CYB 670 PROJECT 2: Cybersecurity Risk Assessment including Vulnerability Matrix

CYB 670 PROJECT 2: Cybersecurity Risk Assessment including Vulnerability Matrix 150 150 Affordable Capstone Projects Written from Scratch

Despite all of the work that a cyber management team may do with respect to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities.

The graded deliverable for Project 2 is a packaged deliverable to the CISO of the risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:

  1. Cybersecurity Risk Assessment including Vulnerability Matrix
  2. Incident Response Plan
  3. Service-Level Agreement
  4. FVEY Indicator Sharing Report
  5. Final Forensic Report

The project should take about 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan.

 

The US reports exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify who was the bad actor.

Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: “I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it.”

You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could result in buffer overflows or other vulnerabilities such as denial of service. Each nation’s server is at risk.

“The report shows that the pattern of network traffic is anomalous,” says the CISO. “And the point of origin is internal. Someone at the summit is involved in this.”

Given the nature of the summit, participants understand that all nations are allied and have a common goal. “None of the FVEY members would have done this,” says a colleague. “It’s got to be the Russians or the Chinese. Friends don’t read each other’s mail.”

The CISO says, “No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies.”

Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.

Your CISO continues. “Let’s get to the bottom of this. We’re all familiar with DDoS attacks; do you think that’s what we’re dealing with here? Or do you think there’s more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event.”

“Our systems went down due to this DDoS. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.

“Remember, no one is above suspicion—not even our allies. Got it?”

Everyone nods in agreement. The CISO says, “Good. Now get to work. I’m going to try to go back to sleep for a few hours.”

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

  • 2.2: Locate and access sufficient information to investigate the issue or problem.
  • 4.4: Demonstrate diversity and inclusiveness in a team setting.
  • 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards.
  • 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court.
  • 8.2: Incorporate international issues including culture and foreign language to plans for investigations.
  • 5.8: Apply procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations.
  • 6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity.

STEP 2: Identify Attack Vectors

You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk managementinternational cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardwareinformation systems software, operating systems (operating systems fundamentalsoperating system protections), telecommunications (Internet Governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.

Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.

Cybersecurity Vulnerability

As the old adage goes, “the only computer that is not in danger is a computer that is turned off.” Cybersecurity professionals must identify and explain the main vulnerabilities against a company’s critical infrastructure.

A cybersecurity vulnerability is any weakness that may compromise the CIA triad (confidentiality, integrity, and availability) of a product. A cybersecurity vulnerability can never be completely eliminated; therefore, countermeasures must be in place to mitigate the potential disaster to a business’s ability to operate after a potential attack.

The confidentiality, integrity, and availability (CIA) triad is at the core of information system security. Information system security professionals use the CIA triad as a mechanism for quantifying the key security considerations of an information system. When a system is under development, each of the CIA concepts must be considered as part of the system’s design objectives. Below is a model of the CIA triad. We will describe each of its parts in the sections that follow.

 

CIA Triad Security Model

Confidentiality refers to the methods used to protect information from unauthorized disclosure. Protecting the confidentiality of proprietary or sensitive information is of vital importance.

Integrity refers to the processes that ensure accuracy of information.

Availability addresses the need of a system to provide continued, reliable access to information while maintaining an acceptable level of performance. Consider organizations with technology and services that must be nearly 100 percent available 24 hours a day, 365 days a year, such as financial institutions, emergency service providers, power providers, and communication providers. Every moment that these organizations cannot exchange information, there is the potential for serious financial loss, injury, or even death.

Addressing Cybersecurity Threats Through Risk Management

No modern-day enterprise can be immune from cybersecurity threats. A threat is something that can be mitigated or reduced but never completely eliminated. Therefore, cybersecurity practitioners must be able to identify the many forms and types of cybersecurity threats to an enterprise.

The National Institute of Standards and Technology defines threats as “any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations or modification of information, and/or denial of service” (NIST, 2012). A threat exploits a vulnerability with the intent to cause harm.

