CYB 610 Effective Communication/tutorialrank.com

CYB 610 All Project (Project 1-6)
For more course tutorials visit
www.tutorialrank.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and
Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and
Risk
CYB 610 Project 4 Threat Analysis and Exploitation
CYB 610 Project 5 Cryptography
CYB 610 Project 6 Digital Forensics Analysis
===============================================

CYB 610 Project 1 Information Systems and Identity
Management
Project 1 Information Systems and Identity Management
Video transcript
CYB 610 Project 1 You are a systems administrator in the IT department
of a major metropolitan hospital. Your duties are to ensure the
confidentiality, availability, and integrity of patient records, as well as
the other files and databases used throughout the hospital. Your work
affects several departments, including Human Resources, Finance,
Billing, Accounting, and Scheduling. You also apply security controls
on passwords for user accounts. Just before clocking out for the day, you
notice something strange in the hospital's computer system. Some
person, or group, has accessed user accounts and conducted
unauthorized activities. Recently, the hospital experienced intrusion into
one of its patient's billing accounts. After validating user profiles in
Active Directory and matching them with user credentials, you suspect
several user's passwords have been compromised to gain access to the
hospital's computer network. You schedule an emergency meeting with
the director of IT and the hospital board. In light of this security breach,
they ask you to examine the security posture of the hospital's

information systems infrastructure and implement defense techniques.
This must be done quickly, your director says. The hospital board is less
knowledgeable about information system security. The board makes it
clear that it has a limited cybersecurity budget. However, if you can
make a strong case to the board, it is likely that they will increase your
budget and implement your recommended tool company¬wide. You will
share your findings on the hospital's security posture. Your findings will
be brought to the director of IT in a technical report. You will also
provide a non¬technical assessment of the overall identity management
system of the hospital and define practices to restrict and permit access
to information. You will share this assessment with the hospital board in
the form of a narrated slide show presentation. You know that identity
management will increase the security of the overall information
system's infrastructure for the hospital. You also know that, with a good
identity management system, the security and productivity benefits will
outweigh costs incurred. This is the argument you must make to those
stakeholders.
Daily life requires us to have access to a lot of information, and
information systems help us access that information. Desktop
computers, laptops, and mobile devices keep us connected to the
information we need through processes that work via hardware and
software components. Information systems infrastructure makes this
possible. However, our easy access to communication and information
also creates security and privacy risks. Laws, regulations, policies, and
guidelines exist to protect information and information owners.
Cybersecurity ensures the confidentiality, integrity, and availability of
the information. Identity management is a fundamental practice. Part of
identity management is the governance of access, authorization, and
authentication of users to information systems, Identity management is
one part of a layered security defense strategy within the information

systems infrastructure. Your work in this project will enable you to
produce a technical report and nontechnical presentation that addresses
these requirements.
There are five steps that will help you create your final deliverables. The
deliverables for this project are as follows:
1. Nontechnical presentation: This is an 8-10 slide PowerPoint
presentation for business executives and board members.
2. Technical report: Your report should be a 6-7 page double-spaced
Word document with citations in APA format. The page count does not
include figures, diagrams, tables or citations.
3. Executive summary: This should be a 2-3 page double-spaced Word
document.
4. In a Word document, share your lab experience and provide screen
prints to demonstrate that you performed the lab.
When you submit your project, your work will be evaluated using the
competencies listed below. You can use the list below to self-check your
work before submission.
• 1.1: Organize document or presentation clearly in a manner that
promotes understanding and meets the requirements of the assignment.
• 2.3: Evaluate the information in a logical and organized manner to
determine its value and relevance to the problem.
• 6.2: Creating a roadmap for organizations to use in development of an
Identity Access Management program (to address gaps in their current
offerings).
• Step 1: Defining the Information System Infrastructure

Select a hospital or healthcare organization to research. You may choose
an organization you are familiar with or can readily obtain information
about. To maintain confidentiality, you do not need to mention the name
of the organization. You may also choose a hypothetical/fictitious
healthcare organization.
Others have researched several healthcare organizations, which have
suffered major security breaches, extensively.
1. Describe the organization and structure including the different
business units and their functions. You may use an organizational chart
to provide this information.
2. Choose one or more mission-critical systems of the healthcare
organization. Define the information protection needs for the
organization's mission-critical protected health information (PHI). This
information is stored in database medical records for doctors, nurses,
and insurance claims billing systems, which are used to fulfill the
organizational information needs.
3. Define the workflows and processes for the high-level information
systems that you have just identified that will store PHI. Workflows and
processes for healthcare organizations define how the organization gets
its work done. They describe the movement of patient information to the
business units that have needs to process and manage that information,
from billing to physician care. All these organizations have hardware
and software implementations of their information systems, and it is
critical to understand these components, and how they are connected
(known as their topology), so the appropriate protections can be applied.
Your research may produce instances and examples of how an
information system is connected, to include cybersecurity components
like firewalls, in the information system and network diagram. Be sure

you understand the benefits and weaknesses for the different network
topologies.
You may incorporate what you find in your research, in your definition
for workflows and processes for the high-level information systems and
provide explanation of how that topology fulfills the mission for the
health care organization. Your definition should include a high-level
description of information systems hardware and software components
and their interactions. Take time to read the following resources. They
will help you construct your definition.
o Information systems hardware
o Information systems software
You may supply this information as a diagram with inputs, outputs, and
technologies identified. Consider how you might restrict access and
protect billing and PHI information.
4. The links shown below provide access to essential information you’ll
need to complete this part of the hospital’s information system
infrastructure definition. Click each link, review its resources, and refer
to them as you compose this part of the definition.
o Open Systems Interconnections (OSI) Model
o TCP/IP protocols
o network protocols
You will include these definitions in your report.
Step 2: Threats

Now that you have defined the hospital's information system
infrastructure, you will have to understand what are the threats to those
systems and describe the types of measures that could address those
threats. In this section, you will learn about different types of identity
access management solutions and how they protect against the threat of
unauthorized access.
To complete this section of the report, you’ll brush up on your
knowledge of threats by reading the following resources: web security
issues, insider threats, intrusion motives/hacker psychology, and CIA
triad. Take what you learned from these resources to convey the threats
to the hospital's information systems infrastructure. Include a brief
summary of insider threats, intrusion motives, and hacker psychology in
your report as it relates to your hospital data processing systems. Relate
these threats to the vulnerabilities in the CIA triad.
This section of your report will also include a description of the purpose
and components of an identity management system to include
authentication, authorization, and access control. Include a discussion of
possible use of laptop devices by doctors who visit their patients at the
hospital, and need access to hospital PHI data. Review the content of the
following resources. As you’re reading, take any notes you think will
help you develop your description.
1. Authorization
2. Access control
3. Passwords
4. Multi-factor authentication
Next, expand upon your description. Define the types of access control
management to include access control lists in operating systems, role-

