Student: Stanley

Security Assessment Report (SAR):

In this project, there are eight steps, including a lab, that will help you create your final deliverables. The deliverables for this project are as follows: Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab. Project 2 Deliverables Security Assessment Report (SAR) I. Title Page II. Abstract III. Organization a. Purpose b. Organizational structure c. Network system description d. Diagram of the organization (LAN, WAN, intranet, extranet, internet) e. Identify system boundaries (inner networks separated from outside networks) IV. Enterprise Threats a. Internal Threats b. External Threats c. Threat Intelligence i. OPM Breach ii. OPM vs Your Organization 1. Differences 2. Similarities d. Security Issues in the Organization V. Scanning a. Lab Results VI. Relational Database Management System (RDBMS) a. Role of Firewalls b. Encryption Methods Used in Firewalls c. RDBMS Auditing i. Describe the auditing techniques and how it protects the security objectives of confidentiality, integrity, and availability VII. Threat Identification a. Organization Cyber Attacks b. Remediation & Mitigation Techniques i. Access Control ii. Database Transaction iii. Firewall Log Files iv. Encryption 1. Purpose 2. Function VIII. Conclusion IX. References Risk Assessment Report (RAR) I. Title Page II. Abstract III. Risk and Remediation a. Organizational Risk (NIST, 2012) b. Organizational Remediation Efforts c. Organizational Threats/Vulnerabilities i. Likelihood of occurring ii. Impact to organization d. Cost/Benefit Analysis of Remediation Efforts IV. Plan of Actions & Milestones (POA&Ms) a. Creation b. Monitoring c. Closing V. Conclusion VI. References References 1. Scarfone, K., & Hoffman, P. (2009). Guidelines on firewalls and firewall policy: Recommendations of the National Institute of Standards and Technology. (Special Publication 800-41). U.S. Department of Commerce, National Institute of Standards and Technology. Retrieved August 5, 2016, from http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf 2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2012). Information security: Guide for conducting risk assessments (Special Publication 800-30). Retrieved August 5, 2016, from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf 3. http://2012books.lardbucket.org/books/getting-the-most-out-of-information-systems-v1.3/index.html 4. Introduction to parallel & distributed algorithms by Carl Burch, Hendrix College, August 2009 5. https://lti.umuc.edu/contentadaptor/topics/byid/820a901d-e710-4e8c-9b19-8aaf41baf091 6. Singhal, A., Winograd, T., & Scarfone, K. (2007). Computer security: Guide to secure web services: Recommendations of the National Institute of Standards and Technology (Special Publication 800-95). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf 7. https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf 8. https://umuc.equella.ecollege.com/file/6aa8bfb8-7053-4fed-94f6-2547e454c501/1/web/viewer.html?file=https://umuc.equella.ecollege.com/file/830d820d-c407-49df-ab83-2886fd3a7cbf/1/NISTCloudComputingStandardsRoadmap.pdf 9. Distributing Computing by John DeNero http://composingprograms.com/pages/45-distributed-computing.html 10. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing: Recommendations of the National Institute of Standards and Technology. (Special Publication 800-145). U.S. Department of Commerce, National Institute of Standards and Technology. Retrieved August 4, 2016, from nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf 11. Trusted Computing Strengths Cloud Authentication by Eghbal Ghazizadeh, Mazdak Zamani, Jamalul-lail Ab Manan, and Mojtaba Alizadeh for the Sceintific World Journal, Volume 2014, Article ID 260187, 17 pages https://www.hindawi.com/journals/tswj/2014/260187/ 12. http://www.sciencedirect.com/science/article/pii/S1877042814038592 On this site is access to three more resources 13. Gelles, M. G., & Mitchell, K. (2015). Top 10 considerations for building an insider threat mitigation program. Journal Of Threat Assessment And Management, 2(3-4), 255-257. doi:10.1037/tam0000059 14. Haktip 3: Packet Sniffing 1010: Promiscuous Mode https://lti.umuc.edu/contentadaptor/topics/byid/6c2ac65f-688d-40b2-8856-9f17e7fc0a30 15. CIT 480: Security Computer Systems: TCP/IP Security https://umuc.equella.ecollege.com/file/6aa8bfb8-7053-4fed-94f6-2547e454c501/1/web/viewer.html?file=https://umuc.equella.ecollege.com/file/c14f0796-e3ff-4883-b5bb-6b7bd3bf2eac/1/SecuringComputerSystemsTCPIPSecurity.pdf 16. Bourgeois, D. T. (2014). Information systems for business and beyond. The Saylor Academy. Retrieved August 5, 2016, from http://www.saylor.org/site/textbooks/Information%20Systems%20for%20Business%20and%20Beyond.pdf 17. Improving Network Security: Next Generation Firewalls and Advanced Packet Inspection Devices by Steven Thomason Global Journal of Computer Science and Technology Network, Web & Security, Volume 1, 2 Issue 13, Version 1.0, Year 2012 18. Spoofing Attacks on Packets and Methods for Detection and Prevention of Spoofed Packets by K. Phalguna Rao, Ashish B. Sasankar, Vinay Chavan from International Journal of Science Engineering and Advance Technology 19. http://csrc.nist.gov/groups/SNS/mobile_security/documents/mobile_agents/ComputerNetworkIDS.pdf 20. Defending against denial of service attacks https://securosis.com/assets/library/reports/Securosis_Defending-Against-DoS_FINAL.pdf 21. Mell, P., Kent, K., & Nusbaum, J. (2005).Guide to malware incident prevention and handling: Recommendations of the National Institute of Standards and Technology. (Special Publication 800-83). U.S. Department of Commerce, National Institute of Standards and Technology (NIST). Retrieved August 5, 2016, from http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf 22. https://globaljournals.org/GJCST_Volume16/1-State-of-the-Art.pdf 23. http://file.scirp.org/pdf/JCC_2014061709494898.pdf 24. Attack Possibilities by OSI Layer https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf 25. http://www.sciencedirect.com/science/article/pii/S1877050915007000 26. NIST SP 800-115 27. Mastering Metasploit. (n.d.). Retrieved August 4, 2016, from https://archive.org/details/MasteringMetasploit 28. Singh, G., Goyal, S., & Agarwal, R. (2015). Intrusion Detection Using Network Monitoring Tools. IUP Journal Of Computer Sciences, 9(4), 46-58. 