Project 4 Start Here
Transcript
You have been hired by Greiblock Credit Union (GCU), a $5 billion financial services firm as a cybersecurity consultant. Based on your forensic expertise, they have contracted with you to develop a comprehensive incident response and business continuity plan for their organization.
There are four steps to this project. Your deliverable to GCU will consist of reviewing and synthesizing the analysis described in Steps 1–3 and, in Step 4, concluding by developing techniques that your manager, Yvonne, can share with the organization to ensure preparedness to handle any future network intrusions.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Running head: RISK ASSESSMENT
Risk Assessment Scenario
Feedback for Project 4: Write a Response Readiness Plan
Submission Feedback
Does not meet the requirements of the assignment.
Your Response Readiness Plan for GCU should include:
● title page
● table of contents
● overview with references
● Forensic Response Readiness Plan
○ Define the business scenarios that require digital evidence.
○ Define the purpose of an evidence collection capability; this is the first step in forensic
readiness. The rationale is to look at the risk and potential impact on the business from the
various types of crimes and disputes. What is the threat to the business, and what parts are
vulnerable? Specifically, address the following:
■ reducing the impact of computer-related crime
1
RISK ASSESSMENT
2
■ dealing effectively with court orders to release data
■ demonstrating compliance with regulatory or legal constraints
○ Identify available sources and different types of potential evidence. The purpose of this step is
to scope the available evidence from across the range of systems and applications in use. Some
basic questions need to be asked about possible evidence sources, including these:
■ Where is data generated?
■ What format is it in?
■ For how long is it stored?
■ How is it currently controlled, secured and managed?
■ Who has access to the data?
■ Is it archived? If so, where and for how long?
○ Determine the evidence collection requirement.
○ Decide which of the possible evidence sources identified in Step 2 can help deal with the
crimes and disputes identified in Step 1, and whether further ways to gather evidence are
required. This is the evidence collection requirement. The purpose of this step is to produce an
evidence requirement statement, so that those responsible for managing the business risk can
communicate with those running and monitoring information systems through an agreed
requirement for evidence.
○ Establish a capability for securely gathering legally admissible evidence to meet the
requirement.
○ Evaluate evidence collection and how the organization will handle the following two
questions:
■ Can the evidence be gathered without interfering with business processes?
■ Can the evidence be gathered legally?
○ Establish a policy for secure storage and handling of potential evidence.
○ Ensure monitoring and auditing is targeted to detect and deter major incidents.
○ Recommend resources that can be used within the system architecture to detect and deter
incidents.
○ Specify circumstances when escalation to a full formal investigation (which may use digital
evidence) is required.
RISK ASSESSMENT
3
○ Recommend the training that is needed to help users understand their role in the digital
evidence process and the legal sensitivities of evidence.
● Conclusion
Risk Assessment Scenario
Scenario needing assessment
June is a 23-year-old second-year nursing student. June was very close to her mother
until her death six months ago. According to June, her mother was the only friend she had. She
could speak with her morning and evening of each day. Before her mother succumbed to cancer,
she underwent a lot of pain, and June was always troubled to see her mother undergoing such
pains. She was almost always crying as she saw her mother wreathing in pain. When her mother
died, it was possible to imagine that June’s pain would be over. However, her behavior change
has been a major source of worry for her teachers. It has been noted that June misses a lot of
classes. And even when she attends classes, she is always looking tired and sleepy. It is worrying
RISK ASSESSMENT
4
that June is always alone, and she makes no efforts to make new friends in the school. She is
always avoiding conversations with other students, including students who were previously close
to her. Even when there are group assignments, June will attend the group work, but she would
not make efforts to contribute to the discussions. As may be expected, June’s performance has
deteriorated to worrying levels. She is currently posting very low grades, although everyone
knows she is an intelligent lady. Most importantly, her teachers report that in the few instances
when June decides to talk to people, she would always mention that she is toted tired with this
life. She often says she feels like she needs to die since life has lost meaning to her. June’s
statements are worrying about her colleagues and teachers. They believe that June has a problem
that needs to be addressed. Upon questioning, June opens up and says that the images of her
ailing mother keep appearing to her, and she feels troubled. Thus, while she feels relief that her
mother rested and is no longer feeling the pain, she cannot forget the pain she underwent before
she died.