Cybersecurity threats can be classified into the following categories:

  • human threats: internal disgruntled employees, cultural issues
  • natural threats: natural disasters such as earthquakes, hurricanes, tornadoes, floods, volcanic eruptions, power outages
  • technical threats: hardware or software failure, equipment theft
  • physical threats: failure to deploy perimeter security, misplacement of closed-circuit TV locations vital for prevention and evidence
  • environmental threats: chemical, biological, and nuclear; power grid failure
  • operational threats: any attempt by either an insider or outsider to grant someone access to otherwise secured documents in an attempt to destroy the confidentiality, integrity, and availability of such an asset

Cybersecurity threats can be either internal or external to an organization. Internal threats occur primarily due to disgruntled employees. In fact, personnel with access to valuable information is the number one internal threat against an enterprise. External threats are threats beyond the control of upper management; however, they can be mitigated with proper protocols, procedures, and policy in place.

There are several types of cybersecurity threats of which a cybersecurity practitioner must be aware. The list below is for illustration and does not include all possible cybersecurity threats. Examples of cybersecurity threats include but are not limited to the following:

  • birthday attacks
  • brute force password dictionary
  • IP address spoofing
  • phishing
  • social engineering
  • man-in-the-middle attacks
  • pharming
  • hijacking
  • pretexting attack
  • baiting attack
  • distributed denial of service (DDoS)
  • denial of service (DoS)
  • dictionary attacks

 

International Cybersecurity Approaches

While individual nations continue to develop and implement their understanding of and approaches to cybersecurity, international bodies have also begun to include the topic on their agendas and even establishing special bodies to address cybersecurity.

Cybersecurity challenges for international bodies–for example NATO, the United Nations or the European Union–are unique as determined by the governing principles and membership of each body.

Another factor is the approach of the member nations to key cybersecurity-related issues, such as privacy. Many nations, particularly those that are less technologically developed, are not resourced to fully absorb and respond to cybersecurity requirements, much less to contribute to the efforts of international bodies to do so. Such nations may benefit most from the efforts of international bodies, particularly those efforts that are focused on developing strategies, understanding security solutions, and implementing defensive measures to protect networks and data.

Information Systems Hardware

The hardware components of an Information System are the physical items that belong to that system—the things that you are able to see and touch. Hardware components encompass different types of hardware. First is the processor and associated memory, referred to as the computer by most end users. Professionals might call this a tower or, in the case of larger processor banks, a server.

Information systems hardware also encompasses peripheral devices, such as the mouse, keyboard, printer, monitor, and other similar attachments to the system. These usually either take input from, or give output to, the end user. Input devices can also take input from other systems, so long as the source is outside the processor or computer in question.

Information Systems Software

Information systems software refers to the code that makes the computer work. Hardware without software lacks the ability to do anything useful. Hardware and software must work in concert to create functionality.

Information system software comes in two primary types: system software and application software. The system software is what most of us call the operating system; it enables the system to run at its basic level. The application software is the type with which most users will spend their time interacting. This type of software includes functional websites, servers, and networks, which are always at risk of security breach.

Threats can be internal or external; the point is that a web server and site host present serious risks for security. This is because, by design, servers are an open window to traffic. Systems software needs specific security measures, regular maintenance, and updates in order to maintain a basic level of security. It is critical to note that risks can never completely be eliminated. They can only be mitigated.

Operating Systems Fundamentals

An operating system is by far the most critical piece of software found on a computer. The operating system allows the system to deal with key tasks, such as the management of memory and processing. This makes operations possible and builds a foundation for applications to run on.

In addition, the operating system allows users to interact with hardware. Through the use of a graphic user interface, or GUI, an end user can interact with the operating system, and by extension the hardware. A computer without an operating system is basically not functional.

Operating System Protections

In order to take advantage of the capabilities provided by various computing devices, an operating system must be present to manage their resources and processes. And it is important to protect the functions of the operating system from unauthorized access and use. The operating system not only interacts with the system hardware, but it also communicates with software applications and external devices (Carnaghan, 2015).