based access controls, files, and database access controls. Define types
of authorization and authentication and the use of passwords, password
management, and password protection in an identity management
system. Describe common factor authentication mechanisms to include
multi-factor authentication.
You will include this information in your report.
Step 3: Password Cracking Tools
You have successfully examined the threats to a healthcare
organization's information systems infrastructure. Now, you must begin
your research into password cracking software. Do some quick
independent research on password cracking as it applies to your
organization.
You can click on this link to find the instructions for Navigating the
Workspace and the Lab Setup.
Enter Workspace and complete the lab activities outlined in the Project 1
Workspace Exercise Instructions. There are additional password
cracking tool resources, tutorials, and user guides to continue your
familiarity with the tools.
Click here to access the Project 1 Workspace Exercise Instructions.
After completing the lab, you will have successfully tested more than
one password cracking tool. Not all password cracking tools will
necessarily perform with the same speed, precision, and results, making
it important to test a few different products. Compare the password
cracking tools based on these characteristics, and include as part of your
assessment and recommendations on the use of such tools. You will test

the organization's systems for password strength and complexity and
complete validation testing. You will compare the results obtained from
your first and second tool.
You have tested and made comparisons of the performance of various
password cracking tools and you have the data to support your
recommendations for the use of such tools.
Not all password cracking tools will necessarily perform with the same
speed, precision, and results, making it important to test a few different
products. The comparison will be part of your assessment and help you
make recommendations on the use of such tools. You will test the
organization's systems for password strength and complexity and
complete validation testing. You will compare the results comparing the
various tools.
1. Read this article about cyberattacks, perform two different types of
cyberattacks in the first, and in the second tool, crack user account
passwords. Describe them in simple nontechnical terms for the
leadership. You can identify which tool is the most effective and why for
your organization's IT environment
2. Compare and contrast the results from the two methods used to crack
the accounts for the three passwords (each encrypted by the two hash
algorithms). Show their benefits. You can make certain conclusions that
help your company's cybersecurity posture after using these methods.
3. Explain to the director of IT and the members of the board that the
healthcare organization’s anti-virus software will detect password
cracking tools as malware. Also explain how this impacts the
effectiveness of testing security controls like password strength. Help
the leadership understand the risks and benefits of using password
cracking tools, through persuasive arguments in your report and

presentation. If any of the tools take longer than 4-5 minutes to guess a
password, record the estimated length of time the tool anticipates to
guess it.
Include this information in your presentation.
Step 4: The Non-Technical Presentation
You now have the information you need to prepare your product for
stakeholders. Based on the research and work you've completed in
Workspace, you will develop two items: a technical report for the
director of IT, and a nontechnical slide show presentation for the
members of the board. You will tailor the language of your reports
appropriately to the different audiences.
The nontechnical presentation: Your upper-level management team
consists of technical and nontechnical leadership, and they are interested
in the bottom line. You must help these leaders understand the identity
management system vulnerabilities you discovered in password cracking
and access control. They need to clearly see what actions they must
either take or approve. The following are a few questions to consider
when creating your presentation:
1. How do you present your technical findings succinctly to a non-
technical audience? Your technical report for IT will span many pages;
but you will probably be afforded no more than 30 minutes or 8-10
slides for your presentation and the following discussion with
leadership.
2. How do you describe the most serious risks factually but without
sounding too temperamental? No one likes to hear that their entire
network has been hacked, data has been stolen, and the attackers have

won. You will need to describe the seriousness of your findings while
also assuring upper-level management that these are not uncommon
occurrences today.
3. How do your results affect business operations? Make sure you are
presenting these very technical password cracking results in business
terms upper-level management will understand.
4. What do you propose? Management will not only want to understand
what you have discovered; they will want to know what you propose as
a solution.
Step 5: The Technical Report and Executive Summary
The technical report and the nontechnical presentation will identify
compromises and vulnerabilities in the information systems
infrastructure of the healthcare organization, and identify risks to the
organization's data. You will propose a way to prioritize these risks and
include possible remediation actions.
The technical report: Provide recommendations for access control and
authentication mechanisms to increase the security within the identity
management system. Review the mission and organization structure of
this healthcare organization. Review the roles within the organization,
and recommend the accesses, restrictions, and conditions for each role.
Present these in a tabular format as part of your list of recommendations.
Provide a comparison of risk scenarios to include the following:
1. What will happen if the CIO and the leadership do nothing, and
decide to accept the risks?
2. Are there possible ways the CIO can transfer the risks?
3. Are there possible ways to mitigate the risks?

4. Are there possible ways to eliminate the risks?
5. What are the projected costs to address these risks?
Provide an overall recommendation, with technical details to the director
of IT.
The executive summary: In addition to your technical report, also create
a nontechnical report as an executive summary.
The deliverables for this project are as follows:
1. Nontechnical presentation: This is a 8-10 slide PowerPoint
presentation for business executives and board members.
2. Technical report: Your report should be a 6-7 page double-spaced
Word document with citations in APA format. The page count does not
include figures, diagrams, tables or citations.
3. Executive summary: This should be a 2-3 page double-spaced Word
document.
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below,
which your instructor will use to evaluate your work. A good practice
would be to use each competency as a self-check to confirm you have
incorporated all of them in your work.

• 6.2: Creating a roadmap for organizations to use in development of an
Identity Access Management program (to address gaps in their current
offerings).
===============================================
CYB 610 Project 2 Operating Systems Vulnerabilities
(Windows and Linux)
CYB 610 Project 2 Congratulations, you are the newly appointed lead
cybersecurity engineer with your company in the oil and natural gas
sector. This is a senior¬level position. You were hired two months ago
based on your successful cybersecurity experience with a previous
employer. Your technical knowledge of cybersecurity is solid. However,
you have a lot to learn about this company's culture, processes, and IT

funding decisions, which are made by higher management. You have
recently come across numerous anomalies and incidents leading to
security breaches. The incidents took place separately, and it has not
been determined if they were caused by a single source or multiple
related sources. First, a month ago, a set of three corporate database
servers crashed suddenly. Then, a week ago, anomalies were found in
the configuration of certain server and router systems of your company.
You immediately recognized that something with your IT resources was
not right. You suspect that someone, or some group, has been regularly
accessing your user account and conducting unauthorized configuration
changes. You meet with your leadership to discuss the vulnerabilities.
They would like you to provide a security assessment report, or SAR, on
the state of the operating systems within the organization. You're also
tasked with creating a non-technical narrated presentation summarizing
your thoughts. The organization uses multiple operating systems that are
Microsoft-based and Linux¬based. You will have to understand these
technologies for vulnerability scanning using the tools that work best for
the systems in the corporate network. You know that identity
management will increase the security of the overall information
systems infrastructure for the company. You also know that with a good
identity management system, the security and productivity benefits will
outweigh costs incurred. This is the argument you must make to the
stakeholders
The operating system (OS) of an information system contains the
software that executes the critical functions of the information system.
The OS manages the computer's memory, processes, and all of its
software and hardware. It allows different programs to run
simultaneously and access the computer's memory, central processing
unit, and storage. The OS coordinates all these activities and ensures that
sufficient resources are applied. These are the fundamental processes of

the information system and if they are violated by a security breach or
exploited vulnerability it has the potential to have the biggest impact on
your organization.
Security for operating systems consists of protecting the OS components
from attacks that could cause deletion, modification, or destruction of
the operating system. Threats to an OS could consist of a breach of
confidential information, unauthorized modification of data, or
unauthorized destruction of data. It is the job of the cybersecurity
engineer to understand the operations and vulnerabilities of the OS
(whether it is a Microsoft, Linux, or another type of OS), and to provide
mitigation, remediation, and defense against threats that would expose
those vulnerabilities or attack the OS.
There are six steps that will help you create your final deliverables. The
1. Security Assessment Report (SAR): This report should be a 7-8 page
double-spaced Word document with citations in APA format. The page
count does not include figures, diagrams, tables, or citations.
2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for
upper management that summarizes your thoughts regarding the
findings in your SAR.