Specific behaviors that call for risk-assessment
A critical examination of June presents a wide range of behavioral changes that call for
risk assessment. One of the behaviors that make risk-assessment necessary is the fact that June
has decided to be a loner. When a person who was always social and jovial decides to avoid
people, t there is an indication that there are massive challenges she is facing, and this calls for
risk assessment. There must be a serious problem with June that makes her avoid even her
friends. Besides, the fact that June always looks tired and withdrawn is an indication of a deeplying problem, and there is a need to carefully carry out a risk assessment to determine the extent
of the problem and its potential impacts (Mathews et al., 2016). Finally, it is evident that June
often mentions being fed up with the world and that she wishes that she would be dead. She
RISK ASSESSMENT
5
indicates that she feels as if she is fed up with the world, and this reflects on her carefree
approach to life. These behavior changes call for the conduct of a robust risk-assessment
(Franklin et al., 2017).
Assessment processes
The risk assessment process is critical in this case to the extent that it will reveal the
nature of the problems that June face and, as a result, develop the most suitable solutions to
address the challenges. A risk-assessment will make it possible to obtain deep-lying issues that
may not be seen in a casual examination. The following is a discussion of some of the
components of the risk-assessment process.
Questions to determine June’s level of risk?
1. Kindly give a background of your family and your relationship with them.
Family plays an important role in determining the behavior of individuals. The primary
purpose of this question is to have an understanding of the existence of any family support to
the individual. While it is evident that June has lost her mother, it is possible that there are
other family support systems that she could use.
2. How do you cope with the condition?
The determination of coping strategies is essential in the determination of the appropriateness
of the ways in which she is addressing her situation. While carrying out a risk assessment, there
is always a need to make sure that one understands the approaches that one uses to address
problems. While there are coping mechanisms that reduce risk levels, there are also coping
mechanisms that will increase risk levels.
RISK ASSESSMENT
6
3. Have you sought any intervention?
When people are faced with a range of mental health challenges, it is expected that an
individual needs to seek mental health care. An individual who seeks mental health care is likely
to experience a low-risk level than an individual who has not sought mental health treatment.
Thus, it is critical to know from June whether or not she has received mental health care or any
other intervention.
The protocol to be followed
There are two main protocols that would be used in the assessment process. One of the
assessment protocols would be to ask a leading question to the patient. Leading questions are
supposed to give a counselor an opportunity to prove or disprove his suspicions (Kwon et al.,
2012). It is important to note that every time a client presents a case to a counselor, the counselor
would ordinarily have some suspicions. The use of the leading question will present an
opportunity for the professional to confirm or denounce his suspicion. Another protocol that may
be used is to ask questions that are based on the answers provided by the client. Thus, when the
counselor asks one question, and the client provides an answer, the counselor will ask the
succeeding question based on the response. The counselor will cease following that line of
questioning when he is satisfied. On the recording, the counselor may use an audio recording or
write down answers provided by the client. The choice of audio recording or manual recording of
the response will depend on the preference of the counselor.
RISK ASSESSMENT
7
References
Franklin, J. C., Ribeiro, J. D., Fox, K. R., Bentley, K. H., Kleiman, E. M., Huang, X., … & Nock,
M. K. (2017). Risk factors for suicidal thoughts and behaviors: a meta-analysis of 50
years of research. Psychological Bulletin, 143(2), 187.
Kwon, K. I., & Jo, S. Y. (2012). The relationship between counselor experience level, empathic
accuracy, and counseling outcome in the early phase of counseling. Asia Pacific
Education Review, 13(4), 771-777.
Matthews, T., Danese, A., Wertz, J., Odgers, C. L., Ambler, A., Moffitt, T. E., & Arseneault, L.
(2016). Social isolation, loneliness, and depression in young adulthood: a behavioral
genetic analysis. Social psychiatry and psychiatric epidemiology, 51(3), 339-348.
RISK ASSESSMENT
8
Running Head: ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
Organizational Policies and Procedures Report
Feedback for Project 4: Write a Response Readiness Plan
Submission Feedback
This is not the correct assignment for this dropbox. This is the Response Readiness Plan
dropbox
____________
Does not meet the requirements of the assignment.
Your Response Readiness Plan for GCU should include:
● title page
● table of contents
● overview with references
● Forensic Response Readiness Plan
○ Define the business scenarios that require digital evidence.
