Mission #1 Incident Response State – Section A: Incident Response

Mission #1 Incident Response State – Section A: Incident Response Obtain

High of Obtain

Instructions
Obtain the connected detailed project description for this mission. You may perchance perchance also restful also review the rubric confirmed below for additonal records in regards to the requirements for the mission and how your work will likely be graded. Please ensure that you exercise each and every the project description file AND the rubric when finishing up your work. For Section A of Mission #1, you may perchance complete the Incident Response Obtain (utilize the template stumbled on at the cease of the project description file). Jabber the records provided in the project file and in Weeks 1-4 in the examine room. Search the advice of the “Notes to Students” (in the project description file) for additonal directions concerning completion of this project. Your submission file containing the accomplished sign would possibly perchance perchance also restful be in MS Note format (.docx or .doc).

Bottom of Obtain

Mission #1 Incident Response State – Section B: Summary After Action State

High of Obtain

Veil Project Data
Turnitin™
This project will likely be submitted to Turnitin™.
Instructions
The project description file for Mission 1 (each and every system) is connected to this project entry. The identical project description file is connected to the Mission #1 Section A project entry. For this allotment of Mission #1, you may perchance complete and put up a Summary State in story format. Your document must secure four foremost sections. The major sections are: · Introduction · Prognosis of the Incident (summarize what in regards to the red team’s activities / the resulting security incidents the utilize of the records provided in the examine room and in this file) · Classes Realized (what went disagreeable in the incident response task, what did not happen that ought to secure happened) · Solutions (what wants to alternate, who would possibly perchance perchance also restful take actions, what actions would possibly perchance perchance also restful be taken to present a take to the incident response capability) Please review the rubric for this document sooner than submitting your work for grading. Put your Mission #1 Section B: Summary State in MS Note format (.docx or .doc) for grading.

Bottom of Obtain

,

Mission #1: Incident Response State

Your Job

You were assigned to wait on with After Action Reporting in toughen of the Sifers-Grayson Blue Team. Your rapid activity is to wait on in analyzing and reporting on a Red Team penetration take a look at described later in this doc. As allotment of that document, you may perchance name weaknesses and vulnerabilities exploited by the attackers (the Red Team), bring together a region of lessons realized, after which assemble suggestions for actions the company would possibly perchance perchance also restful take to shut the gaps of their cybersecurity posture (at a minimum, it be predominant to address the identified vulnerabilities and weaknesses that had been exploited by the Red Team). The Blue Team has provided you with a region of endeavor architecture diagrams (count on figures 1-4 in this file) to support along with your analysis of the incident and preparation of the summary document. You may perchance perchance also restful also utilize the readings from Weeks 1-4 to can enable you name security gaps and incident response capabilities which the company wants to put in power.

Background

Sifers-Grayson is a household owned industry headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Path, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He’s the sizable-grandson of one of many company’s founders and is also the head of the engineering department. The executive working officer is Michael Coles, Jr. who’s Ira John’s sizable nephew. Mary Beth Sifers is the executive monetary officer and also serves as the head of personnel for the company.

Recent contracts with the Departments of Protection and Fatherland Safety secure imposed extra security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to examine NIST Particular E-newsletter 800-171 Maintaining Managed Unclassified Data in Nonfederal Data Techniques and Organizations. The company must also observe provisions of the Protection Federal Acquisition Rules (DFARS) including allotment 252-204-7012 Safeguarding Covered Protection Data and Cyber Incident Reporting. These requirements are designed to assemble obvious excellent-trying technical records, provided by the federal authorities and kept on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is safe from unauthorized disclosure. This records involves utility designs and source code. The contract requirements also mandate that Sifers-Grayson document cyber incidents to the federal authorities in a timely manner.

The company has agreed to permit an external Red Team to behavior penetration trying out of its operations to support assemble obvious it is able to fulfill the authorities’s requirements for cybersecurity and the safety of authorities owned excellent-trying but unclassified records. The company has also assigned personnel to behavior After Action Opinions of the penetration trying out.

