COMPUTER FORENSIC

Computer Forensics Group Project/Assignment

Assignment: Before you get hired and joined this Cybersecurity consultancy firm, you have been told that the company went through various cyber-attacks, and they do not have a well-established Forensics and or cybersecurity team to investigate post and/or pre-attack scenarios. The company have had a global presence and upon hire, you met and held recurrent meetings with the company Chief Information Officer (CIO) and Chief Technology Officer (CTO). Finally, you all agreed upon the fact that the organizations do not have a well-established Risk Management Framework as well as a Forensics Unit. So, you are tasked to develop a comprehensive risk management strategy for the enterprise/company. This company was established in March 2020 (literally during the outbreak of the COVID pandemic).

You may consider the following attributes as your basis for the development of your strategies.

 It’s a Cybersecurity consultancy firm and have had offices in Tokyo, Tallinn, and Cape Town – with the headquarter in Richmond, VA.

 The firm started its operation in March 2020 (during the COVID outbreak)  2000+ employees  Users in Tokyo and Tallinn are authenticated through a domain controller

hosted on-premise in their respective data center (which is on the same building), whereas users in Cape Town and Richmond are authenticated to Microsoft Azure Active Directory (AD) infrastructure hosted in Microsoft’s Azure cloud.

 They do not have any Forensics unit at all  Employees who work in the Headquarter use non-secure File Transfer

Protocol to upload/send data with users at the branch office  Most employees have Admin access to the company social media sites and

can post company updates (Facebook, Instagram, Pinterest, Twitter, LinkedIn,  Users in Tokyo, Tallinn, and Cape Town are using on-premise exchange server

for email management as opposed to Microsoft O356 - as in the case with Richmond users'

 80% of employees have little awareness on Cyber security and its associated risks

 The organization do not have any threat model or methodologies to follow. Threat model examples are MITRE’s ATT&CK, Lockheed Martin Cyber Kill Chain)

 They do not have different IT teams and creating of an IT team with different responsibilities is required

 Splunk Free is the Security information and event management (SIEM) software which all locations use.

 Each location has their own Configuration Control Board (CCB) and there is no centralized repository to track hardware/software inventory.

 Neither vulnerability management, nor incident response plan is formulated.  The Help Desk is in Richmond so that all users from Tallinn, Tokyo, and Cape

Town has to contact them for their technical issues. At times, when there is an outage on their corporate email platform (outlook), they communicate with Help Desk team in Richmond through public email domains, e.g., Gmail, Yahoo Mail.

GOAL: Develop a comprehensive risk management strategy so as to implement defense- in-depth in all locations. Provide a fictitious name to your project. Feel free to add different attributes which you deem is necessary to beef-up the overall security posture of the enterprise in question - as part of your risk management strategy.

RULES:

1. Your strategy/plan must be attainable and yet realistic

SUBMISSION: Word/PowerPoint/Video or Other means which includes:

 Introduction  Outlines your strategy/plan  Identifies actual and potential issues/risks  Discusses the severity level of the risks  Mitigation/remediation strategies  Conclusion

FINAL THOUGHTS:

 Be innovative and ensure your plan is executable.  NOTE: All group members are expected to present their research work on

Week 10 (Around March 25th time frame)