Assignment Due 7 December at 1500EST (

profileShiaRo
Home>Homework Answsers>Computer Science homework help

I'm responsible for writing on countermeasures. Teams working on the hospital references. Write on COUNTERMEASURES only.

 

Team Assignment Rules:

1) Team Assignment is required for every student as an important component of graduate education.
2) Team memberships are assigned by the instructor objectively according to the alphabetical order of student last names with no exceptions.
3) Instruction will not entertain personal preferences from students in assigning team membership.
4) Each team size can be 5, 6, or 7 in this order of preference. The instructor will use size 7 only in extenuating circumstances. Initial team size difference between any two teams should be no more than 1. 
5) Each team shall select a team leader to coordinate the progress and outline the milestones within two weeks after receiving the Team Assignment.
6) Individual grade on the team assignment may vary based on student peer reviews and instructor evaluation of actual individual participation and contribution.

Team Assignment:

Objectives: 

(1) Assess the primary cyber threats and vulnerabilities associated with an organization’s mission-critical information systems and corrective measures.

(2) Increase hands-on skills and defense strategies by attacking a web application to steal "sensitive" data.

Competencies: Teambuilding skills, systems thinking, developing strategic recommendations for organizations based on holistic interdisciplinary cybersecurity principles.

Instructions:

(1) Review the entire interactive case study for Jacket-X Corporation (both parts) presented in the Course Content area of the classroom (Click the “Case Studies” link). 

Analyze and report the threats and vulnerabilities of the enterprise network for Jacket-X Corporation and recommend countermeasures to address these threats and vulnerabilities.  

 (2) This step will have your student team explore cases where Hospitals and Law Enforcement have been reported to have suffered cyber attacks.  This assignment is a review and research exercise, with the final product being a team Security Assessment Report (SAR) and an Assessment Action Report (AAR).

Consider that your team has been hired by a Law Enforcement agency to study the cases, provide assessments about the case, and to provide some recommendations for testing similar computer systems at other hospitals and law enforcement agencies.

 

Your team should analyze the case materials, in the references provided below, to determine what type of threat, what type of vulnerabilities, and what type of attack might have been performed in each case from what was reported in the article.  Attempt to determine the tools, techniques, and procedures (TTPs) used by the hackers in performing the cyber attacks.  You should also do a literature search on the case to see if any more information has been reported, aside from what is mentioned in the reference articles.

Having gone through the prior two projects lab exercises, determine how you would use the tools that you now know about to check the vulnerabilities of their systems and web sites.  Determine the tools, techniques, and procedures (TTPs) that you might use to exploit the web application and / or the hospital or law enforcement systems. Provide this in the SAR and provide the information on your proposed methods to test the ability to gather information and penetrate a system with the purpose of doing a vulnerability test in the AAR.

Determine if what was learned about the methods for exploitation might also be applicable to the financial services sector and provide research to justify your claim. What are the threats and vulnerabilities of the website applications used to interact with the public?  Does providing a web portal for login before using the website application provide more security, or are there potential username / password issues that could be exploited by tools of such as Cain and Abel, nmap, Nessus, Wireshark or others?  Identify possible countermeasures. Include this information in the SAR and AAR.

References:

 

Cyber attacks on hospitals:

Attack on MedStar:

http://fortune.com/2016/03/29/hackers-medstar-cyber-attack/

 

Ransomware attack on hospitals:

http://www.politico.com/story/2016/07/cyber-ransom-attacks-panic-hospitals-congress-225791

 

Increase in attacks on hospitals:

http://www.politico.com/states/new-york/albany/story/2016/04/as-cyber-attacks-rise-hospitals-seek-to-protect-medical-records-067223

 

Hospitals as critical infrastructures:
http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf

 

Top cyber attacks on hospitals:
http://resources.infosecinstitute.com/the-5-most-visible-cyber-attacks-on-hospitals/

 

Countering ransomware:
http://www.healthcareitnews.com/news/tips-protecting-hospitals-ransomware-cyber-attacks-surge

 

Hospitals, the hackers new targets?
https://www.washingtonpost.com/news/wonk/wp/2016/04/01/under-pressure-to-digitize-everything-hospitals-are-hackers-biggest-new-target/

 

Hospital vulnerabilities to cyber attacks:
https://nakedsecurity.sophos.com/2016/02/26/hospitals-vulnerable-to-cyber-attacks-on-just-about-everything/

 

Cyber attacks on law enforcement

Cyber terrorism on police departments:
http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=2037&issue_id=32010

 

Police departments encounters with ransomware:
http://www.cnbc.com/2016/04/26/ransomware-hackers-blackmail-us-police-departments.html

 

Cyber crime investigation by FBI:
https://www.fbi.gov/investigate/cyber

 

DHS Report on cyber attacks on police and emergency services:
https://publicintelligence.net/dhs-cyber-threats-emergency-services/

 

FBI warning to law enforcement of cyber threats to them:
http://freebeacon.com/national-security/fbi-warns-law-enforcement-on-hacker-attacks/

 

Police vulnerabilities to cyber threats:
https://www.fastcompany.com/3055955/police-departments-are-vulnerable-to-cyber-threats-as-evidence-goes-digital?partner=rss

 

US-Cert warns of cyber threats on law enforcement:
https://www.us-cert.gov/ncas/current-activity/2015/04/21/IC3-Warns-Cyber-Attacks-Focused-Law-Enforcement-and-Public

 

Cybersecurity guide for state and local law providers:
https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/NCAPCybersecurityGuide-2016.pdf

 

INTERPOL report on cyber crime:
http://www.interpol.int/Crime-areas/Cybercrime/Cybercrime

 

Arizona Police Department hacks:
http://www.wsj.com/articles/SB10001424052702304450604576415873494181848

Team Project Deliverables:

The deliverable for each team is a 10-15 page double-spaced written report

The report contains two parts: Jacker-X and Attacks on Healthcare Organizations. The report should include a title, abstract, main text with section headings, sub-headings, conclusion and references. The page count DOES NOT include figures, tables and table of contents.

 

    • 10 years ago
    • 40
    Report issue
    Answer(1)
    profile
    Shining Star 001
    4.8 (168)
    4.8 (24)
    Chat

    Purchase the answer to view it

    blurred-text
    NOT RATED
    • attachment
      countermeasures.docx
    Bids(0)