Category: Cyber security

Locate at least one article within the past year involving a cybercrime case in which investigators used forensics. You will need to cite at least two current, quality academic and/or professional resources in your post.
Please respond to the following in a post of at least 200 words:
Summarize the article you located.
Explain why you selected this particular article as opposed to others.
Specify how investigators used forensic analysis to analyze the crime.
Provide the link to the article.

This is the Risk Management Framework Exercise that measures competencies in implementing this framework to support the Authorization and Risk Management for an information system and/or mission application. The NIST documents students use in this assessment are used not only in DoD but throughout the Federal government and NIST’s approach is consistent with how this is done throughout industry as well. 
During HCC engagement with employers in the area, the need for students to understand RMF was clearly identified. 
Students are required to review the following two videos before the exercise:
RMF that is presented by Frank Mayer, CISSP using a Creative Commons Licensed presentation by Professor Pinto of Old Dominion University. 
NIST Risk Management Framework Introduction l NIST Certification l ARECyber LLC 
The creator of this video licensed it under the Creative Commons so we can use it without restrictions and this is the link to this Video on You Tube https://www.youtube.com/watch?v=SBrBmSfUz2Y&feature=youtu.be
Review the attached RMF Slides to this assignment as well.
College-level writing is expected on all assignments; refer to assignment rubric.   This course capstone assignment is worth 10 percent of your grade and it will be a Three Part exercise that is only here in Blackboard, NOT in your course textbook and is outside of the virtual labs used for the other exercises
Part 1 – Properly Categorize a System  First Step in class you will go to this quick start link on The Risk Management Framework from NIST URL =   https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-Quick-Start-Guides   and then you will use the National Institute of Standards and Technology  (NSIT) documents that are attached to this assessment here in Blackboard to complete this exercise. You will need to use all the documents just as references since you will not have the time to read all of them.
Your organization has competed the preparation  stage of the risk management  process and it is going to make sure that its new unmanned vehicle that is used to deliver parts and tools to units throughout the organization’s depot is secure and can securely perform its mission.  
You will Categorize the information system based on FIPS 199, NIST SP 800-60, and organizational guidance and then Document the categorization recommendation with your rationale and provide that as a document that is uploaded to Blackboard. You will upload your work for this assignment in Blackboard.   List the other members of your team on your input.
Second Step for Part 1 for the Student Team:  Go to Figure 1: NIST Risk Management Framework, on page 7 in the NIST Special Publication 800-60 Volume I, Revision 1. Study the figure.  In this exercise you will just be doing the categorization for the system described in the “System Description” document attached to this assessment in Blackboard.  You will use the High Water Mark of impact and Categorize this information system based on the potential impact to an organization and its ability to accomplish its mission, protect assets, fulfill its legal responsibilities, and maintain day-to-day functions; The generalized format for expressing the security category ( SC ) of an information system is: SC information system = {(confidentiality, impact) , (integrity, impact) , (availability, impact) }, where the acceptable values for potential impact are low, moderate, or high.
Write a brief paragraph that identifies what the impact level for this system should be for confidentiality, integrity, and availability and then based on your analysis determine what the overall system categorization should be, that is low, moderate, or high. 
Part 2 – Developing  Policy – Use the National Institute of Standards and Technology,  NISTR 7621, Small Business Information Security The Fundamentals, guide that is attached to this assignment and go to Appendix  E—Sample Policy & Procedure Statements, then create concise policy statements for the system described in the “System Description” document to address access control, both physical and access to the control laptop via password control and issuance, training requirements, contingency actions in case the system suddenly fails, and acceptable use of the system by the operators.  You are not expected to write a complete policy but you are expected to come up with what should be the top six policy statements that need to be used for the policy that is being developed. 
For example, one policy statement could be: All users of the laptop computer that controls the drone will have their own account and password that will be at least ten characters long and will consist of both letters, numbers, and special characters.  This password will be changed every three months. 
Part 3 – Case Study – You are in a security working group that is responsible to ensure that the system described in the “System Description” document attached to this assessment in Blackboard meets security requirements, that is security controls, in a manner that will not introduce significant risk to depot operations. The chief  network engineer, who has been working at the depot for thirty years, insists during the working group that the wireless link used to control the drone should not be encrypted as this would be a waste of time and resources.  He also argues that using encryption for this link could cause issues in the future as this system is being maintained.  The security control that applies to the requirement for wireless encryption is referenced by the Security Control Number AC-18(1) in Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.   
Based on your analysis completed  in part 1 of this assessment, what recommendation would you make as a team to the Senior Executive in charge of the depot and to the Senior Executive who is the Authorization Official at higher headquarters?  Your team must be able to rigorously defend your recommendation before Senior Executives who have a stake in this system’s operations so you must provide a strong and concise recommendation paragraph that your team can defend. 
Submit responses on a single three part Word Document through Blackboard, no later than xxxx (DUE DATE).  (Provide APA Style References on your submissions to refer to the NIST publications you cite in your team’s responses.)
PLEASE TEXT ME IF YOU HAVE ANY QUESTIONS! 
READ THE RUBRIC! 
I HAVE LINKS TO ALL OF THE INFORMATION! 
IT IS NOT REALLY AN ESSAY BUT RATHER RESPONSES ON A SINGLE THREE PART DOCUMENT! 
PLEASE READ RUBRIC CAREFULLY! 