• 5.4: Identify potential threats to operating systems and the security
features necessary to guard against them.
Step 1: Defining the OS
The audience for your security assessment report (SAR) is the leadership
of your organization, which is made up of technical and nontechnical
staff. Some of your audience will be unfamiliar with operating systems
(OS). As such, you will begin your report with a brief explanation of
operating systems fundamentals and the types of information systems.
Click on and read the following resources that provide essential
information you need to know before creating a thorough and accurate
OS explanation:
• operating systems fundamentals
• the applications of the OS
• The Embedded OS
• information system architecture
• cloud computing
• web architecture
After reviewing the resources, begin drafting the OS overview to
incorporate the following:
1. Explain the user's role in an OS.
2. Explain the differences between kernel applications of the OS and the
applications installed by an organization or user.

3. Describe the embedded OS.
4. Describe how the systems fit in the overall information system
architecture, of which cloud computing is an emerging, distributed
computing network architecture..
Include a brief definition of operating systems and information systems
in your SAR.
Step 2: OS Vulnerabilities
You just summarized operating systems and information systems for
leadership. In your mind, you can already hear leadership saying "So
what?" The organization's leaders are not well versed in operating
systems and the threats and vulnerabilities in operating systems, so in
your SAR, you decide to include an explanation of advantages and
disadvantages of the different operating systems and their known
vulnerabilities.
Prepare by first reviewing the different types of vulnerabilities and
intrusions explained in these resources:
• Windows vulnerabilities
• Linux vulnerabilities
• Mac OS vulnerabilities
• SQL PL/SQL, XML and other injections
Based on what you gathered from the resources, compose the OS
vulnerability section of the SAR. Be sure to:
1. Explain Windows vulnerabilities and Linux vulnerabilities.
2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile
devices.

3. Explain the motives and methods for intrusion of the MS and Linux
operating systems;
4. Explain the types of security awareness technologies such as intrusion
detection and intrusion prevention systems.
5. Describe how and why different corporate and government systems
are targets.
6. Describe different types of intrusions such as SQL PL/SQL, XML,
and other injections
You will provide leadership with a brief overview of vulnerabilities in
your SAR.
Step 3: Preparing for the Vulnerability Scan
You have just finished defining the vulnerabilities an OS can have. Soon
you will perform vulnerability scanning and vulnerability assessments
on the security posture of the organization's operating systems. But first,
consider your plan of action. Read these two resources to be sure you
fully grasp the purpose, goals, objectives, and execution of vulnerability
assessments and security updates:
• Vulnerability assessments
• Patches
Then provide the leadership with the following:
1. Include a description of the methodology you proposed to assess the
vulnerabilities of the operating systems. Provide an explanation and
reasoning of how the methodology you propose, will determine the
existence of those vulnerabilities in the organization’s OS.

2. Include a description of the applicable tools to be used, and the
limitations of the tools and analyses, if any. Provide an explanation and
reasoning of how the applicable tools to be used, you propose, will
determine the existence of those vulnerabilities in the organization’s OS.
3. Include the projected findings from using these vulnerability
assessment tools.
In your report, discuss the strength of passwords, any Internet
Information Services' administrative vulnerabilities, SQL server
administrative vulnerabilities, and other security updates and
management of patches, as they relate to OS vulnerabilities.
Step 4: Vulnerability Assessment Tools for OS and Applications
Note: You will use the tools in Workspace for this step. If you need help
outside the classroom, register for the CLAB 699 Cyber Computing Lab
Assistance (go to the Discussions List for registration information).
Primary lab assistance is available from a team of lab assistants. Lab
assistants are professionals and are trained to help you.
Click here to access the instructions for Navigating the Workspace and
the Lab Setup.
Enter Workspace and complete the lab activities related to operating
system vulnerabilities.
Explore the tutorials and user guides to learn more about the tools you
will use.
You've prepared for your assessment; now it's time to perform.
Security and vulnerability assessment analysis tools, such as Microsoft
Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for

Linux OS, are stand-alone tools designed to provide a streamlined
method for identifying common security misconfigurations and missing
security updates for the operating systems and applications. These tools
work on layers 5-7 of the Open System Interconnection (OSI) model.
Your leadership will want to understand the differences and
commonalities in the capabilities of both tools and will want this
included in the SAR.
Use the tools' built-in checks to complete the following for Windows OS
(e.g., using Microsoft Baseline Security Analyzer, MBSA):
1. Determine if Windows administrative vulnerabilities are present.
2. Determine if weak passwords are being used on Windows accounts.
3. Report which security updates are required on each individual system.
4. You noticed that the tool you used for Windows OS (i.e., MBSA)
provides dynamic assessment of missing security updates. MBSA
provides dynamic assessment of missing security updates. Scan one or
more computers by domain, IP address range, or other grouping.
5. Once complete, provide a detailed report and recommendations on
how to make your system a more secure working environment. In this
case, a tool such as MBSA will create and store individual XML security
reports for each computer scanned and will display the reports in the
graphical user interface in HTML.
You will also complete a similar exercise for Linux OS (e.g., using the
OpenVAS tool). Select the following links to learn more about
OpenVAS and computer networks:
• OpenVAS
• Computer Networks

Utilize the OpenVAS tool to complete the following:
1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux systems.
3. Determine which security updates are required for the Linux systems.
4. You noticed that the tool you used for Linux OS (i.e., OpenVAS)
provides dynamic assessment of missing security updates. MBSA
provides dynamic assessment of missing security updates. Scan one or
more computers by domain, IP address range, or other grouping.
5. Once complete, provide a detailed report and recommendations on
how to make your system a more secure working environment
Knowledge acquired from this Workspace exercise and capability of this
tool will help your company's client organizations secure the computer
networks’ resources and protect corporate data from being stolen.
Validate and record the benefits of using these types of tools. You will
include this in the SAR.
Step 5: The Security Assessment Report
By utilizing security vulnerability assessment tools, such as MBSA and
OpenVAS, you now have a better understanding of your system's
security status. Based on the results provided by these tools, as well as
your learning from the previous steps, you will create the Security
Assessment Report (SAR).
In your report to the leadership, emphasize the benefits of using a free
security tool such as MBSA. Then make a recommendation for using