○ Define the purpose of an evidence collection capability; this is the first step in forensic
readiness. The rationale is to look at the risk and potential impact on the business from the
various types of crimes and disputes. What is the threat to the business, and what parts are
vulnerable? Specifically, address the following:
■ reducing the impact of computer-related crime
■ dealing effectively with court orders to release data
■ demonstrating compliance with regulatory or legal constraints
○ Identify available sources and different types of potential evidence. The purpose of this step is
to scope the available evidence from across the range of systems and applications in use. Some
basic questions need to be asked about possible evidence sources, including these:
■ Where is data generated?
1
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
■ What format is it in?
■ For how long is it stored?
■ How is it currently controlled, secured and managed?
■ Who has access to the data?
■ Is it archived? If so, where and for how long?
○ Determine the evidence collection requirement.
○ Decide which of the possible evidence sources identified in Step 2 can help deal with the
crimes and disputes identified in Step 1, and whether further ways to gather evidence are
required. This is the evidence collection requirement. The purpose of this step is to produce an
evidence requirement statement, so that those responsible for managing the business risk can
communicate with those running and monitoring information systems through an agreed
requirement for evidence.
○ Establish a capability for securely gathering legally admissible evidence to meet the
requirement.
○ Evaluate evidence collection and how the organization will handle the following two
questions:
■ Can the evidence be gathered without interfering with business processes?
■ Can the evidence be gathered legally?
○ Establish a policy for secure storage and handling of potential evidence.
○ Ensure monitoring and auditing is targeted to detect and deter major incidents.
○ Recommend resources that can be used within the system architecture to detect and deter
incidents.
○ Specify circumstances when escalation to a full formal investigation (which may use digital
evidence) is required.
○ Recommend the training that is needed to help users understand their role in the digital
evidence process and the legal sensitivities of evidence.
● Conclusion
2
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
3
Table of Contents
Overview …………………………………………………………………………….Error! Bookmark not defined.
References …………………………………………………………………………..Error! Bookmark not defined.
Purpose……………………………………………………………………………….Error! Bookmark not defined.
Scope ………………………………………………………………………………….Error! Bookmark not defined.
Policies ……………………………………………………………………………….Error! Bookmark not defined.
Dynamic Vulnerability Analysis…………………………………………Error! Bookmark not defined.
Procedures ……………………………………………………………………Error! Bookmark not defined.
Intrusion Detection………………………………………………………………………………………………………. 8
Procedures ………………………………………………………………………………………………………………. 8
Incident Response ……………………………………………………………………………………………………….. 9
Procedures ………………………………………………………………………………………………………………. 9
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
4
Enforcement ………………………………………………………………………..Error! Bookmark not defined.
Metrics ……………………………………………………………………………….Error! Bookmark not defined.
Dynamic Vulnerability Analysis…………………………………………Error! Bookmark not defined.
Intrusion Detection…………………………………………………………………………………………………….. 10
Incident Response ……………………………………………………………………………………………………… 10
Overview
The reason for developing this cybersecurity manual is to equip Greiblock Credit Union (GCU)
with the current policies and procedures to effectively address circumstances including, yet not restricted
to, cyber-attacks, fraud, and identity theft (UMUC, 2017). These policies and procedures are deliberately
coupled with various metrics so that their viability can be resolved, and the policy customized as needs
may dictate (UMUC, 2017). The documentation will explicitly incorporate the things that need to be
measured, the process of measuring them, and interventions that will be carried out using the available
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
5
information. The analysis of the dynamic vulnerability, technical and social aspects, as well as incident
response and intrusion detection, will equally be incorporated.
It is quite imperative that the GCU has functional policies and procedures plan on the standby in
case of money related digital security break. The organization has already singled out different vital areas
that require the establishment of a policy, including the intrusion detection frameworks, dynamic
vulnerability analysis, and incident response. The guidance that the policies and procedures plan provides
will assist with keeping up the reputation that the organization had earned to itself over the years. So as to
offer the necessary protection against the critical areas, they should be identified in time, be known and
comprehended. To start with, the dynamic vulnerability analysis offers the most reliable route to
program/system testing and progressive assessment (Dynamic Analysis, 2019). The motivation behind a
formidable dynamic vulnerability analysis is to discover any security mistakes that might be in a program
while it is used (Dynamic Analysis, 2017). This test conveys a message to a web application, which in
turn distinguishes vulnerabilities by carrying out attacks.
