The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls).The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements in order to stay in step with ever-changing information system technologies.The data breach at the US Office of Personnel Management (OPM) was one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some failures of security practices, such as lack of diligence with security controls and management of changes to the information systems infrastructure, were cited as contributors to the massive data breach in the OPM Office of the Inspector General’s (OIG) Final Audit Report, which can be found in open-source searches.Some of the findings in the report include:• weak authentication mechanisms;• lack of a plan for life-cycle management of the information systems;• lack of a configuration management and change management plan;• lack of inventory of systems, servers, databases, and network devices;• lack of mature vulnerability scanning tools;• lack of valid authorizations for many systems; and• lack of plans of action to remedy the findings of previous audits.The breach ultimately resulted in removal of OPM’s top leadership. The impact of the breach on the livelihoods of millions of people may never be fully known.There is a critical need for security programs that can assess vulnerabilities and provide mitigations.In this project, there are eight steps, including a lab, that will help you create your final deliverables. The deliverables for this project are as follows:
Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
STEP1: ENTERPRISE NETWORK DESIGNIn this project, you will research and learn about types of networks and their secure constructs that may be used in an organization to accomplish the functions of the organization’s mission.You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. You will discuss the security benefits of your chosen network design.Read the following resources about some of the computing platforms available for networks and discuss how these platforms could be implemented in your organization:• common computing platforms• cloud computing• distributed computing• centralized computing• secure programming fundamentalsInclude the rationale for each of the platforms you choose to include in your network design.
STEP 2: ENTERPRISE THREAT
Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report includes many security deficiencies that likely left OPM networks vulnerable to being breached.In addition to those external threats, the report describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization.Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
The OPM breach is a matter of historical fact. Your scholarly research into this matter can and should inform your approach to cybersecurity. Your ability to fluently converse on past cyber breaches is one way of demonstrating to potential employers that you have the necessary knowledge, skills, and attitudes to be a valuable addition to their team.Take notes as you read about this breach—feel free to search for other major breaches—and pay attention to the mistakes that were made that and what actions were taken afterward. As a part of the interview process, you might be asked to apply this knowledge to a new situation
STEP 3: SCAN THE NETWORKYou will now investigate network traffic and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Explore the tutorials and user guides to learn more about the tools to monitor and analyze network activities you will use.You will perform a network analysis of the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. You will identify any suspicious activities on the network through port scanning and other techniques. Include this information in your SAR.Complete This LabCyber Lab Help – MARSLab Resources• Access the MARS Virtual Lab Environment Guide: MARS Reference Guide.You are highly recommended to fully read the MARS Reference Guide to help you set up, navigate, and connect to the MARS virtual environment, perform any lab setup activities, connect to your allocated VMs, and several others. The guide was quickly developed for students to get acquainted with the new MARS environment. Therefore, please use it as a supplement to any resources provided by UMGC and/or our EdTech team, and note that the guide in no way replaces those materials. If possible, all MARS-related materials will later be integrated into a common platform in the near future and made accessible to all students and faculty.• Use the link to the MARS Portal: https://mars.umgc.edu.Lab Instructions• Open the Lab Instructions for this course: Network Traffic Capture and Analysis.Note: The lab instructions and other PDF documents such as the MARS guide have active hyperlinks (URLs) to external sources. Hence for best user experience, if a weblink does not automatically open in another tab, right-click and open it in a new tab. Be aware that this behavior can change depending on the specific types and settings of your browser and platform being used.Lab SupportTo obtain lab assistance, fill out the support request form, and please be as descriptive as possible in your responses to facilitate swift resolutions of your reported issues.Make sure you complete all fields on the form including the following: Date of issue and time zone, your name, mail address, phone, your instructor’s name and the course you are taking, the type of device, operating system, the browser you are using, and any other useful information.In the description box of the form, provide a detailed description of the issue with the requested information. Include details such as steps taken, system responses, screenshots or supporting documents, the type of your devices (PC, tablet, mobile device, etc.), OS platform and version (e.g. Windows or Mac), browser type/version, and others.Note: It is imperative that you use your official email address that was used to enroll in the course—or you currently use for your classroom communications—to complete the support form.In order to validate the assets and devices on the organization’s network, you should run scans using security and vulnerability assessment analysis tools such as OpenVAS, Nmap, or Nessus, depending on the operating systems of your organization’s networks. Live network traffic can also be sampled and scanned using Wireshark on either the Linux or Windows systems. Wireshark allows you to inspect all OSI layers of traffic information. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks.Hackers frequently scan the internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and Nmap can be used to self-scan to test the responsiveness of the organization’s network to would-be hackers.In the existing Wireshark files, identify whether any databases have been accessed. What are the IP addresses associated with that activity? Include this information in your SAR.