these types of tools (i.e., MBSA and OpenVAS), including the results
you found for both.
Remember to include these analyses and conclusions in the SAR
deliverable:
1. After you provide a description of the methodology you used to make
your security assessment, you will provide the actual data from the tools,
the status of security and patch updates, security recommendations, and
offer specific remediation guidance, to your senior leadership.
2. You will include any risk assessments associated with the security
recommendations, and propose ways to address the risk either by
accepting the risk, transferring the risk, mitigating the risk, or
eliminating the risk.
Include your SAR in your final deliverable to leadership.
Step 6: The Presentation
Based on what you have learned in the previous steps and your SAR,
you will also develop a presentation for your company's leadership.
Your upper-level management team is not interested in the technical
report you generated from your Workspace exercise. They are more
interested in the bottom line. You must help these non¬technical leaders
understand the very technical vulnerabilities you have discovered. They
need to clearly see what actions they must either take or approve. The
following are a few questions to consider when creating your non-
technical presentation:
1. How do you present your technical findings succinctly to a non-
technical audience? Your Workspace exercise report will span many

pages, but you will probably not have more than 30 minutes for your
presentation and follow-up discussion.
2. How do you describe the most serious risks factually but without
sounding too temperamental? No one likes to hear that their entire
network has been hacked, data has been stolen, and the attackers have
won. You will need to describe the seriousness of your findings while
also assuring upper-level management that these are not uncommon
occurrences today.
3. How do your Workspace exercise results affect business operations?
Make sure you are presenting these very technical results in business
terms that upper-level management will understand.
4. Be very clear on what you propose or recommend. Upper-level
management will want to not only understand what you discovered; they
will want to know what you propose as a solution. They will want to
know what decisions they need to make based on your findings.
Your goal for the presentation is to convince the leadership that adopting
a security vulnerability assessment tool (such as MBSA) and providing
an extra security layer is a must for the company.
1. Security Assessment Report (SAR): This report should be a 7-8 page
2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for
upper management that summarizes your thoughts regarding the
findings in your SAR.

• 5.4: Identify potential threats to operating systems and the security
features necessary to guard against them.
===============================================
CYB 610 Project 3 Assessing Information System
Vulnerabilities and Risk

Project 3 Assessing Information System Vulnerabilities and Risk
CYB 610 Project 3 You are an Information Assurance Management
Officer, IAMO, at an organization of your choosing. One morning, as
you're getting ready for work, you see an email from Karen, your
manager. She asks you to come to her office as soon as you get in. When
you arrive to your work, you head straight to Karen's office. “Sorry for
the impromptu meeting,” she says, “but we have a bit of an emergency.
There's been a security breach at the Office of Personnel Management.”
We don't know how this happened, but we need to make sure it doesn't
happen again, says Karen. You'll be receiving an email with more
information on the security breach. Use this info to assess the
information system vulnerabilities of the Office of Personnel
Management. At your desk, you open Karen's email. She's given you an
OPM report from the Office of the Inspector General, or OIG. You have
studied the OPM OIG report and found that the hackers were able to
gain access through compromised credentials. The security breach could
have been prevented, if the Office of Personnel Management, or OPM,
had abided by previous auditing reports and security findings. In
addition, access to the databases could have been prevented by
implementing various encryption schemas and could have been
identified after running regularly scheduled scans of the systems. Karen
and the rest of the leadership team want you to compile your findings
into a Security Assessment Report or SAR. You will also create a Risk
Assessment Report, or RAR, in which you identify threats,
vulnerabilities, risks, and likelihood of exploitation and suggested
remediation

The security posture of the information systems infrastructure of an
organization should be regularly monitored and assessed (including
software, hardware, firmware components, governance policies, and
implementation of security controls). The monitoring and assessment of
the infrastructure and its components, policies, and processes should also
account for changes and new procurements that are sure to follow in
order to stay in step with ever-changing information system
technologies.
The data breach at the Office of Personnel Management (OPM) is one of
the largest in US government history. It provides a series of lessons
learned for other organizations in industry and the public sector. Some
critical security practices, such as lack of diligence to security controls
and management of changes to the information systems infrastructure
were cited as contributors to the massive data breach in the OPM Office
of the Inspector General's (OIG) Final Audit Report, which can be found
in open source searches. Some of the findings in the report include:
weak authentication mechanisms; lack of a plan for life-cycle
management of the information systems; lack of a configuration
management and change management plan; lack of inventory of
systems, servers, databases, and network devices; lack of mature
vulnerability scanning tools; lack of valid authorizations for many
systems, and lack of plans of action to remedy the findings of previous
audits.
The breach ultimately resulted in removal of OPM's top leadership. The
impact of the breach on the livelihoods of millions of people is ongoing
and may never be fully known. There is a critical need for security
programs that can assess vulnerabilities and provide mitigations.
There are nine steps that will help you create your final deliverables. The

1. Security Assessment Report (SAR): This should be an 8-10 page
2. Risk Assessment Report (RAR): This report should be a 5-6 page
• 1.2: Develop coherent paragraphs or points so that each is internally
unified and so that each functions as part of the whole document or
presentation.
• 1.3: Provide sufficient, correctly cited support that substantiates the
writer’s ideas.
• 1.4: Tailor communications to the audience.
• 1.5: Use sentence structure appropriate to the task, message and
audience.
• 1.6: Follow conventions of Standard Written English.
• 5.2: Knowledge of architectural methodologies used in the design and
development of information systems and knowledge of standards that
either are compliant with or derived from established standards or
guidelines.

• 5.6: Explore and address cybersecurity concerns, promote awareness,
best practice, and emerging technology.
• 7.3: Knowledge of methods and tools used for risk management and
mitigation of risk.
• 8.1: Demonstrate the abilities to detect, identify, and resolve host and
network intrusion incidents.
• 8.2: Possess knowledge and skills to categorize, characterize, and
prioritize an incident as well as to handle relevant digital evidence
appropriately.
Step 1: Enterprise Network Diagram
During Project One, you researched a hypothetical or actual organization
of your choice. You had to understand the goals of the organization and
the types of systems that would fulfill those goals. You will now
research and learn about types of networks and their secure constructs
that may be used in organizations to accomplish the functions of the
organization’s mission. You will propose a local area network (LAN)
and a wide area network (WAN) for the organization, define the systems
environment, and incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Read about the following computing platforms available for networks
and discuss how these platforms could be implemented in your
organization. Include the rationale for all platforms you choose to
include in your network design.
• common computing platforms
• cloud computing

• distributed computing
• centralized computing
• secure programming fundamentals
• Step 2: Enterprise Threats
• Review the OIG report on the OPM breach that you were asked to
research and read about at the beginning of the project. The OIG report
included numerous security deficiencies that likely left OPM networks
vulnerable to being breached. In addition to those external threats, the
report also describes the ways OPM was vulnerable to insider threats.
The information about the breach could be classified as threat
intelligence. Define threat intelligence and explain what kind of threat
intelligence is known about the OPM breach.
• You just provided detailed background information on your
organization. Next, you’ll describe threats to your organization’s system.
Before you get started, select and explore the contents of the following
link: insider threats (also known as internal threats). As you’re reading,
take note of which insider threats are a risk to your organization.
• Now, differentiate between the external threats to the system and the
insider threats. Identify where these threats can occur in the previously
created diagrams. Relate the OPM threat intelligence to your
organization. How likely is it that a similar attack will occur at your
organization?
Step 3: Scanning the Network
Note: You will use the tools in Workspace for this step. If you need help
outside the classroom to complete this project, register for CLAB 699
Cyber Computing Lab Assistance (go to the Discussions List for