Subsequently, the intrusion detection system (IDS) becomes another critical area to focus
on. It is through IDS that monitoring of suspicious activities and is modified to alarm the system
if detection of suspicious activity happens (Tidjon, Frappier, & Mammar, 2019). The objective is to
detect whatever endeavors to go through security controls that have been set up. Currently,
intrusion detection systems exist in two types; active and passive (Thomas, 2017). The active
IDS is intended to automatically neutralize presumed attacks, whereas passive is just intended to
monitor and break down traffic (Thomas, 2017).
Lastly, we consider an incident response as the last critical area to consider. In any organizational
setup, there should always be a response team whose objective is to manage unlikely circumstances
rapidly, and at the most favorable cost as could be expected under the circumstances. The incident
response incorporates what comprises an incident and gives a bit by bit procedure to follow when an
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
6
incident happens. To ensure effectiveness, there are a total of six steps that the response team must adhere
to. Preparation is the first step in this case and involves ensuring the entirety of the system users and IT
staff are taken through adequate training (Sultana et al., 2019). Secondly, recognizable proof, deciding if a
specific incident is a genuine security concern. The third is situation containment, where a determination
is made to reveal the extent the issue has spread and endeavors to contain the areas under the influence.
Fourth is total annihilation, which involves narrowing to the reason for the occurrence and expelling all
vindictive and malicious code. Coming fifth is recoveries, which are all about ensuring software, and all
data is reestablished and scanning the system to weed out all vulnerabilities. It is in this step that the
system is put under continuous monitoring for potential weakness signs. The last step involves learning
and carrying out further analysis to unearth how the incident happened and to decide how to keep this
circumstance from happening once more.
Purpose
GCU is an organization whose line of service is in the financial industry. The company is
headquartered in Chicago City, Illinois, and has at least 100 branches evenly spread across the
Midwest. The organization intends to diminish data theft, cyber-attacks, and fraud by expanding
the integrity and security of the respective information systems. The policies conversed in this
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
7
documentation incorporate incident response, interruption identification, dynamic vulnerability
analysis, and intrusion detection.
Scope
The GCU’s policy scope will be implemented throughout the organization’s headquarter
and branches spread across the Midwest. Because of the contemplations that surround the
security of financial institutions, outsourcing IT services has since been brought to an end; they
are completely carried out and kept up in-house. For such reasons, IT employees must be trained
adequately to deal with explicit tasks inside the organization. On the off chance that the IT team
is trained and is exclusively committed to one organization; at that point, they will have the
option to react to security breaches faster. These policies will incorporate all GCU workers who
possess the ability to view, procedure, or spare any financial related data or computer
information. This approach doesn’t supplant some other GCU arrangements, however, essentially
adds to them.
Policies
Dynamic Vulnerability Analysis
Dynamic vulnerability analysis can be actualized in the company by testing all its
networks so as to unearth vulnerabilities that may have found their way in and also to identify
potentially vulnerable entry points. In the event that any vulnerability is found, patches will be
generated that will endeavor to restore normalcy. After having applied these patches, the analysis
process focusing on the effectiveness of these patches will be carried out, and this will, in turn,
be used to gauge success chances on occasions such as this later on.
Procedures
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
8
The company will be required to carry out several steps while conducting a vulnerability
test. The initial step will involve defining and classifying the system resources or the network.
This is closely succeeded by leveling relative degrees of significance to the very system. After
having addressed that, the various dangers will be distinguished to every network resource, and a
system will be created to manage the most major issues first. Immediately all these are
addressed, characterizing, and actualizing different approaches to diminish the results if an attack
happens is the last step. In the event that security breaches are discovered, there can a need for
full disclosure; whoever found the defenselessness may make the exposure. The last step is
utilized to evaluate vulnerabilities, utilizing moral hacking, an intentional hack to give rules to
create countermeasures with expectations of forestalling a certifiable assault.
Intrusion Detection
As previously mentioned, GCU will use a system that detects intrusion and monitor any
movement that happens on the GCU computer networks and system. The technique will
constantly examine the system for indications of potential incidents. These incidents include
violating various computer policies.
