Project 2: Incident Response Start Here Incident Response You've recently been promoted to the role of a cybersecurity incident manager as part of a new contract with a major media and entertainment...

1 answer below »
Need 12 pages. Must have citations and parenthetical citations.


Project 2: Incident Response Start Here Incident Response You've recently been promoted to the role of a cybersecurity incident manager as part of a new contract with a major media and entertainment company. The company requires its employees, artists, and clients to have wireless and mobile device access to company networks. Because of the "bring your own device" policy, there has been an increase in the number of cybersecurity incident reports. You realize that you need to increase awareness of security standards. In your security monitoring of the company networks, you use tools that track employee behavior. You want company leadership to understand the technologies used in wireless networks and mobile device management, and you want those leaders to be educated about the implementation, threats, and safeguards for all devices—including personal units that are used for work-related tasks. You believe that executive leadership needs to incorporate these kinds of safeguards as part of its business strategy. You decide to compile a cybersecurity incident report that you will send to management. You will list the actions, defense, and preventative measures you have taken to address threats and why. The report will incorporate terminology definitions, information about the cyber kill chain, and impact assessments. Your cyber incident report will need to illustrate the threats you discovered and the resolutions you employed. You want leadership to be confident about the strategy you have used to defend the company's networks. Today's companies face many security challenges to their networks, and a company's incident manager needs to be ready to respond to potential threats. Some of those threats can occur from the actions of well-intentioned employees who fail to follow security protocols, and others can arise from disgruntled workers who may be able to access accounts on personal devices long after leaving an organization. Wireless devices and bring your own device (BYOD) computing in the workplace often increase productivity and convenience, but such ease of access to resources can be a significant threat to organizational security, and BYOD computing adds another layer of concern for the incident manager. Remote management, such as tracking and data swipes, helps to locate devices containing company data and to eliminate any unauthorized viewing of that data. Authentication, access controls, and strong encryption are just some of the security measures that need to be part of a secure wireless network and mobile device management practices in the workplace. However, security will need to evolve in order to protect against employees who may have malicious intent. It will need to include behavior cues as well as effective countermeasures, as the need for greater employee availability drives more wireless computing and BYOD integration in the workplace. For this project, you will take a close look at the variety of threats facing an incident manager as you develop a cybersecurity incident report (CIR) for management with an executive summary. There are seven steps to complete the project. Each step will highlight the types of threats you will encounter. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks. Begin with the workplace scenario and then continue to Step 1. Deliverables · Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.  · Executive summary: This is a one-page summary at the beginning of your CIR. Project 2: Incident Response Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD)  policy, security attitudes have been lax, and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, discuss why the security of wireless access points is important. Provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network. Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Project 2: Incident Response Step 2: Track Suspicious Behavior You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using available industry tools and techniques. You know the location and time stamps associated with the employee's mobile device. How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Review materials on security of wireless access points Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." Note that a CIR summary would not include the name of the actual employee; the situation is being used as an example of what to do when something like this occurs. In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR. Project 2: Incident Response Step 3: Develop a Continuous Improvement Plan Now that you've completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace. You receive a memo for continuous improvement to the wireless network of your company, and you are asked to provide a report on the company’s wireless network. You have been monitoring the activities on WPA2. Provide for your leadership a description of Wi-Fi protected access (WPA) networks and include the pros and cons of each type of wireless network with a focus on WPA2. Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company. Include your responses as part of the CIR with the title "Continuous Improvement Plan." In the next step, you will look at yet another workplace scenario, and you will use that incident to show management how remote configuration management works. Project 2: Incident Response Step 4: Develop Remote Configuration Management You've completed the continuous improvement plan portion of the CIR. Now, it's time to show how your company has implemented remote configuration management. Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company's network. Then, consider the following scenario: An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee's device. How would you show proof that the device was removed? Include your responses as part of the CIR with the title "Remote Configuration Management." In the next step, you will illustrate how you investigate possible employee misconduct. Project 2: Incident Response Step 5: Investigate Employee Misconduct In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been given a report that an employee has recorded log-ins during unofficial duty hours. The employee has set up access through an ad hoc wireless network. Provide a definition of ad hoc wireless networks and identify how such networks could contribute to the company infrastructure while also detailing the threats and vulnerabilities they bring. Use notional information or actual case data and discuss. Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? How would you validate that the user is working outside of business hours? Include your responses as part of the CIR with the title "Employee Misconduct." Project 2: Incident Response Step 7: Prepare and Submit the Cybersecurity Incident Report and Executive Summary You've completed all of the individual steps for your cybersecurity incident report. It's time to combine the reports you completed in the previous steps into a single CIR. The assignments for this project are as follows: · Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. · Executive summary: This is a one-page summary at the beginning of your CIR. Submit both documents to the assignment folder.
Answered 7 days AfterOct 14, 2021

Answer To: Project 2: Incident Response Start Here Incident Response You've recently been promoted to the role...