registration information). Primary lab assistance is available from a team
of lab assistants. Lab assistants are professionals and are trained to help
you.
the Lab Setup.
Select the following link to enter Workspace. and complete the lab
activities related to network vulnerabilities.
You will now investigate network traffic, and the security of the network
and information system infrastructure overall. Past network data has
been logged and stored, as collected by a network analyzer tool such as
Wireshark. Explore the tutorials and user guides to learn more about the
tools you will use. Click the following link to read more about these
network monitoring tools: Tools to Monitor and Analyze Network
Activities.
You will perform a network analysis on the Wireshark files provided to
you in Workspace and assess the network posture and any vulnerability
or suspicious information you are able to obtain. Include this
information in the SAR.
You will then return to the lab in order to identify any suspicious
activities on the network, through port scanning and other techniques.
You will revisit the lab and lab instructions in Step 7: Suspicious
Activity.
In order to validate the assets and devices on the organization's network,
run scans using security and vulnerability assessment analysis tools such
as MBSA, OpenVAS, Nmap, or Nessus depending on the operating
systems of your organization's networks. Live network traffic can also

be sampled and scanned using Wireshark on either the Linux or
Windows systems. Wireshark allows you to inspect all OSI layers of
traffic information. Further analyze the packet capture for network
performance, behavior, and any suspicious source and destination
addresses on the networks.
In the previously created Wireshark files, identify if any databases had
been accessed. What are the IP addresses associated with that activity?
Include this information in the SAR.
Step 4: Identifying Security Issues
You have a suite of security tools, techniques, and procedures that can
be used to assess the security posture of your organization's network in a
SAR.
Now it's time to identify the security issues in your organization's
networks. You have already used password cracking tools to crack weak
and vulnerable passwords. Provide an analysis of the strength of
passwords used by the employees in your organization. Are weak
passwords a security issue for your organization?
Step 5: Firewalls and Encryption
Next, examine these resources on firewalls and auditing–RDBMS
related to the use of the Relational Database Management System (i.e.,
the database system and data) RDBMS. Also review these resources
related to access control.
Determine the role of firewalls and encryption, and auditing – RDBMS
that could assist in protecting information and monitoring the

confidentiality, integrity, and availability of the information in the
information systems.
Reflect any weaknesses found in the network and information system
diagrams previously created, as well as in the developing SAR.
Step 6: Threat Identification
You know of the weaknesses in your organization's network and
information system. Now you will determine various known threats to
the organization's network architecture and IT assets.
Get acquainted with the following types of threats and attack techniques.
Which are a risk to your organization?
• IP address spoofing/cache poisoning attacks
• denial of service attacks (DoS)
• packet analysis/sniffing
• session hijacking attacks
• distributed denial of service attacks
In identifying the different threats, complete the following tasks:
1. Identify the potential hacking actors of these threat attacks on
vulnerabilities in networks and information systems and the types of
remediation and mitigation techniques available in your industry, and for
your organization.
2. Identify the purpose and function of firewalls for organization
network systems, and how they address the threats and vulnerabilities
you have identified.

3. Also discuss the value of using access control, database transaction
and firewall log files.
4. Identify the purpose and function of encryption, as it relates to files
and databases and other information assets on the organization's
networks.
Include these in the SAR.
Step 7: Suspicious Activity
Note: You will utilize the tools in Workspace for this step.
Hackers frequently scan the Internet for computers or networks to
exploit. An effective firewall can prevent hackers from detecting the
existence of networks. Hackers continue to scan ports, but if the hacker
finds there is no response from the port and no connection, the hacker
will move on. The firewall can block unwanted traffic and NMap can be
used to self-scan to test the responsiveness of the organization's network
to would-be hackers.
Select the following link to enter Workspace and conduct the port
scanning. Return to the lab instructions by clicking here to access the
Project 3 Workspace Exercise Instructions.
Step 8: Risk and Remediation
What is the risk and what is the remediation? What is the security
exploitation? You can use the OPM OIG Final Audit Report findings
and recommendations as a possible source for methods to remediate
vulnerabilities.
Read this risk assessment resource to get familiar with the process, then
prepare the risk assessment. Be sure to first list the threats, then the

vulnerabilities, and then pairwise comparisons for each threat and
vulnerability, and determine the likelihood of that event occurring, and
the level of impact it would have on the organization. Use the OPM OIG
Final Audit Report findings as a possible source for potential
mitigations. Include this in the risk assessment report (RAR).
Step 9: Creating the SAR and RAR
Your research and Workspace exercise have led you to this moment:
creating your SAR and RAR. Consider what you have learned in the
previous steps as you create your reports for leadership.
Prepare a Security Assessment Report (SAR) with the following
sections:
1. Purpose
2. Organization
3. Scope
4. Methodology
5. Data
6. Results
7. Findings
The final SAR does not have to stay within this framework, and can be
designed to fulfill the goal of the security assessment.
Prepare a Risk Assessment Report (RAR) with information on the
threats, vulnerabilities, likelihood of exploitation of security weaknesses,
impact assessments for exploitation of security weaknesses, remediation,

and cost/benefit analyses of remediation. Devise a high-level plan of
action with interim milestones (POAM), in a system methodology, to
remedy your findings. Include this high-level plan in the RAR.
Summarize the results you obtained from the vulnerability assessment
tools (i.e., MBSA and OpenVas) in your report.
1. Security Assessment Report (SAR): This should be an 8-10 page
2. Risk Assessment Report (RAR): This report should be a 5-6 page
• 1.2: Develop coherent paragraphs or points so that each is internally
unified and so that each functions as part of the whole document or
presentation.

• 1.3: Provide sufficient, correctly cited support that substantiates the
writer’s ideas.
• 1.4: Tailor communications to the audience.
audience.
• 5.2: Knowledge of architectural methodologies used in the design and
development of information systems and knowledge of standards that
either are compliant with or derived from established standards or
guidelines.
• 5.6: Explore and address cybersecurity concerns, promote awareness,
best practice, and emerging technology.
• 7.3: Knowledge of methods and tools used for risk management and
mitigation of risk.
• 8.1: Demonstrate the abilities to detect, identify, and resolve host and
network intrusion incidents.
• 8.2: Possess knowledge and skills to categorize, characterize, and
prioritize an incident as well as to handle relevant digital evidence
appropriately.
===============================================
CYB 610 Project 4 Threat Analysis and Exploitation