Procedures
GCU will use a system that detects intrusion and monitor any movement that happens on
the GCU computer networks and system. It will create alerts as needed and in light of the
movement that coordinates any trends of noxious occurrences (Intrusion Detection Guidelines,
2017). At times an alarm can trigger a response that is fully active, which then conveys an
automatic reaction to the risk at hand, or it can trigger a passive reaction, which just tells the
system there is an issue. Intrusion detection frameworks let heads react in an opportune way to
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
9
the undermined device. A few IDS are installed on the network that screens traffic for one
specific system, or is host-based and screens a single host for any suspicious activity.
Incident Response
When it comes to incident response, the company will always have its team on the
standby as guided by the outcomes of the intrusion detection system analysis. The team will
always be able to act as promptly as possible in the event the need is occasioned.
Procedures
As critical as it sounds, training employees in readiness to occurrence unforeseeable
events that can alter normal operations of a business is a top priority in American society. The
incident response team may not necessarily be composed of membership from one line of
expertise; some can be drawn from the IT department or HR. There are a total of six steps to
ensure that an occurrence is taken care of adequately. Coming first is a preparation step where
the company has to ensure that all the company employees internalize the significance of
updating safety efforts and prepares them on the most proficient way to respond rapidly. The
subsequent step is identification. Here, the response team acts to determine if an occurrence can
be classified as a security issue. The third is situation containment, where a determination is made to
reveal the extent the issue has spread and endeavors to contain the areas under the influence. Fourth is
total annihilation, which involves narrowing to the reason for the occurrence and expelling all vindictive
and malicious code. Coming fifth is recoveries, which are all about ensuring software, and all data is
reestablished and scanning the system to weed out all vulnerabilities. It is in this step that the system is
put under continuous monitoring for potential weakness signs. The last step involves learning and
carrying out further analysis to unearth how the incident happened and to decide how to keep this
circumstance from happening once more.
Enforcement
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
10
There is a great need to rally all GCU employees in adherence to the policies and procedures
discussed in this documentation. It should be clear from the onset what may likely be the consequence for
any employee who is deemed to have violated them. Reparations can be in the form of dismissal, fining,
or pardoning in the event the offense committed lacks seriousness. The company will use a log-in option
that will constantly display the possible consequences of violating the policies each time a user utilizes
the interface.
Metrics
Dynamic Vulnerability Analysis
The best way to determine the effectiveness of the vulnerability analysis is to gather information
with respect to the number of users who by-pass important protocols, such as weak passwords, exiting
work stations without having them logged off, by and large, not following the laid down security
arrangements. The information will be gathered and examined quarterly to show the sort and recurrence
of numerous vulnerabilities.
Intrusion Detection
Again here, the best way to determine the effectiveness of the intrusion detection system
will involve collecting data then compiling the number of intrusion incidences and also the types
that have occurred. Important information such as time and date of the occurrence will as well be
recorded to assist with analysis for possible trends. The information will be gathered and
examined quarterly to show the sort and recurrence of numerous vulnerabilities.
Incident Response
Finally, the effectiveness of the incident response mechanism employed by the company
will as well be determined through gathering data concerning the number of incidences that have
taken place and time taken to restore the situations back to normalcy. A comparison will be made
between a series of incidences and durations to make inferences on the effectiveness of the
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
GCU’s incident response going forward. The information will be gathered and examined
quarterly to show the sort and recurrence of numerous vulnerabilities.
References
Dynamic Analysis. (2019, February 03). Retrieved February 20, 2020, from
https://www.veracode.com/products/dynamic-analysis-dast/dynamic-analysis
Intrusion Detection Guideline. (2017). Retrieved February 20, 2020, from
https://security.berkeley.edu/intrusion-detection-guideline
11
ORGANIZATIONAL POLICIES AND PROCEDURES REPORT
Rossi, B. (2016, September 16). In-house vs. outsourced IT: what makes the most business sense?
Retrieved February 20, 2020, from http://www.information-age.com/house-vs-outsourced-itwhat-makes-most-business-sense-123461194/
Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2019). Survey on SDN based network intrusion
detection system using machine learning approaches. Peer-to-Peer Networking and
Applications, 12(2), 493-501.
Thomas, J. (2017). Types of Intrusion Detection Systems (IDS). Retrieved February 12, 2017, from
http://www.omnisecu.com/security/infrastructure-and-email-security/types-of-intrusiondetection-systems.php
Tidjon, L. N., Frappier, M., & Mammar, A. (2019). Intrusion Detection Systems: A Cross-Domain
Overview. IEEE Communications Surveys & Tutorials, 21(4), 3639-3681.
12