Amar Kumar answered on Oct 22 2021
131 Votes
Cybersecurity Incident Response
Executive Summary
The cyber security incident management cycle includes preparation, detection, incident containment, mitigation, and recovery. The last phase is using the incident's lessons to enhance the process and plan for future events. Communication with both internal and external parties is essential during this cycle. Many businesses may lack the in-house experience and abilities required to respond effectively to a cyber security event. When they are confronted with an event, they may need to enlist the help of specialists to control the situation and conduct forens
ic investigations. This isn't to say they can't accomplish things on their own.
On the contrary, several things may and should be done before a severe occurrence. Creating a cyber security incident response strategy for a business is a crucial first step in cyber security incident management. It's also critical that senior management approves the plan and participates in each cyber security incident response phase.
The cyber security incident response strategy should include the following elements:
• What has to be safeguarded? Which data, systems, networks, and products?
• Identifying and allocating responsibilities;
• The equipment and technology;
• In-house skills or contracts with external specialists for incident response and forensic investigation;
• A communication plan for reporting Network and Information Security (NIS) events to internal and external stakeholders and authorities, including law enforcement, the National Data Protection Authority, and responsible authorities.
Introduction
Incident response is the method a company employs to respond to and manage a cyber assault. An assault or data breach can affect customers, intellectual property, corporate time and resources, and brand equity. The objective of incident response is to limit harm and restore normalcy as quickly as feasible. Research is also required to learn from the attack and better prepare for the future. With so many businesses suffering a data breach nowadays, having a well-thought-out and repeatable incident response strategy is the best way to safeguard your company.
Fig: Cyber Security Framework Mind Map
Source: paramoresecurity
Step 1: Develop a Wireless and BYOD Security Plan
Enterprises and SMBs alike face challenges with BYOD security. This is due to the fact that, in order to be effective, businesses must maintain some level of control over non-company-owned cellphones, tablets, and computers that are personal property of employees. When workers bring their own devices to work, defining a BYOD security strategy is important to preserving business security. A BYOD policy should include the following aspects, according to TechTarget SearchMobile Computing:
· Acceptable usage: what apps and assets are workers allowed to use on their own devices?
· Devices must have the bare minimum of security measures.
· SSL certificates for device authentication, for example, are components given by the company.
· Rights granted by the company to change the device, such as remote wiping for lost or stolen devices.
The cybersecurity removal chain consists of seven key steps starting from detection to lateral motion and facts exfiltration to make sure accurate visibility and assist safety groups higher apprehend adversary strategies, operations, and procedures. There are primariy seven different stages for cyber kill chain.
1. Reconnaissance – The attackers choose a target and conduct a thorough investigation. They begin gathering data (email addresses, conference details, etc.) and assessing the victim's weaknesses to decide how to exploit them.
2. Weaponization –Malicious actors create malware at this stage in order to exploit the vulnerabilities that have been found.
3. Delivery – The weapon must be delivered at this step. In this case, the intruder will employ various techniques, including phishing, infected USB devices, and so on.
4. Exploitation –The point at which hackers begin exploiting vulnerabilities to run programs on the victim's computer.
5. Installation – The malware weapon has been set up.
6. Command & Control – The victim is remotely manipulated using a C&C server.
7. Actions on Objectives –The attackers finish their goals in the last stage.
Wireless Security
Wireless networks offer several benefits, but they also introduce new security concerns and change the overall risk profile of an organization's information security. Although the most common response to wireless security threats and vulnerabilities is to install technology solutions, wireless security is essentially a management issue. Effective management of the threats posed by wireless technology requires a good and comprehensive environmental risk assessment and the development of a plan to minimize any detected threats. We propose a framework to help executives understand and assess the many dangers associated with the Internet of Things.
The transmission of data by radio frequencies; Access points that provide a connection to the corporate network and / or client devices (laptops, PDAs, etc.); and users are the four essential components of wireless networks. Each of these components represents an attack vector that can undermine one or more of the three core security objectives of confidentiality, integrity, and availability.
Three fundamental risks arise as a result of the nature of wireless communications: Interception, Modification, and Disruption are all terms used to describe the act of intercepting, altering.
1. There are two types of countermeasures for decreasing the danger of wireless transmission eavesdropping. The first is a set of techniques for making it more difficult to find and eavesdrop on wireless transmissions The second involves encrypting wireless signals to maintain secrecy even if they are intercepted.
2. The interception and modification of wireless communications is a type of "man-in-the-middle" assault. Robust encryption and strong authentication of both devices and users are two types of countermeasures that can greatly minimize...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here