Project 4 Threat Analysis and Exploitation
CYB610 Project 4 You are part of a collaborative team that was created
to address cyber threats and exploitation of US financial systems critical
infrastructure. Your team has been assembled by the White House Cyber
National security staff to provide situational awareness about a current
network breach and cyber attack against several financial service
institutions. Your team consists of four roles, a representative from the
financial services sector who has discovered the network breach and the
cyber attacks. These attacks include distributed denial of service attacks,
DDOS, web defacements, sensitive data exfiltration, and other attack
vectors typical of this nation state actor. A representative from law
enforcement who has provided additional evidence of network attacks
found using network defense tools. A representative from the
intelligence agency who has identified the nation state actor from
numerous public and government provided threat intelligence reports.
This representative will provide threat intelligence on the tools,
techniques, and procedures of this nation state actor. A representative
from the Department of Homeland Security who will provide the risk,
response, and recovery actions taken as a result of this cyber threat.
Your team will have to provide education and security awareness to the
financial services sector about the threats, vulnerabilities, risks, and risk
mitigation and remediation procedures to be implemented to maintain a
robust security posture. Finally, your team will take the lessons learned

from this cyber incident and share that knowledge with the rest of the
cyber threat analysis community. At the end of the response to this cyber
incident, your team will provide two deliverables, a situational analysis
report, or SAR, to the White House Cyber National security staff and an
After Action Report and lesson learned to the cyber threat analyst
community.
US critical infrastructure-power—water, oil and natural gas, military
systems, financial systems—have become the target of cyber and
physical attacks as more critical infrastructure systems are integrated
with the Internet and other digital controls systems. The lesson learned
in defending and mitigating cyberattacks is that no entity can prevent or
resolve cyberattacks on its own. Collaboration and information sharing
is key for success and survival.
This is a group exercise, representing collaboration across all sectors, to
support and defend US critical infrastructure. In the working world, a
team like this would include some agencies, some industrial partners,
and some private sector corporations. Each organization has different
strengths and skills, different access to information, and different
authorities to report to. When the sectors work together and leverage
resources and skills, the result is that everyone benefits from the defense
and protection of US IT infrastructure. In your teams, you can model the
same collaboration, leveraging each other's expertise, sharing each
other's knowledge, teaching each other, and providing contributions
specific to your role in the scenario.
• Financial Services Representative: special task in Step 3
• Law Enforcement Representative: special task in Step 4

• Intelligence Agency Representative: special task in Step 5
• Homeland Security Representative: special task in Step 6
There are seven steps that will help you create your final deliverables.
1. Security Assessment Report (SAR): This report should be a 14-15
page double-spaced Word document with citations in APA format. The
page count does not include figures, diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 10-15 page
3. This is a 5-8 slide PowerPoint presentation for executives along with a
narrated or In-Class Presentation summarizing your SAR and AAR
report.
• 4.1: Lead and/or participate in a diverse group to accomplish projects
and assignments.
• 4.3: Contribute to team projects, assignments, or organizational goals
as an engaged member of a team.

• 8.4: Possess knowledge of proper and effective communication in case
of an incident or crisis.
Step 1: Establishing Roles
As described in the scenario, you will be working in a small team
(usually five members). Your instructor has provided an area for your
group discussions, collaboration, and file sharing. Take some time to
learn about your teammates (introductions, LinkedIn profiles and bios)
to understand the experience and expertise of the team members.
Studies on teamwork outline the typical team stages of forming,
storming, norming, and performing (see Tuckman, Bruce W. (1965),
"Developmental sequence in small groups," Psychological Bulletin, 63,
384-399.) This guidance on teamwork may be helpful.
In order to do well, you and your team members must start
communicating or "forming" immediately and discuss how you will
divide the work. Review the project and if you have portions of the work
that play well to your strengths, make this known to your team members.
Then develop a project plan and schedule to get the work done.
Finally, agree on a communications plan, which allows your team
members to know where the project stands. During this stage, you may
have disagreements or differences of opinion about roles and division of
work. This is a normal aspect of "storming."
Once you start agreeing on roles and tasks, you are well on your way to
"norming." You should settle on a collaboration space and share drafts
of your work in your classroom team locker so your team members and
the instructor can see the work progression. All team members must

contribute, but the deliverables need to be cohesive. Therefore, each of
you will need to review each other's work and help each other.
While you may have to use collaborative tools outside the classroom,
maintain the key documents in the respective team project locker in the
classroom. Your team will use this area to establish ground rules for
communication and collaboration. Team members will gain an overview
of the entire project, establish roles, agree on the division of work, and
complete and sign the Team Project Charter.
If you decide to use Google Docs for your collaborative work, you could
also choose a Google drive with appropriate sharing with your team
members and your instructor, and provide information on this in your
team locker. Part of teamwork is looking at each other's work and
providing constructive feedback and improvements.
If you sense problems during your team communications sessions,
discuss risk management and project adjustments your team may need to
make. If you sense trouble, contact your instructor and request
intervention as soon as you recognize issues.
After the plan is completed, elect one person to attach or link the final
document to the team project locker. This step should have been
completed early in the term between Weeks 2 and 4.
Setting up the team roles and expectations is an important part of this
project and completing the charter is critical to the project's success.
When you have completed this important step, move to the next step.
Step 2: Assessing Suspicious Activity

Your team is assembled and you have a plan. It's time to get to work.
You have a suite of tools at your disposal from your work in Project 1,
Project 2, and Project 3, which can be used together to create a full
common operating picture of the cyber threats and vulnerabilities that
are facing the US critical infrastructure. Begin by selecting the following
links to brush up on your knowledge:
1. network security
2. mission critical systems
3. penetration testing
To be completed by all team members: Leverage the network security
skills of using port scans, network scanning tools, and analyzing
Wireshark files, to assess any suspicious network activity and network
vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative: Provide a
description of the impact the threat would have on the financial services
sector. These impact statements can include the loss of control of the
systems, the loss of data integrity or confidentiality, exfiltration of data,
or something else. Also provide impact assessments as a result of this
security incident to the financial services sector.
To be completed by all team members: Provide submissions from the
Information Sharing Analysis Councils related to the financial sector.
You can also propose fictitious submissions. Also, review the resources
for Industrial Control Systems, and advise the importance of them to the

financial services sector. Explain the risks associated with the Industrial
Controls Systems.
Step 4: Law Enforcement
To be completed by the Law Enforcement Representative: Provide a
description of the impact the threat would have on the law enforcement
sector. These impact statements can include the loss of control of
systems, the loss of data integrity or confidentiality, exfiltration of data,
or something else. Also provide impact assessments as a result of this
security incident to the law enforcement sector.
Step 5: The Intelligence Community
To be completed by all team members: Provide an overview of the life
cycle of a cyber threat. Explain the different threat vectors that cyber
actors use, and provide a possible list of nation-state actors that have
targeted the US financial services industry before.
Review this threat response and recovery resource and use what you
learned from the resource to provide or propose an analytical method in
which you are able to detect the threat, identify the threat, and perform
threat response and recovery. Identify the stage of the cyber threat life
cycle where you would observe different threat behaviors. Include ways
to defend against the threat, and protect against the threat. Provide this
information in the SAR and AAR.
To be completed by the Intelligence Community Representative:
Provide intelligence on the nation-state actor, their cyber tools,
techniques, and procedures. Leverage available threat reporting such as