Company Operations

Engineering Department

The Engineering Department is housed in the company’s R&D center with a satellite tv for pc facility at the take a look at fluctuate. The desktop and pc computers are a combined secure of hardware (more than one producers) working Home windows 8.1, Home windows 10, and variants of Apple’s OSX and iOS. The toughen for these computers and the inner networks is supplied by the junior engineers assigned to one or more of the department’s pattern teams. The Engineering Department’s philosophy is that the total company’s engineers wants to be trained and able to providing toughen for any and all hardware, utility, and networks utilized by the department. This coaching is supplied by on-the-job experiences and mentoring by more senior engineers. When a announce arises, the department head or one of many lab supervisors assigns an engineer to win and fix the announce.

Engineering Department: SCADA Lab

The SCADA lab changed into firstly setup in 1974. It has been upgraded and rehabbed a number of occasions since then. The most most fashioned hardware and utility upgrades had been accomplished three years ago after the lab changed into hit with a ransomware assault that exploited a number of Home windows XP vulnerabilities. At that time, the engineering and develop workstations had been upgraded to Home windows 8.1 professional. A 2nd a success ransomware assault came about three months ago. The company paid the ransom in each and every cases for the reason that lab did not secure file backups that it would possibly maybe most likely perchance perchance utilize to win better the damaged files (in the foremost case) and did not secure machine backups that it would possibly maybe most likely perchance perchance utilize to rebuild the machine not easy drives (in the 2nd case).

The SCADA Lab is locked into the utilize of Home windows 8.1. The planned transition to Home windows 10 is on indefinite assign due to the technical considerations encountered at some level of outdated attempts to alter required utility functions to work beneath the contemporary version of the working machine. This implies that an incident response and restoration capability for the lab must toughen the Home windows 8.1 working machine and its utilities.

Engineering Department: R&D DevOps Lab

The R&D DevOps Lab changed into in-constructed 2010 and is used to bag, combine, take a look at, toughen, and assign utility and firmware (utility embedded in chips) for the company’s robots, drones, and non-SCADA industrial defend watch over systems product traces. The workstations in this lab are working Home windows 10 and are configured to bag security updates per Microsoft’s monthly agenda.

Knowledge Center & Mission IT Operations

The company makes utilize of a aggregate of Home windows 10 workstations and laptops as the foundation of its endeavor IT capabilities. The servers in the records center and the engineering R&D center are constructed upon Home windows Server 2012. A firewall changed into set in to offer protection to the Knowledge Center from community assaults but, as you may perchance perchance also count on in Figure 2, the placement of the firewall on the corporate community gives no security for the Knowledge Center. An external attacker would possibly perchance perchance utilize the community path by the R&D center’s networks to reach the Knowledge Center.

Contractual & Regulatory Necessities

1. Newly won authorities contracts now require compliance with DFARS §252.204-7008, 7009, and 7012

· http://www.acq.osd.mil/dpap/dars/dfars/html/contemporary/252204.htm

· https://www.acquisition.gov/dfars

2. Spinoff requirements encompass:

· Implementation of and compliance with NIST SP 800-171 Maintaining Managed Unclassified Data in Nonfederal Data Techniques and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf

· Compliance with DFARS 252.239-7009 Representation of Jabber of Cloud Computing and 7010 Cloud Computing Products and companies (count on https://www.acq.osd.mil/dpap/dars/dfars/html/contemporary/252239.htm#252.239-7009

3. Extra Contractual Necessities for Lab Operations encompass:

· Incident Response per NIST SP-800-61 ( Pc Safety Incident Coping with Data)

· SCADA Safety per NIST SP 800-82 ( Data to Industrial Maintain watch over Techniques Safety)

· Software / Techniques Trend Lifecycle (SDLC) Safety per NIST SP 800-64 ( Safety Considerations in the System Trend Life Cycle)

· Configuration Administration per NIST SP 800-128 ( Data for Safety-Focused Configuration Administration of Data Techniques)

Red Team Penetration Testing

Sifers-Grayson employed a cybersecurity consulting firm to support it meet the safety requirements of a contract with a federal agency. The consulting firm’s Red Team done a penetration take a look at and changed into in a position to bag access to the engineering center’s R&D servers by hacking into the endeavor community by an unprotected community connection (count on resolve 2). The Red Team proceeded to exfiltrate files from those servers and managed to rob 100% of the develop documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the worker logins the utilize of keylogging utility set in on USB keys that had been left on the lunch table in the headquarters building worker lounge (count on Figure 3). The Red Team also authorized that the Sifers-Grayson workers had been relatively pleasant and talkative as they opened the RFID managed doors for the “contemporary of us” on the engineering workers (who had been if truth be told Red Teamers).