Goals of protection not only include preventing malicious/misuse of the system but also minimizing possible damage and implementing effective security policies by both system administrators and users (Silberschatz, Gagne, & Galvin, 2012; Bell, 2013).

In order to protect the operating system, access to the operating system must be controlled. The principle of least privilege is based on the premise that software, users, and systems be granted the minimum level of access required to effectively complete their tasks. This, in conjunction with the “need to know principle,” which states that computer processes should have the minimum level of access required to complete tasks over the minimum amount of time required to do so, offer good strategies to mitigate and reduce the possible occurrences of misuse (Silberschatz, Gagne, & Galvin, 2012; Bell, 2013).

Based on the principle of least privilege, role-based access control (RBAC) is used to give permissions, or access privileges, to users and programs. In the RBAC model, access to system resources is based on predefined user roles (Carnaghan, 2015).

Computer processes/programs can be assigned protection domains that specify resources they have been given permissions to access, and each domain defines the type access rights of that process to perform and operation (Silberschatz, Gagne, & Galvin, 2012; Bell, 2013).

Internet Governance

The growing reliance on the Internet for business, academia, government, and pleasure, as well as the fact that the Internet is not owned by anyone, makes Internet governance an important issue. Internet governance attempts to establish acceptable norms, policies, and practices to ensure interoperability on the Internet and instill a measure of order in what is otherwise an unregulated space. Such governance includes establishment and distribution of protocol addresses and domain names. There are several bodies that serve these purposes. The Internet Corporation for Assigned Names and Numbers (ICANN) manages the global assignment of unique Internet identifiers, to include Domain Name System (DNS) and associated IP addresses. The International Telecommunication Union (ITU) is another such body. An agency of the United Nations, the ITU coordinates internationally in the use of radio spectrum, satellite orbits, and associated technical standards.

Intrusion Motives/Hacker Psychology

When it comes to black hat hackers, many people wonder why they do what they do.

For some individuals with the skill set, money is a motivating factor. There is also a certain amount of challenge involved in finding holes in a system and figuring out how to exploit them. Understanding what could motivate a hacker can help to prevent intrusion into a system.

Attack Vectors

Attack vectors are paths by which malicious actors gain unauthorized access to computer systems or data. These vectors can be existing avenues that are weakly protected and hence used for unintended purposes, or they can be paths which are intentionally established for malicious activities. Attack vectors generally exist because of vulnerabilities in hardware or software, or because of human factors (e.g., insider threats).

Understanding the characteristics and behaviors related to attack vectors provides the potential to identify threats. Such identification then enables the development of mitigations as well as informing risk management and resource allocation plans.

STEP 3: Discuss Attack Vectors and Known Attribution

In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.

You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.

This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion and the identity of the hackers and actors who employ the attack vectors noted.

Attribution

Attribution is the process by which the identity and associated attributes of an attacker are affirmed. It is made difficult because of the relative anonymity provided by the Internet, the increasing sophistication of threat actors, and in some instances the lack of resources to apply to what can be a time- and resource-intensive effort. Attribution is important because it can shed light on motives and intentions and give insights into future plans and capabilities. With attribution confirmed, victims can determine against whom a response might be appropriate.

Attribution is difficult, often consuming significant time and money, and requiring specialized skills. Even with these resources applied, attribution is still not certain. Successful attribution includes the identity not only of the attacker but also the the organization with which the attacker is aligned, the location of the attacker’s infrastructure, and any government that may have supported, directed, or authorized the malicious activity.

There are often political implications to levying punishment once attribution is obtained. Such impacts include the potential for reprisals, the possibility of wrongly attributing an incident, and the potential to expose sensitive sources and methods in order to prove attribution. As a result, even with attribution, follow-on decisions or actions are not always prudent or possible.

Hackers and Actors

Hackers and actors perpetrate malicious acts against computer systems and networks for a variety of motives, some of which pertain to the psychology of the hacker.