Purpose
This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.
Learning Objectives and Outcomes
Successful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:
Evaluate compliance laws relevant to the U.S. Department of Defense.
Assess policy frameworks appropriate for an organization in a given scenario.
Evaluate security controls and standards for the seven domains of a typical IT infrastructure.
Develop DoD-compliant policies for an organization’s IT infrastructure.
Required Source Information and Tools
Web References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on August 26, 2020.
The following tools and resources will be needed to complete this project:
Course textbook
Internet access
DoD instructions or directives
https://www.esd.whs.mil/dd/
Risk Management Framework (RMF) for DoD Information Technology (IT) https://www.esd.whs.mil/Portals/54/Documents/DD/is…
U.S. Department of Defense (DoD) Chief Information Office Library
https://dodcio.defense.gov/Library/
Department of Defense Information Security Program
https://www.esd.whs.mil/Portals/54/Documents/DD/is…
Department of Defense Internet Services and Internet-Based Capabilities
https://www.esd.whs.mil/Portals/54/Documents/DD/is…
You may consult other relevant sources, if needed. If so, include citations for those sources in the final deliverable for this report.
Deliverables
This project is divided into several parts, each with a deliverable. The first three parts are research drafts, which should include organized lists and notes gathered during research, sources, and in some cases policy drafts. These documents should be organized and readable, but are not polished reports.
Item
Deliverables
Project Part 1
U.S. Compliance Laws Research
Submit a draft of your research of DOD-specific requirements for an organization’s IT infrastructure and U.S. compliance laws that may affect the firm.
Project Part 2
Infrastructure Research A
Submit a draft of (1) which policy framework(s) will be followed for the project and (2) DoD-compliant policies, standards, and controls that affect the User, Workstation, LAN, and LAN-to-WAN Domains.
Project Part 3
Infrastructure Research B
Submit a bulleted list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains.
Project Part 4
Final Report
Submit the final report of your class project.
Scenario
You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.
As a security professional for Blue Stripe Tech, you are responsible for developing security policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the “Tasks” section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.
Blue Stripe Tech’s computing environment includes the following:
12 servers running the latest edition of Microsoft Server, providing the following:
Active Directory (AD)
Domain Name System (DNS)
Dynamic Host Configuration Protocol (DHCP)
Enterprise resource planning (ERP) application (Oracle)
A research and development (R&D) engineering network segment for testing, separate from the production environment
Microsoft Exchange Server for email
Email filter
Cloud-based secure web gateway (web security, data loss protection, next-generation firewall, cloud application security, advanced threat protection)
Two Linux servers running Apache Server to host your website
400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other productivity tools
Tasks
Develop a list of compliance laws required for DoD contracts.
Determine which policy framework(s) will be used for this project.
List controls placed on domains in the IT infrastructure.
List required standards for common devices, categorized by IT domain.
Develop DoD-compliant policies for the organization’s IT infrastructure.
Describe the policies, standards, and controls that would make the organization DoD compliant.
Develop a high-level deployment plan for implementation of these polices, standards, and controls.
Write a professional report that includes all of the above content-related items and citations for all sources.
Submission RequirementsFormat: Microsoft Word (or compatible)
Font: Arial, size 12, double-space
Citation style: Your school’s preferred style guide
Length of draft research documents: 2–4 pages
Length of final report: 14–18 pages
Self-Assessment Checklist for Final ReportI developed a list of compliance laws required for DoD contracts.
I listed controls placed on domains in typical IT infrastructure.
I listed required standards for common devices, categorized by IT domain.
I developed DoD-compliant policies and standards for my organization’s IT infrastructure
I described the policies, standards, and controls that would make my organization DoD compliant.
I listed all applicable DoD frameworks in the final report.
I developed a high-level deployment plan for implementation of these polices, standards, and controls.
I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.
I included citations for all sources used in the report.
I followed the submission guidelines.
Assignment Criteria ( 100 Points)Synthesis of Concepts80
Writing Standards – APA format20
Timeliness – 10% penalty per week for late work