The Red Team continued its efforts to penetrate the endeavor and used a stolen login to install malware over the community onto a workstation connected to a PROM burner in the R&D DevOps lab (Ogle Figure 3). This malware made its system onto a PROM that changed into then set in in an AX10-a take a look at automobile undergoing flight trials at the Sifers-Grayson take a look at fluctuate (Ogle Figures 1 and 4). The malware “phoned dwelling” to the Red Team over a cell connection to the R&D center. The Red Team took defend watch over of the take a look at automobile and flew it from the take a look at fluctuate to a safe touchdown in the auto automobile parking lot at Sifers-Grayson headquarters.

The Red Team used three stolen logins to ship Phishing Emails to workers. These phishing emails looked to reach from coworkers (workers of the company) and contained a hyperlink to one of three movies. Every video changed into linked to a server that tracked the e-mail address and IP address of the pc used to access the video. The Red Team reported that over 80% of the recipients clicked on the video hyperlink for adorable kittens or adorable cats. Twenty p.c (20%) of the recipients clicked on the video hyperlink for a industry records myth. A video hyperlink to a sports activities tournament wrap-up for the Kentucky Volunteers basketball team had over 95% click-by rate. All three movies displayed a “Net page No longer Chanced on (404 Error)” message from the target server. The Red Team did not set a monitoring beacon in the emails to examine forwarding of the phishing emails. But, the team reported that the target server mild e-mail addresses and IP addresses for over 1500 external recipients within 24 hours of the customary mailing; at that level, the target server changed into shutdown.

After finishing up their penetration assessments, the Red Team provided Sifers-Grayson executives with a draw exhibiting their analysis of the menace ambiance and doable weaknesses in the company’s security posture for the R&D DevOps Lab (count on resolve 5).

Incident Response All the way by the Penetration Take a look at

Sifers-Grayson has diminutive Incident Coping with and Response capabilities in position. The company's Chief Working Officer has a little IT team (team lead and two toughen experts) that focuses totally on the IT wants of headquarters personnel. Their duties encompass staffing the support desk cell phone line and facing any incidents that have an effect on availability of company owned IT equipment and networks. The single firewall for the company falls beneath this team’s management and defend watch over. It changed into not able to detecting the Red Team’s intrusions and changed into not configured to offer alerts for any mess ups or faults.

Pc and community operations for the SCADA Lab and R&D DevOps Labs secure traditionally been the accountability of the Engineering department. Engineering sees itself as atomize away the remainder of the company and takes care of its maintain IT wants. There isn’t this kind of thing as a proper incident response capability. As a change, the lab supervisor for every and every lab duties engineering workers to defend watch over the workstations. If community repairs or upgrades are required, the Engineering Department hires contractors to win the work. Responsibility for providing oversight for these contractors is circled between the junior engineers.

The Knowledge Center supervisor has a workers of two systems administrators who’re also in price of identifying and responding to incidents which affect server availability. The Knowledge Center would not secure any automatic detection systems in position to offer alerts for intrusions. It does, alternatively, secure heat alarms, smoke detectors, and water detectors which sound audible alerts by klaxon horns. Neither of the machine administrators detected any anomalies in server or native thunder community operations at some level of the penetration take a look at.

There changed into no effective incident response at some level of the penetration take a look at. In sizable allotment, this changed into due to the the dearth of a centralized team with accountability for endeavor monitoring and response for community incidents and computer security incidents. Incident response also fell rapid on myth of there had been no automatic detection capabilities. In the end, the company’s ability to win forensics investigations after the penetration trying out changed into diminutive due to the an absence of records (no trained personnel), lack of forensic analysis instruments, and a diminutive series of log files on the servers and firewall.