from FireEye, Mandiant, and other companies and government entities
that provide intelligence reports. Also include the social engineering
methods used by the nation-state actor and their reasons for attacking US
critical infrastructure. Include this information in the SAR and AAR.
Step 6: Homeland Security
To be completed by the Homeland Security Representative: Use the US-
CERT and other similar resources to discuss the vulnerabilities and
exploits that might have been used by the attackers.
Explore the resources for risk mitigation and provide the risk, response,
and risk mitigation steps that should be taken if an entity suffers the
same type of attack.
To be completed by all team members: Provide a risk-threat matrix and
provide a current state snapshot of the risk profile of the financial
services sector. These reports will be part of an overall risk assessment,
which will be included in the SAR and AAR.
Review and refer to this risk assessment resource to aid you in
developing this section of the report.
Step 7: The SAR and AAR
All team members: After you compile your research, and your own
critical assessments and analysis, determine which information is
appropriate for a Security Assessment Report (SAR) that will be
submitted to the White House, and an After Action Report (AAR) that
will be submitted to the rest of the analyst community.
1. Prepare your SAR for the White House Cyber National Security Staff,
describing the threat, the motivations of the threat actor, the

vulnerabilities that are possible for the threat actor to exploit, current and
expected impact on US financial services critical infrastructure, the path
forward to eliminate or reduce the risks, and the actions taken to defend
and prevent against this threat in the future.
2. Prepare the AAR. This knowledge management report will be
provided to the cyber threat analyst community, which includes the
intelligence community, the law enforcement community, the defense
and civilian community, the private sector, and academia. The purpose
of the AAR is to share the systems life cycle methodology, rationale,
and critical thinking used to resolve this cyber incident.
1. Security Assessment Report (SAR): This report should be a 14-15
page double-spaced Word document with citations in APA format. The
page count does not include figures, diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 10-15 page
3. A 5-8 slide PowerPoint presentation for executives along with
narration or In-Class presentation by each team member summarizing a
portion of your SAR and AAR report.

• 4.1: Lead and/or participate in a diverse group to accomplish projects
and assignments.
• 4.3: Contribute to team projects, assignments, or organizational goals
as an engaged member of a team.
• 8.4: Possess knowledge of proper and effective communication in case
of an incident or crisis.
===============================================
CYB 610 Project 5 Cryptography
Project 5 Cryptography

CYB610 Project 5 You are an enterprise security architect for a
company in a semiconductor manufacturing industry where maintaining
competitive advantage and protecting intellectual property is vital.
You're in charge of security operations and strategic security planning.
Your responsibilities include devising the security protocols for
identification, access, and authorization management. You recently
implemented cryptography algorithms to protect the information
organization. Leadership is pleased with your efforts and would like you
to take protection methods even further. They've asked you to study
cyber-attacks against different cryptography mechanisms and deploy
access control programs to prevent those types of attacks. We'd like you
to create plans for future security technology deployments, says one
senior manager. And provide documentation so that others can carry out
the deployments. A director chimes in, but you should also devise a
method for ensuring the identification, integrity, and non-repudiation of
information in transit at rest and in use within the organization. As the
enterprise security architect, you are responsible for providing the
following deliverables. Create a network security vulnerability and
threat table in which you outline the security architecture of the
organization, the cryptographic means of protecting the assets of the
organizations, the types of known attacks against those protections, and
means to ward off the attacks. This document will help you manage the
current configuration of the security architecture. Create a Common
Access Card, CAC deployment strategy, in which you describe the CAC
implementation and deployment and encryption methodology for
information security professionals. Create an email security strategy in
which you provide the public key, private key hashing methodology to
determine the best key management system for your organization. These
documents will provide a security overview for the leadership in your
company

Encryption uses cryptographic algorithms to obfuscate data. These
complex algorithms transform data from human readable plaintext into
encrypted cipher text. Encryption uses the principles of substitution and
permutation to ensure that data is transformed in a non-deterministic
manner by allowing the user to select the password or a key to encrypt a
message. The recipient must know the key in order to decrypt the
message, translating it back into the human readable plaintext.
There are six steps that will lead you through this project. After
beginning with the workplace scenario, continue to Step 1: "IT Systems
Architecture."
1. Create a single report in Word document format. This report should
be about 10 pages long, double-spaced, with citations in APA format.
Page count does not include diagrams or tables. The report must cover
the following:
o network security and threat table
o Common Access Card deployment strategy
o e-mail security strategy
2. In a Word document, share your lab experience and provide
screenshots to demonstrate that you performed the lab.
audience.

• 1.7: Create neat and professional looking documents appropriate for
the project or presentation.
• 2.1: Identify and clearly explain the issue, question, or problem under
critical consideration.
• 2.2: Locate and access sufficient information to investigate the issue or
problem.
• 2.4: Consider and analyze information in context to the issue or
problem.
• 3.2: Employ mathematical or statistical operations and data analysis
techniques to arrive at a correct or optimal solution.
• 5.1: Knowledge of procedures, tools, and applications used to keep
data or information secure, including public key infrastructure, point-to-
point encryption, and smart cards.
Step 1: IT Systems Architecture
You are a senior-level employee and you must tailor your deliverables to
suit your audience: the leadership of the organization. You may choose
to use a fictitious organization, or model your organization on an
existing organization, including proper citations.
Leadership is not familiar with the architecture of the IT systems, nor are
they familiar with the types of threats that are likely or the security
mechanisms in place to ward off those threats. You will provide this
information in tabular format and call it the Network Security and
Vulnerability Threat Table. Refer to this threat table template for
guidance on creating this document.

Before you begin, select the links below to review some material on
information security. These resources will help you complete the
network security and vulnerability threat table.
• LAN security
• Availability
Now you’re ready to create your table. Include and define the following
components of security in the architecture of your organization, and
explain if threats to these components are likely, or unlikely:
• LAN security
• identity management
• physical security
• personal security
• availability
• privacy
Next, review the different types of cyberattacks described in the
following resource: cyberattacks. As you’re reading take note of which
attacks are most likely to affect your organization. Then list the security
defenses you employ in your organization to mitigate these types of
attacks. Include this information in your Network Security and
Vulnerability Threat Table.
Step 2: Plan of Protection

Note: You will utilize the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Primary lab assistance is available from a team of lab
assistants. Lab assistants are professionals and are trained to help you.
the Lab Setup.
Next, select the following link to enter Workspace and complete the lab
exercises.
Explore the tutorials and user guides to learn more about the tools you
will use.
In this lab exercise, you will learn more about the transmission of files
that do not seem suspicious but that actually have embedded malicious
payload, undetectable to human hearing or vision. This type of threat can
enter your organization’s networks and databases undetected through the
use of steganography or data hiding. You should include this type of
threat vector to an organization in your report to leadership. Research
how organizations can monitor, identify and remedy those files with
embedded files and data, and provide these as recommendations for your
leadership.
You will have to provide the leadership of your organization with your
plan for protecting identity, access, authorization and nonrepudiation of
information transmission, storage, and usage.
Research scholarly works on nonrepudiation measures and discuss
options for protecting the integrity of an organization's information

assets, which include files, networks, databases, and e-mail, and include
this in your lab report.
Step 3: Data Hiding Technologies
You will describe to your organization the various cryptographic means
of protecting its assets. Select the links below to review encryption
techniques and encryption technologies, then provide your organization
with a brief overview of each.
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES
6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
Data Hiding Technologies
1. Information hiding and steganography
2. Digital watermarking
3. Masks and filtering

