. Your project plan should include the following elements:
Project Charter
Work breakdown structure (WBS)
Schedule
Cost estimates
Resource plan
Communication plan
Risk Management (threats and opportunities)
Length: 10 to 12-page project plan, not including the title and reference pages
References: Include a minimum of 3 scholarly resources.
The completed assignment should address all of the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards

The seven domains of a typical IT infrastructure include the User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and System/Application Domain. As you’ve learned, each domain has business, technical, and security policy challenges that affect organizations.
Answer the following question(s):
1. What is an advantage of organizing IT security policies by domain?
2. What is a disadvantage of organizing IT security policies by domain?
3. Do you think one domain is more challenging than the others as far as applying security policies? Explain your answer.