Your Deliverables

Your deliverables for this project are:

1. Section A: Carried out Incident State Obtain

2. Section B: Summary After Action State in story format

First, you may perchance perchance also restful complete the Sifers-Grayson Cybersecurity Incident State Obtain (utilize the template stumbled on at the cease of this file) the utilize of records provided in this project file. You may perchance perchance also restful also consult the “Notes to Students” (below) for additonal directions concerning completion of the sign.

Next, win a more thorough analysis of the records provided in regards to the Red Team’s penetration trying out and the vulnerabilities / security gaps which were uncovered. You may perchance perchance also restful hearken to areas where the incident response capability wants to be improved (other folks, processes, insurance policies and applied sciences). Prepare a Summary State of your findings and suggestions in story format. Your Summary State must secure four foremost sections. The mandatory sections are:

· Introduction (provide an summary of the reason and contents of the document)

· Prognosis of the Incident (summarize what in regards to the red team’s activities / the resulting security incidents the utilize of the records provided in the examine room and in this file). Your incident analysis would possibly perchance perchance also restful address: other folks, processes, insurance policies, and applied sciences.

· Classes Realized (what went disagreeable in the incident response task, what did not happen that ought to secure happened). Your lessons realized analysis would possibly perchance perchance also restful address: other folks, processes, insurance policies, and applied sciences.

· Solutions for Enhancements to Incident Response Capacity (what wants to alternate, who would possibly perchance perchance also restful take actions, what actions would possibly perchance perchance also restful be taken to present a take to the incident response capability).

After you may perchance secure accomplished the Incident State Obtain and the story Summary State, set each and every files (.docx or .doc format) to your project folder entry and put up them for grading.

Notes to Students:

1. Jabber the incident document sign that appears at the cease of this file. Copy it to a contemporary MS Note doc. Insert a title page in the origin of your file and encompass the title of the document, your name, and the due date. Put the file containing this sign as a separate file whereas you put up your project for grading.

2. Your Summary State deliverable wants to be professionally formatted and would possibly perchance perchance not exceed 10 pages for the document and 3 pages for the Incident Response Obtain. The just is to make certain and concise to your reporting of your analysis of this incident and your suggestions for improvements. Your file containing the document must encompass a title page in the origin of your file that involves the title of the document, your name, and the due date.

3. Your work for this mission would possibly perchance perchance also restful judge your learning and analysis. For that motive, the citation principles are relaxed and you may perchance perchance also write from your maintain records as an “professional.” BUT, if you paste right phrases, sentences, or paragraphs from but another doc or resource, it be predominant to quote that source the utilize of an acceptable and constant citation style (e.g. footnotes, cease notes, in-textual whisper material citations).

4. You may perchance perchance also encompass annotated diagrams if mandatory to illustrate your analysis and/or assemble your level(s). You may perchance perchance also utilize the figures in this project as the foundation for diagrams to your final document (no citations required).

5. Jabber the NIST Incident Coping with Job (count on Table 1) to guide your incident analysis. You attain not need to quote a source for this table. (You may perchance perchance also additionally utilize records from the Licensed Incident Handler textbook.)

6. DOCUMENT YOUR ASSUMPTIONS about other folks, insurance policies, processes, and applied sciences.

7. Reside not alternate any of the excellent records provided in the examine room or this project file.

The excellent method to Complete the Incident Response Obtain

1. For allotment 1 of the sign, utilize your maintain name but provide cheap but fictitious records for the closing fields.

2. For allotment 2 of the sign, assign IP addresses in the next ranges to any servers, workstations, or community connections that it be predominant to focus on.

a. R&D Center 10.10.135.0/24

b. Take a look at Fluctuate 10.10.145.0/24

c. Corporate Headquarters 10.10.100.0/24

3. For sections 2, 3, and 5, you may perchance perchance also restful utilize and clarify records provided in this file and in numerous locations in the examine room. You may perchance perchance also utilize a if truth be told acceptable quantity of creativity, if mandatory, to maintain in any missing records.