STEP 4: IDENTIFY SECURITY ISSUESYou have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization’s network in a SAR.Now it’s time to identify the security issues in your organization’s networks. You have previously learned about password-cracking tools; in this step, provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization?
STEP 5: FIREWALL AND ENCRIPTION
Next, examine these resources on firewalls and auditing related to the use of the Relational Database Management System (RDBMS), the database system and data. Also review these resources related to access control.Determine the role of firewalls, encryption, and auditing for RDBMS in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.Reflect any weaknesses found in the network and information system diagrams previously created, as well as in your developing SAR.
STEP 6: THREAT IDENTIFICATIONNow that you know the weaknesses in your organization’s network and information system, you will determine various known threats to the organization’s network architecture and IT assets.Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization?• IP address spoofing/cache poisoning attacks• denial-of-service attacks (DoS)• packet analysis/sniffing• session hijacking attacks• distributed denial-of-service attacksIn identifying the different threats, complete the following tasks:
Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems, as well as the types of remediation and mitigation techniques available in your industry and for your organization.
Identify the purpose and function of firewalls for organization network systems and how they address the threats and vulnerabilities you have identified.
Discuss the value of using access control, database transaction, and firewall log files.
Identify the purpose and function of encryption as it relates to files, databases, and other information assets on the organization’s networks.Include these in your SAR.STEP7: RISK AND REMEDIATIONWhat is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate and mitigate vulnerabilities.Read this risk assessment resource to get familiar with the process, then prepare a risk assessment. Be sure to first list the threats, then the vulnerabilities, and then the pairwise comparisons for each threat and vulnerability. Then determine the likelihood of each event occurring and the level of impact it would have on the organization.Include this in your risk assessment report (RAR).
STEP 8: CREATING THE SAR AND THE RARYour research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership.Prepare a Security Assessment Report (SAR) with the following sections:
Purpose
Organization
Scope
Methodology
Data
Results
FindingsThe final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment.Prepare a risk assessment report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation.Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings.Include this high-level plan in the RAR.Summarize the results you obtained from the OpenVAS vulnerability assessment tool in your report.The deliverables for this project are as follows:
Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
which alludes to the assurance of political and regional freedoms, alongside common liberties. In contemporary view, this view is more convoluted to reply, given the ascent of globalization. Essentially, it is hard to quantify proportionality, especially in war, on the grounds that not just that there is an epistemic issue in working out, yet again the present world has created (Frowe (2011), Page 54-6). Besides, Vittola contends war is essential, not just for cautious purposes, ‘since it is legal to oppose force with force,’ yet in addition to battle against the unreasonable, a hostile conflict, countries which are not rebuffed for acting shamefully towards its own kin or have treacherously taken land from the home country (Begby et al (2006b), Page 310&313); to “show its foes a thing or two,” yet primarily to accomplish the point of war. This approves Aristotle’s contention: ‘there should be battle for harmony (Aristotle (1996), Page 187). In any case, Frowe contends “self-protection” has a majority of portrayals, found in Section 1, demonstrating the way that self-preservation can’t necessarily legitimize one’s activities. Considerably more dangerous, is the situation of self-protection in war, where two clashing perspectives are laid out: The Collectivists, an entirely different hypothesis and the Individualists, the continuation of the homegrown hypothesis of self-preservation (Frowe (2011), Page 9& 29-34). All the more critically, Frowe discredits Vittola’s view on retribution on the grounds that first and foremost it engages the punisher’s position, yet additionally the present world forestalls this activity between nations through legitimate bodies like the UN, since we have modernized into a generally quiet society (Frowe (2011), Page 80-1). In particular, Frowe further disproves Vittola through his case that ‘right expectation can’t be blamed so as to take up arms in light of expected wrong,’ proposing we can’t simply hurt another in light of the fact that they have accomplished something low. Different elements should be thought of, for instance, Proportionality. Thirdly, Vittola contends that war ought to be kept away from (Begby et al (2006b), Page 332) and that we ought to continue