“The Devil in the chips”-Essay question, Provide three main sources that you used for essay question answer. make sure to follow APA format proper references and citation should be included. Answer should be in 2 and half pages.

You have been working on components of your project plan throughout this course and incorporating feedback from your instructor. You are now ready to pull everything together and finalize the project plan. Your project plan should include the following elements:
Project Charter
Work breakdown structure (WBS)
Schedule
Cost estimates
Resource plan
Communication plan
Risk Management (threats and opportunities)
Length: 10 to 12-page project plan, not including the title and reference pages
References: Include a minimum of 3 scholarly resources.
The completed assignment should address all of the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards

The seven domains of a typical IT infrastructure include the User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, and System/Application Domain. As you’ve learned, each domain has business, technical, and security policy challenges that affect organizations.
Answer the following question(s):
1. What is an advantage of organizing IT security policies by domain?
2. What is a disadvantage of organizing IT security policies by domain?
3. Do you think one domain is more challenging than the others as far as applying security policies? Explain your answer.

Discussion Points:
Discuss relational database terminology (table, tuple, constraints, relationship, especially the various keys). Include an example of a primary key (other than the one in the text). Include one question for your peers to research and answer. A web search for relevant articles and information could be employed to further assist you in your response.

1. Discuss the unique cybersecurity issues as applicable to the Transportation CI. Specifically discuss the potential vulnerabilities and concerns to include a recent cyber attack (past 5 years), impact on at least one other CI we’ve studied during the course (be specific), current government/industry cyber defense activities to include the Department of Homeland Security, US Transportation Command and the Department of Transportation, and present your recommendations for mitigating future security threats to this Sector. Ensure you answer each part of the test question. 2. Discuss the unique cybersecurity issues as applicable to the Energy CI. Specifically discuss the respective potential vulnerabilities and concerns of this CI to include a recent cyber attack (past 5 years), impact on at least one other CI we’ve studied during the course (be specific), current government/industry cyber defense activities to include the role and performance of the Sector Specific Agency (SSA), and present your personal recommendations for mitigating future security threats to this Sector. Ensure you answer each part of the test question. 3. Cybersecurity was largely left up to the private sector until 2016–2017 when surveillance capitalism and meddling in US elections were revealed. What strategies and policies should the US government enact to protect consumers and voters in the future?
4. Provide your view of the state of the U.S. national Cybersecurity Critical Infrastructures. Include the role and performance of the Department of Homeland Security and the Sector Specific Agency process, the role and performance of private industry and its protection of CI, the U.S. government’s process of managing and adapting to the CI threat, and the overall risks to the nation from this threat. RECOMMENDATION: Bring together all of the data, facts, concepts, and ideas you’ve learned during the course and present your recommendations for successfully mitigating the cybersecurity threat to the U.S. Ensure you answer each part of the test question.

Unlimited Attempts Allowed
Details
What would be the code to create this in postgres? Try your best 🙂 Assume ON DELETE CASCADE for foreign key constraints.
Turn in your code! Graded on effort and completion.
Try two tables 🙂 if you like, try all of them! 😀

Briefly examine a law, regulation, and a standard that organizations use to align with government requirements around cybersecurity best practices within their industry.