4. For allotment 4 of the sign you may perchance perchance also provide a fictitious price estimate essentially essentially based mostly upon $100 per hour for IT workers to win “smooth-up” activities. Cheap estimates are potentially in the fluctuate of 150 to 300 particular person hours. What’s predominant is that you doc how you arrived at your price estimate.

5. Discuss the contract requirements and by-product requirements for cybersecurity at Sifers-Grayson in 3 to five paragraphs beneath “Portion 6 Routine Comments.”

CSIA 310: Cybersecurity Processes & Applied sciences

·

Copyright ©2022 by College of Maryland International Campus. All Rights Reserved.

Figure 1. Overview of Sifers-Grayson Mission IT Structure

Figure 2. Mixed Community and Techniques Views:

Sifers-Grayson Headquarters, R&D Center, and Knowledge Center

Figure 3. Mixed Community and Techniques Behold for Sifers-Grayson R&D DevOps Lab

Figure 4. Mixed Communications and Techniques Views for Sifers-Grayson Take a look at Fluctuate

Figure 5. Menace Landscape for Sifers-Grayson R&D DevOps Lab

NIST Incident Coping with Guidelines by Section

Detection and Prognosis
1.	Determine whether an incident has came about
1.1	Analyze the precursors and indicators
1.2	Seek for correlating records
1.3	Fabricate research (e.g., search engines, records defective)
1.4	As soon as the handler believes an incident has came about, originate up documenting the investigation and gathering evidence
2.	Prioritize facing the incident in step with the relevant components (purposeful affect, records affect, recoverability effort, and loads others.)
3.	State the incident to the excellent inner personnel and external organizations
Containment, Eradication, and Restoration
4.	Obtain, defend, stable, and doc evidence
5.	Believe the incident
6.	Eradicate the incident
6.1	Name and mitigate all vulnerabilities that had been exploited
6.2	Eradicate malware, depraved gives, and varied system
6.3	If more affected hosts are stumbled on (e.g., contemporary malware infections), repeat the Detection and Prognosis steps (1.1, 1.2) to name all varied affected hosts, then delight in (5) and eradicate (6) the incident for them
7.	Win better from the incident
7.1	Return affected systems to an operationally ready thunder
7.2	Verify that the affected systems are functioning in most cases
7.3	If mandatory, put in power extra monitoring to witness future connected exercise
Put up-Incident Job
8.	Obtain a observe-up document
9.	Maintain a lessons realized meeting (mandatory for foremost incidents, not mandatory otherwise)

Offer: NIST SP 800-61r2

Cichonski, P., Millar, T., Grance, T., & Scarfone, Okay. (2012). Pc security incident facing guide (NIST SP 800-62 rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2

SIFERS-GRAYSON CYBERSECURITY INCIDENT REPORT FORM

1. Contact Data for the Incident Reporter and Handler

– Name

– Characteristic

• WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
• Assignment status: Already Solved By Our Experts
• (USA, AUS, UK & CA PhD. Writers)
• CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS

QUALITY: 100% ORIGINAL PAPER – NO ChatGPT.NO PLAGIARISM – CUSTOM PAPER

Looking for unparalleled custom paper writing services? Our team of experienced professionals at AcademicWritersBay.com is here to provide you with top-notch assistance that caters to your unique needs.

We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.

Why Choose AcademicWritersBay.com?

• Our papers are 100% original, custom-written from scratch.
• We’re here to support you around the clock, any day of the year.
• You’ll find our prices competitive and reasonable.
• We handle papers across all subjects, regardless of urgency or difficulty.
• Need a paper urgently? We can deliver within 6 hours!
• Relax with our on-time delivery commitment.
• We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
• Benefit from unlimited amendments upon request to get the paper you envisioned.
• We pledge our dedication to meeting your expectations and achieving the grade you deserve.

Our Process: Getting started with us is as simple as can be. Here’s how to do it:

• Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
• Provide the specifics of your paper in the “PAPER DETAILS” section.
• Select your academic level, the deadline, and the required number of pages.
• Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
• Follow the simple payment instructions and soon, our writers will be hard at work on your paper.

AcademicWritersBay.com is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.

ORDER NOW and experience the difference with AcademicWritersBay.com, where excellence meets timely delivery.