These descriptions will be included in the network security vulnerability
and threat table for leadership.
Step 4: Creating the Network Security Vulnerability and Threat Table
Using the information you've gathered from the previous steps, prepare
the network security vulnerability and threat table, in which you outline
the following:
• security architecture of the organization
• the cryptographic means of protecting the assets of the organization
• the types of known attacks against those types of protections
• means to ward off the attacks
Create your Network Security Vulnerability and Threat Table, and
include it in your submission to the organization. Please refer to this
threat table template for guidance on creating this document.
Step 5: Access Control Based on Smart Card Strategies
Smart cards use encryption chips to identify the user, their identity, role,
and sometimes use their personal identifiable information (PII). Two
examples of smart cards are the federal government’s use of common
access cards (CACs), and the financial sector’s use of encryption chips
in credit cards.
You have completed your threat table, and you've decided that you want
to modernize the access control methods for your organization. To that
end, you read the following resources to gather some background

information on access control and the various encryption schemas
associated with the Common Access Card (CAC):
• Access control
• Common access Card (CAC)
You plan to deploy CAC to the company and you are tasked with
devising that CAC deployment strategy, which includes the
cryptographic solutions used with the CAC.
In the Common Access Card Deployment Strategy final deliverable,
describe how identity management would be a part of your overall
security program and your CAC deployment plan:
Create your Common Access Card Deployment Strategy and include it
in your submission to the organization.
Step 6: The Email Security Strategy
After completing the CAC, your next step is to build the Secure Email
Strategy for the organization. You will present this tool to your
leadership.
Provide an overview of the types of public-private key pairing, and show
how this provides authentication and nonrepudiation. You will also add
hashing, and describe how this added security benefit ensures the
integrity of messaging.
Begin preparing your strategy by reviewing the following resources that
will aid you in becoming well informed on encryption technologies for
e-mail:
• Public Key Infrastructure (PKI)
• iOS encryption

• Blackberry encryption
Then start developing your strategy. Define these strong encryption
technologies as general principles in secure email:
Pretty Good Policy (PGP algorithm)
• GNU Privacy Guard (GPG)
• Public Key Infrastructure (PKI)
• Digital signature
• Mobile device encryption (e.g., iOS encryption and Blackberry
encryption)
In your report, also consider how the use of smart card readers tied to
computer systems might be beneficial in the future enhancements to
system and data access protection. This may help you define long-term
solutions for your leadership.
Leadership does not know the costs and technical complexity of these
email encryption strategies. To further their understanding, compare the
complexities of each in relation to the security benefits, and then make a
recommendation and a deployment plan.
1. Create a single report in Word document format. This report should
be about 10 pages long, double-spaced, with citations in APA format.
Page count does not include diagrams or tables. The report must cover
the following:
o network security and threat table
o Common Access Card deployment strategy

o e-mail security strategy
screenshots to demonstrate that you performed the lab.
audience.
• 1.7: Create neat and professional looking documents appropriate for
the project or presentation.
• 2.1: Identify and clearly explain the issue, question, or problem under
critical consideration.
• 2.2: Locate and access sufficient information to investigate the issue or
problem.
• 2.4: Consider and analyze information in context to the issue or
problem.

• 3.2: Employ mathematical or statistical operations and data analysis
techniques to arrive at a correct or optimal solution.
• 5.1: Knowledge of procedures, tools, and applications used to keep
data or information secure, including public key infrastructure, point-to-
point encryption, and smart cards.
===============================================
CYB 610 Project 6 Digital Forensics Analysis
• Project 6 Digital Forensics Analysis
Project 6 Start Here
This project will provide an introduction to digital forensic analysis.
Digital forensic analysis is used to review and investigate data collected
through digital communications and computer networks. The National
Institute for Standards and Technology (NIST) has defined four
fundamental phases for forensic analysis: collection, examination,
analysis, and reporting. You will learn more about these concepts as you

navigate throughout the steps of this project and read the literature and
links found in each step.
There are four steps that will lead you through this project. Begin with
Step 1: “Methodology. The deliverables for this project are as follows:
1. Digital Forensic Research Paper: This should be a five-page double-
spaced Word document with citations in APA format. The page count
does not include diagrams or tables.
screenshots to demonstrate that you completed the lab.
• 5.3: Uses defensive measures and information collected from a variety
of sources to identify, analyze, and report events that occur or might
occur within the network in order to protect information, information
systems, and networks from threats.
• 8.6: Provides professional preparation for computer digital forensics,
investigation of crime, and preservation of digital evidence in criminal
and civil investigations and information security incident response.
• 8.7: Provide theoretical basis and practical assistance for all aspects of
digital investigation and the use of computer evidence in forensics and
law enforcement.
Step 1: Methodology
The methodology includes following a systems process. Identify the
requirements, purpose, and objectives of the investigation. Click the

links below to review information that will aid in conducting and
documenting an investigation:
• secure programming fundamentals
• forensics fundamentals
Learn about the investigation methodology. Consider secure
programming fundamentals. Define the digital forensics analysis
methodology, and the phases of the digital forensics fundamentals and
methodology, including the following:
1. preparation
2. extraction
3. identification
4. analysis
This information will help you understand the process you will use
during an investigation.
Step 2: Tools and Techniques
Select the following links to learn about forensics analysis tools,
methods, and techniques:
1. forensics analysis tools
2. web log and session analysis
3. hash analysis
Step 3: Exploring Forensic Tools

Note: You will utilize the tools in Workspace for this step. If you need
help outside the classroom, you can register for the CLAB 699 Cyber
Computing Lab Assistance (go to the Discussions List for registration
information). Primary lab assistance is available from a team of lab
assistants. Lab assistants are professionals and are trained to help you.
the Lab Setup.
Select the following link to enter Workspace. Complete the forensic
tools exercise provided in this lab. Explore the tutorials and user guides
to learn more about various types of digital forensic tools.
You will learn about the different types of tools, techniques, and
analyses.
Step 4: Digital Forensics Research Paper
Now that you have learned basics of digital forensics analyses and
methodology, and have experienced one of the common forensic tools,
use the material presented in this project as well as research you've
conducted outside of the course materials to write a research paper that
addresses the following:
1. digital forensic methodology
2. the importance of using forensic tools to collect and analyze evidence
(e.g., FTK Imager and EnCase)
3. hashing in the context of digital forensics

4. How do you ensure that the evidence collected has not been tampered
with (i.e., after collection)? Why and how is this important to prove in a
court of law?
1. Digital Forensic Research Paper: This should be a five-page double-
spaced Word document with citations in APA format. The page count
does not include diagrams or tables.
screenshots to demonstrate that you completed the lab.
• 5.3: Uses defensive measures and information collected from a variety
of sources to identify, analyze, and report events that occur or might
occur within the network in order to protect information, information
systems, and networks from threats.
• 8.6: Provides professional preparation for computer digital forensics,
investigation of crime, and preservation of digital evidence in criminal
and civil investigations and information security incident response.
• 8.7: Provide theoretical basis and practical assistance for all aspects of
digital investigation and the use of computer evidence in forensics and
law enforcement.

===============================================

CYB 610 Effective Communication/tutorialrank.com

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (19)

Semelhante a CYB 610 Effective Communication/tutorialrank.com

Semelhante a CYB 610 Effective Communication/tutorialrank.com (12)

Último

Último (20)

CYB 610 Effective Communication/tutorialrank.com