Tuitorial By: Prof

Project Scenario - Computer Forensics

Project Scenario - Computer Forensics Organization Name: Mega Corp Inc. With high-visibility breaches in the news impacting such well-known companies as RSA and Sony, the board of directors of Mega Corp has directed the CEO to establish incident response and forensics capabilities that will ensure they are prepared to meet any potential challenges that might come the way of the organization. The CEO wants an independent perspective and has recruited you to be his highly paid consultant. You will provide him with a set of recommendations that he can use to meet the board's request. The recommendations you will be expected to provide as the deliverables for this project are: 1. Properly differentiate forensics and incident response activities. 2. Recommend appropriate changes to the existing architecture and IT assets of the project organization. 3. Recommend an appropriate set of preventative controls for implementation in the project organization. 4. Recommend appropriate physical space, incident response, and forensics tools requirements for the project organization and forensics partner. 5. Identify appropriate roles and responsibilities needed for effective forensics incident response for the project organization. 6. Develop appropriate incident classification and response procedures for the project organization. 7. Develop appropriate recommendations for continuous performance improvement of forensics and incident response procedures for the project organization. High Level Details Locations: • Headquarters: Phoenix, Arizona. • Distribution sites: New York, San Francisco, and New Orleans. • Global locations: Germany, India, China, Australia, South Africa, and Dubai. Employees: • Phoenix, Arizona: About 1200 users. • Distribution sites: o New York: 45 users. o San Francisco: 30 users. o New Orleans: 25 users. • Global locations: o Germany: 15 users. o India: 12 users. o China: 10 users. o Australia: 8 users. o South Africa: 6 users. o Dubai: 5 users. Main Infrastructure items: 14. Hosts: They are primarily Windows XP but there are examples of both Macintosh- and Linux-based systems that have been approved for use at some sites. 15. Cisco Routers and Switches: Each site will include their local switches and routers, which will be connected directly to the main data center located at the headquarters in Arizona. 16. Firewalls: The headquarters and distribution sites have redundant ASA firewalls at the edge of their network and the global locations rely on the host-based Windows firewalls to protect their systems. 17. Intrusion Detection: The malware solution for the organization is purchased and managed by each location and is the only form of IDS that is currently in place. 18. Domain servers: Running Windows 2008. 19. DNS servers. 20. DHCP servers. 21. Active Directory. 22. Exchange Mail servers. 23. File & Print servers. 24. ERP system (such as PeopleSoft). Current Environment Mega Corp Inc. is a multi-national conglomerate consisting of two primary lines of business. These are: 25. Mega Corp Consulting. The security consulting operation is located in the corporate headquarters in Phoenix, with remote partners responsible for sales and consultant oversight housed in offices within the nine sales, warehousing, and distribution centers worldwide. 26. Mega Corp Solutions. The security products sales and distribution operations are also located in the corporate headquarters in Phoenix. Sales and solutions support staff are housed in offices within the nine sales, warehousing, and distribution centers worldwide. Mega Corp owns a large office complex in Phoenix, where it is the sole tenant. The building houses the majority of IT staff and assets, both of which are located in the basement of the building in a secure, environmentally controlled space. The exception is first-level support, which is outsourced to India and shares space with the sales and warehousing functions in the country. Remote sales, warehousing and distribution centers are all located in commercial space settings in shopping malls. They are spaces with separate entrances and exits that have common walls with the neighboring businesses. Some of the locations have a common basement or attic space that they share as storage space with the existing businesses in the mall. These locations will include your backbone network devices (routers, switches), domain controllers, DNS, mail servers, and firewall and intrusion detection systems that allow users to work locally in the event of a broader system failure. Data on the servers is replicated twice a day from your local sites to the global locations to ensure a safe and secure date transactions between sites and help with a speedy data recovery in times of disasters. The network is segmented into 10 global virtual LANs that logically separate into the following user groups: • Information Technology. • Management. • Finance. • Human Resources. • Marketing and Sales. • Product Development. • Training. • Remote Users. • Security and Facilities Departments. • All other users. New system user requests are completed by the site manager via an electronic form located on the company intranet. User management staff completes those requests from their headquarters location and e-mail the site manager with the account and password information. Account ID is the first initial and last name of the employee. Multiples are mitigated through the addition of a 1, a 2, or, if necessary, a 3 at the end of the ID. Temporary passwords repeat the account ID and then require the user to change the password at logon. All users will be hosted in the main Active Directory servers, which will be designated as the corporate domain system for all hosts in the company. Project Objectives To successfully complete this project, you will be expected to: 37. Properly differentiate forensics and incident response activities. 38. Recommend appropriate changes to the existing architecture and IT assets of the project organization. 39. Recommend an appropriate set of preventative controls for implementation in the project organization. 40. Recommend appropriate physical space, incident response, and forensics tools requirements for the project organization and forensics partner. 41. Identify appropriate roles and responsibilities needed for effective forensics incident response for the project organization. 42. Develop appropriate incident classification and response procedures for the project organization. 43. Develop appropriate recommendations for continuous performance improvement of forensics and incident response procedures for the project organization. Week 2 • Preventative Controls Strategy (3 pages) Using the recommendations you have developed previously for the project organization and the materials covered in the reading and tutorials, write a short paper that includes a set of recommendations for preventative controls the organization should implement, to ensure the integrity of future investigations and to enhance the security posture of the organization. Include the following in your paper: • List examples of preventative controls that can be implemented to support computer forensics and incident response activities. • Identify the potential areas in which existing preventative controls are lacking and suggest appropriate modifications. • Address who (in what role) within the organization should be assigned responsibility for implementation and management of these controls. • Provide support for your recommendations. When complete, submit your documents in the assignment area. [u02d1] Unit 2 Discussion 1 The Importance of Preventative Controls (1-page Discussion) As part of your planning for an effective forensics and incident response program for MegaCorp you have done a risk analysis of the current environment. Discuss the areas of improvement to the overall IT environment and controls that are necessary to create an effective forensics and incident response plan. •

Attachments
Week2-OrganisationalSecurity.docx Week2-ComptuerForensics.docx

Budget: $10.00

Due on: January 14, 2020 00:00

Posted: 10 months ago.

Answers (0)