29. Risk Assessment https://umuc.equella.ecollege.com/file/6aa8bfb8-7053-4fed-94f6-2547e454c501/1/web/viewer.html?file=https://umuc.equella.ecollege.com/file/870f372d-3479-4ba0-9083-b8c7c9efaec9/1/RiskAssessment.pdf 30. High level organization of the standard http://www.pentest-standard.org/index.php/Main_Page Assessing Information System Vulnerabilities and Risk You are an information assurance management officer (IAMO) at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management.” We don't know how this happened, but we need to make sure it doesn't happen again, says Karen. You'll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk, you open Karen's email. She's given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report, or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation. Close Assessing Information System Vulnerabilities and Risk Step 1: Enterprise Network Diagram In this project, you will research and learn about types of networks and their secure constructs that may be used in an organization to accomplish the functions of the organization’s mission. You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. You will discuss the security benefits of your chosen network design. Read the following resources about some of the computing platforms available for networks and discuss how these platforms could be implemented in your organization: • common computing platforms • cloud computing • distributed computing • centralized computing • secure programming fundamentals Include the rationale for each of the platforms you choose to include in your network design. 1. Describe the embedded OS. 2. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture. Include a brief definition of operating systems and information systems in your SAR. Step 2: Enterprise Threats Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report includes many security deficiencies that likely left OPM networks vulnerable to being breached. In addition to those external threats, the report describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach. You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization. Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Professionals in the Field The OPM breach is a matter of historical fact. Your scholarly research into this matter can and should inform your approach to cybersecurity. Your ability to fluently converse on past cyber breaches is one way of demonstrating to potential employers that you have the necessary knowledge, skills, and attitudes to be a valuable addition to their team. Take notes as you read about this breach—feel free to search for other major breaches—and pay attention to the mistakes that were made that and what actions were taken afterward. As a part of the interview process, you might be asked to apply this knowledge to a new situation. Step 3: Scan the Network - LAB work – Disregard this You will now investigate network traffic and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Explore the tutorials and user guides to learn more about the tools to monitor and analyze network activities you will use. You will perform a network analysis of the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. You will identify any suspicious activities on the network through port scanning and other techniques. Include this information in your SAR. Step 4: Identify Security Issues You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. Now it's time to identify the security issues in your organization's networks. You have previously learned about password-cracking tools; in this step, provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? Step 5: Firewalls and Encryption Next, examine these resources on firewalls and auditing related to the use of the Relational Database Management System (RDBMS), the database system and data. Also review these resources related to access control. Determine the role of firewalls, encryption, and auditing for RDBMS in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in your developing SAR. Step 6: Threat Identification Now that you know the weaknesses in your organization's network and information system, you will determine various known threats to the organization's network architecture and IT assets. Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? • IP address spoofing/cache poisoning attacks • denial-of-service attacks (DoS) • packet analysis/sniffing • session hijacking attacks • distributed denial-of-service attacks In identifying the different threats, complete the following tasks: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems, as well as the types of remediation and mitigation techniques available in your industry and for your organization. 2. Identify the purpose and function of firewalls for organization network systems and how they address the threats and vulnerabilities you have identified. 3. Discuss the value of using access control, database transaction, and firewall log files. 4. Identify the purpose and function of encryption as it relates to files, databases, and other information assets on the organization's networks. Include these in your SAR. Step 6: Threat Identification Now that you know the weaknesses in your organization's network and information system, you will determine various known threats to the organization's network architecture and IT assets. Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? • IP address spoofing/cache poisoning attacks • denial-of-service attacks (DoS) • packet analysis/sniffing • session hijacking attacks • distributed denial-of-service attacks In identifying the different threats, complete the following tasks: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems, as well as the types of remediation and mitigation techniques available in your industry and for your organization. 2. Identify the purpose and function of firewalls for organization network systems and how they address the threats and vulnerabilities you have identified. 3. Discuss the value of using access control, database transaction, and firewall log files. 4. Identify the purpose and function of encryption as it relates to files, databases, and other information assets on the organization's networks. Include these in your SAR. Step 7: Risk and Remediation What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate and mitigate vulnerabilities. Read this risk assessment resource to get familiar with the process, then prepare a risk assessment. Be sure to first list the threats, then the vulnerabilities, and then the pairwise comparisons for each threat and vulnerability. Then determine the likelihood of each event occurring and the level of impact it would have on the organization. Include this in your risk assessment report (RAR). Step 8: Creating the SAR and RAR Your research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. Prepare a Security Assessment Report (SAR) with the following sections: 1. Purpose 2. Organization 3. Scope 4. Methodology 5. Data 6. Results 7. Findings The final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment. Prepare a risk assessment report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings. Include this high-level plan in the RAR

Budget: $11.00

Due on: April 24, 2020 00:00

Posted: 5 months ago.

Answers (0)