Hacker motivations can come from state sponsorship (e.g., sponsored and resourced by nation-states such as China, Iran, Russia, and the United States) and are often politically motivated. Hacker motivations can also come from nonstate sponsors, meaning those that are not supported and directed by a national power.

Actors motivated by social issues are characterized as hacktivists.

Criminals are driven by the ability to illegally access networks and steal data.

Finally, black hatgray hat, and white hat hackers are characterized by their actions when a vulnerability is discovered. Specifically, a black hat actor will intentionally exploit a discovered vulnerability, even if it is a violation of law or standards, and will not report it so that it can be addressed; a white hat actor will not exploit or disclose a vulnerability until it has been mitigated; and a gray hat actor will neither exploit a discovered vulnerability nor report its existence.

Attack Vectors

Attack vectors are paths by which malicious actors gain unauthorized access to computer systems or data. These vectors can be existing avenues that are weakly protected and hence used for unintended purposes, or they can be paths which are intentionally established for malicious activities. Attack vectors generally exist because of vulnerabilities in hardware or software, or because of human factors (e.g., insider threats).

Understanding the characteristics and behaviors related to attack vectors provides the potential to identify threats. Such identification then enables the development of mitigations as well as informing risk management and resource allocation plans.

Step 4: Analyze Attack Vectors and Known Attribution

You’ve discussed attack vector and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps. The designated team member should submit the analysis to the dropbox below.

Attack Vectors

Attack vectors are paths by which malicious actors gain unauthorized access to computer systems or data. These vectors can be existing avenues that are weakly protected and hence used for unintended purposes, or they can be paths which are intentionally established for malicious activities. Attack vectors generally exist because of vulnerabilities in hardware or software, or because of human factors (e.g., insider threats).

Understanding the characteristics and behaviors related to attack vectors provides the potential to identify threats. Such identification then enables the development of mitigations as well as informing risk management and resource allocation plans.

Attribution

Attribution is the process by which the identity and associated attributes of an attacker are affirmed. It is made difficult because of the relative anonymity provided by the Internet, the increasing sophistication of threat actors, and in some instances the lack of resources to apply to what can be a time- and resource-intensive effort. Attribution is important because it can shed light on motives and intentions and give insights into future plans and capabilities. With attribution confirmed, victims can determine against whom a response might be appropriate.

Attribution is difficult, often consuming significant time and money, and requiring specialized skills. Even with these resources applied, attribution is still not certain. Successful attribution includes the identity not only of the attacker but also the the organization with which the attacker is aligned, the location of the attacker’s infrastructure, and any government that may have supported, directed, or authorized the malicious activity.

There are often political implications to levying punishment once attribution is obtained. Such impacts include the potential for reprisals, the possibility of wrongly attributing an incident, and the potential to expose sensitive sources and methods in order to prove attribution. As a result, even with attribution, follow-on decisions or actions are not always prudent or possible.

Hackers and Actors

Hackers and actors perpetrate malicious acts against computer systems and networks for a variety of motives, some of which pertain to the psychology of the hacker.

Hacker motivations can come from state sponsorship (e.g., sponsored and resourced by nation-states such as China, Iran, Russia, and the United States) and are often politically motivated. Hacker motivations can also come from nonstate sponsors, meaning those that are not supported and directed by a national power.

Actors motivated by social issues are characterized as hacktivists.

Criminals are driven by the ability to illegally access networks and steal data.

Finally, black hatgray hat, and white hat hackers are characterized by their actions when a vulnerability is discovered. Specifically, a black hat actor will intentionally exploit a discovered vulnerability, even if it is a violation of law or standards, and will not report it so that it can be addressed; a white hat actor will not exploit or disclose a vulnerability until it has been mitigated; and a gray hat actor will neither exploit a discovered vulnerability nor report its existence.

Vulnerability Assessment Matrix

See attachment

Cybersecurity Risk Assessment

See attachment.

 

 

 

 

 

 

 

 

 

 

 

 

 


 

TO GET THIS OR ANY OTHER ASSIGNMENT DONE FOR YOU FROM SCRATCH, PLACE A NEW ORDER HERE