conditions strategically. This is upheld by the “final hotel” position in Frowe, where war ought not be allowed except if all actions to look for tact fizzles (Frowe (2011), Page 62). This implies war ought not be proclaimed until one party must choose the option to pronounce battle, to safeguard its region and freedoms, the point of war. In any case, we can likewise contend that the conflict can never be the final hotel, considering there is consistently a method for attempting to stay away from it, similar to approvals or pacification, showing Vittola’s hypothesis is imperfect. Fourthly, Vittola inquiries upon whose authority can request a statement of war, where he suggests any federation can do battle, however more critically, “the ruler” where he has “the regular request” as indicated by Augustine, and all authority is given to him. This is additionally upheld by Aristotle’s Governmental issues ((1996), Page 28): ‘a ruler is the normal unrivaled of his subjects.’ Nonetheless, he truly does later stress to place all confidence in the sovereign is off-base and has outcomes; a careful assessment of the reason for war is expected alongside the readiness to arrange rival party (Begby et al (2006b), Page 312& 318). This is upheld by the activities of Hitler are considered unfairly. Additionally, in this day and age, wars are not generally battled simply by states yet in addition non-state entertainers like Al-Queda and ISIS, showing Vittola’s regularizing guarantee on power is obsolete. This is additionally upheld by Frowe’s case that the pioneer needs to address individuals’ inclinations, under authentic power, which joins on to the fourth condition: Public statement of war. Concurred with many, there should be an authority declaration on a formal statement of war (Frowe (2011), Page 59-60&63). At last, the most questionable condition is that wars ought to have a sensible likelihood of coming out on top. As Vittola emphasized, the point of war is to lay out harmony and security; getting the public great. In the event that this can’t be accomplished, Frowe contends it would be smarter to give up to the adversary. This can be legitimate on the grounds that the expenses of war would have been greater (Frowe (2011), Page 56-7). Therefore, jus promotion bellum involves a few circumstances however in particular: worthwhile motivation and proportionality. This gives individuals an aide regardless of whether entering a war is legitimate. Notwithstanding, this is just a single piece of the hypothesis of the simply war. By and by, it tends to be seen over that jus promotion bellum can be bantered all through, showing that there is no conclusive hypothesis of a simply battle, as it is normatively estimated. Jus in bello The subsequent segment starts unraveling jus in bello or what activities might we at any point group as admissible in wars (Begby et al (2006b), Page 323). To start with, it is never to kill honest individuals in wars, upheld by Vittola’s most memorable recommendation purposefully. This is generally acknowledged as ‘all individuals have a right not to be killed’ and on the off chance that a trooper does, they have disregarded that right and lost their right. This is additionally upheld by “non-soldier resistance” (Frowe (2011), Page 151), which prompts the subject of warrior capability referenced later in the paper. This is confirmed by the bombarding of Nagasaki and Hiroshima, finishing WWII, where milli>
GET ANSWER
Share on Facebook
Tweet
Follow us
- WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
QUALITY: 100% ORIGINAL PAPER – NO PLAGIARISM – CUSTOM PAPER
Why Choose Us?
- 100% non-plagiarized Papers
- 24/7 /365 Service Available
- Affordable Prices
- Any Paper, Urgency, and Subject
- Will complete your papers in 6 hours
- On-time Delivery
- Money-back and Privacy guarantees
- Unlimited Amendments upon request
- Satisfaction guarantee
How It Works
- Click on the “Place Your Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
- Fill in your paper’s requirements in the “PAPER DETAILS” section.
- Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
- Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
- From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.
About AcademicWritersBay.com
AcademicWritersBay.com is an easy-to-use and reliable service that is ready to assist you with your papers 24/7/ 365days a year. 99% of our customers are happy with their papers. Our team is efficient and will always tackle your essay needs comprehensively assuring you of excellent results. Feel free to ask them anything concerning your essay demands or Order.
AcademicWritersBay.com is a private company that offers academic support and assistance to students at all levels. Our mission is to provide proficient and high quality academic services to our highly esteemed clients. AcademicWritersBay.com is equipped with competent and proficient writers to tackle all types of your academic needs, and provide you with excellent results. Most of our writers are holders of master’s degrees or PhDs, which is an surety of excellent results to our clients. We provide assistance to students all over the world.
We provide high quality term papers, research papers, essays, proposals, theses and many others. At AcademicWritersBay.com, you can be sure of excellent grades in your assignments and final exams.
