To complete this assignment, review the prompt and grading rubric in theProject Three Milestone Guidelines and Rubricdocument.You will also need to access theProject Three Milestone Decision Aid Template.
CYB 200 Project Three Milestone Decision Aid Template Complete the template by filling in the blank cells provided. I. Detection 1. Describe the following best practices or methods for detecting a threat actor. Awareness Auditing Diligence Monitoring Testing Sandboxing Enticing Citations: II. Characterization 2. Briefly define the following threat actors. Individuals who are “shoulder surfers” Individuals who do not follow policy Individuals using others’ credentials Individuals who tailgate Individuals who steal assets from company property Citations: 3. Describe the following motivations or desired outcomes of threat actors. Fraud Sabotage Vandalism Theft Citations: 4. Identify the company assets that may be at risk from a threat actor for the following types of institutions. Remember: Each company will react differently in terms of the type of assets it is trying to protect. Financial Medical Educational Government Retail Pharmaceutical Entertainment Citations: III. Response Choose a threat actor from Question 2 to research for the response section of the decision aid: Threat Actor 5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. Hint: What are the best practices for reacting to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Citations: 6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. Hint: What are the best practices for proactively responding to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Citations: 7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor. CYB 200 Project Three Milestone Resource Guide This resource guide contains high-quality databases and frameworks that will be useful in completing the Project Three Milestone. The resources below will allow you to quickly find and synthesize information needed to detect, characterize, and counter threat actors. It is strongly recommended you rely on these primary resources for purposes of this research. This resource guide is a recommended artifact for your cyber playbook and will be tagged with the Organizational Security icon. SANS Institute Incident Handler’s Handbook The SANS reading room, and specifically the Incident Handler’s Handbook, holds a wealth of knowledge for learners looking to become practitioners. The information within the handbook will help learners obtain skills in policy creation as well as planning on cyber incident mitigation. The handbook also contains an important checklist on incident handling. A Taxonomy of Operational Cyber Security Risks The taxonomy provides a resource for the categorization of risk. This resource breaks down risk into several categories including actions of people and internal and external issues. It also provides a framework for how to categorize the risk based on FISMA and other government regulations. PRE-ATT&CK: Adversarial Tactics, Techniques & Common Knowledge for Left-of-Exploit This resource is used to define and describe the steps of a cyber attack. It lists the strategies and methods in a simple, easy-to-follow algorithm. The steps contained in the resources are not an exhaustive list, but the majority of incidents will be covered. The major benefit of this resource is it gives many suggestions on how to respond to cyber attacks and how to be proactive against cyber attacks. NIST Guide for Mapping Types of Information and Information Systems to Security Categories Special publications from NIST assist in the cyber education of the country. Specifically, NIST SP 800-60 provides a structure for incident response and categories of incidents. NIST Risk Management Framework The risk management framework is technically NIST 800-39, but it relies heavily on two special publications. The first is NIST 800-37, and the second is NIST 800-53. NIST 800-39 provides a framework to handle risk management in six steps. The steps are categorize, select, implement, assess, authorize, and monitor. NIST Guide for the Security Certification and Accreditation of Federal Information Systems This publication is known as NIST 800-37. It provides a framework for certification and accreditation in the federal government. This resource delivers a methodology for the government to stabilize its accreditation evaluation. NIST Recommended Security Controls for Federal Information Systems This publication is known as NIST SP 800-53 and provides a methodology for implementation of security controls for information systems. Federal Information Security Modernization Act (FISMA) This is a piece of legislation that provides a basis for the federal government to oversee information security issues. This is an essential piece of legislation that helps the government deploy needed assets to help with cyber incidents. It also gives the government an outline for forcing businesses into reporting cyber incidents. https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_91026.pdf https://attack.mitre.org/versions/v8/ https://attack.mitre.org/versions/v8/ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview https://csrc.nist.gov/publications/detail/sp/800-37/archive/2004-05-20 https://csrc.nist.gov/publications/detail/sp/800-53/archive/2005-06-17 https://www.dhs.gov/fisma CYB 200 Project Three Milestone Guidelines and Rubric Overview: As a professional in the field of cybersecurity, you should be aware of best-practice tactics and methods necessary for responding to a variety of cyber threat actors. For this activity, you will research and determine factors to detect, characterize, and counter a range of threat actor situations to place into a decision aid template. This milestone will prepare you to think proactively and ethically in terms of what threat actors would do to attack organizational assets. You can find the resources guide for this milestone in the Reading and Resources area of Module Five. Be thorough in completing the decision aid. Upon completion, this is a recommended artifact for your cyber playbook and will be tagged with the Human Security icon. You may use the Decision Aid Template or a blank Word document to address the critical elements for the Project Three Milestone. This decision aid will inform your technical brief in Project Three, which will be based on a scenario your instructor provides in the Project Three announcement. You will not use all the tactics and methods you researched, but rather choose and refine your answers based on the specific situation. Prompt: In your decision aid, address the critical elements listed below. I. Detection A. Describe at least seven best practices or methods for detecting a threat actor specific to the categories in the decision aid template. Use research from the resource guide to support your responses. II. Characterization A. Define at least five types of threat actors specific to the categories in the decision aid template. Use research from the resource guide to support your responses. B. Describe at least four motivations or desired outcomes of threat actors specific to the categories in the decision aid template. Use research from the resource guide to support your responses. C. Identify the company assets of at least seven types of institutions that may be at risk from a threat actor specific to the categories in the decision aid template. Use research from the resource guide to support your responses. III. Response A. Describe at least three potential counterstrategies or tactics that you might use to respond to and counter a threat actor (reactive approach). Use research from the resource guide to support your responses. B. Describe at least three potential strategies or tactics that you would employ to reduce the likelihood of the same situation happening again (proactive approach). Use research from the resource guide to support your responses. C. Explain your reason for determining the threat actor you chose (Response: Parts A and B) and justify your strategies to both proactively and reactively respond to that type of threat actor. Project Three Milestone Rubric Guidelines for Submission: Your submission should address the critical elements using either the decision aid template or a blank Word document and should be written in APA format. If you do not use the provided template, format your submission with 12-point Times New Roman font and one-inch margins. Cite your sources according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_200_Project_Three_Milestone_Neo_Anderson.docx. Critical Elements Elements Met (100%) Elements Need Improvement (75%) Elements Not Evident (0%) Value Detection: Detecting a Threat Actor Describes at least seven best practices or methods for detecting a threat actor specific to the categories in the decision aid template Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Characterization: Type of Threat Actors Defines at least five types of threat actors specific to the categories in the decision aid template Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Characterization: Motivations Describes at least four motivations or desired outcomes of threat actors specific to the categories in the decision aid template Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Characterization: Company Assets Identifies the company assets of at least seven types of institutions that may be at risk from a threat actor specific to the categories in the decision aid template Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Response: Counterstrategies Describes at least three potential counterstrategies or tactics to respond to and counter a threat actor Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Response: Reduce the Likelihood Describes at least three potential strategies or tactics to reduce the likelihood of an incident occurring in the future Addresses “Elements Met” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 13 Response: Explain Explains reason for choosing threat and justifies