Project Progress Report
ISEC 690 – Project Proposal
Please use this document as the template while preparing your project proposal for instructor feedback and approval.
Name:
ID:
Today’s Date: 3/2/2024
Please select one:
☒ Review Paper --> Please fill out Section 1 only
☒ Capstone Project --> Please fill out Section 2 only
Section 1: Review Paper
What kind of review are you planning to do? Please provide details. (Comparisons, analysis of a particular solution, synthesis of solutions, etc.)
The SecOps project will analyze Incident Response Plans (IRPs) for conformance with NIST SP 800-61. The review will compare and analyze organization IRPs to determine their NIST compliance. The examination will begin with the collecting of Incident Response Plans from various organizations. These companies could be in varied sectors, sizes, and models. A broad sample of incident response tactics across sectors is the goal. This approach provides a holistic view of organizations' incident response development and implementation issues and best practices.
Next, we'll examine NIST SP 800-61's Computer Security Incident Handling guidelines. These include preparation, detection, analysis, containment, eradication, recovery, and post-incident activity. These stages will be carefully analyzed in the gathered IRPs to identify strengths, shortcomings, and opportunities for improvement. The purpose is to assess NIST compliance and develop novel and effective techniques that can be incorporated into a strong Incident Response Plan. Additionally, the review will focus on IRP flexibility and scalability. Cybersecurity risks are constantly changing, therefore an IRP must be adaptable to address them. The analysis will determine how successfully each IRP adapts to threat landscape and operational changes. Creating a responsive and future-proof Incident Response Plan for a real-world customer requires this.
Solution synthesis will require constructing a unified model from the analyzed IRPs' most effective and efficient aspects. The real-world client's needs and operating setting will shape this model. The synthesis solution seeks to provide a complete and adaptive incident response framework by combining the strengths of diverse plans and aligning with NIST SP 800-61.
What are the primary motivations for choosing that particular topic? (Such as connection with your career or career plans, gaps in the market, original ideas on new service models) –
The project's topic is Security Operations (SecOps). This topic was chosen for various compelling reasons related to its relevance and impact on modern information security. As a student studying information security, the initiative fits my professional goals. An academic project on SecOps allows you to apply theoretical knowledge to real-world settings, improving your grasp of security operations, incident response, and risk management. The growing complexity and sophistication of cyber threats facing enterprises is the main motivation. Malicious actors' tactics evolve with technology. Integrating security principles into operational operations makes SecOps essential for proactively recognizing, mitigating, and responding to security problems. The initiative seeks to fill gaps in traditional security approaches and provide insights and strategies for a more dynamic and adaptive security posture. Market demands and industry developments drive SecOps selection. The demand for a holistic and collaborative security approach is expanding as the threat landscape evolves. SecOps emphasizes security-operations teamwork to break down silos and create a more responsive and resilient security environment. Understanding and applying SecOps principles can make me more marketable and valuable to potential employers. The project also follows changing regulations and industry requirements. Milestone 1 mentions NIST SP 800-61 compatibility, demonstrating the project's dedication to standards and best practices. This ensures the project's credibility and reliability and helps the client build a secure and compliant security infrastructure. .
The topic you selected (from the list provided in “ISEC 690 – Project Description Document” or your suggestion)
My topic is SecOps
Provide the names of at least three methods/tools/solutions/services that you are planning to include in your review.
1) Splunk Enterprise Security: This tool will be evaluated for its ability to provide real-time visibility into security events, facilitate incident detection, and streamline the incident response process.
2) IBM Resilient Incident Response Platform: The solution will be analyzed for its orchestration and automation capabilities, aiming to enhance the efficiency of incident response workflows in accordance with NIST SP 800-61.
3) Open-source Threat Intelligence Platforms (TIPs): Various open-source TIPs, such as MISP (Malware Information Sharing Platform & Threat Sharing), will be considered to assess their effectiveness in integrating threat intelligence into incident response strategies, ensuring a proactive and informed approach.
4)
5)
6)
What types of literature will you be reviewing? Please provide a couple of examples from grey literature and/or academia -- at least five articles/webpages in APA style.
1) Jørgensen, P. A. (2023). Masteravhandling-Security Operations (SecOps) and the Internet of Things (IoT) (Master's thesis).
2) Shahjee, D., & Ware, N. (2022). Integrated network and security operation center: A systematic analysis. IEEE Access, 10, 27881-27898.
3) Runzi, Z. H. A. N. G., & Wenmao, L. I. U. (2021). An intelligent security operation technology system framework AISecOps. Frontiers of Data and Domputing, 3(3), 32-47.
4) Deane, A. J., & Kraus, A. (2021). Security Operations.
5) Islam, M. A. (2023). Application of artificial intelligence and machine learning in security operations center. Issues in Information Systems, 24(4).
Section 2: Capstone Project
Describe the project by adding the company context into it –
Our company's SecOps project strengthens our cybersecurity and resilience to evolving threats. Cybersecurity is a business enabler in our digitalized corporate world. This initiative is targeted to our organizational issues and prospects, not just an academic exercise. Data confidentiality, integrity, and availability are essential in our sector, as in many others. Recognizing the cybersecurity landscape's complexity and the need to integrate our security practices with industry standards and best practices drove the SecOps effort. Cyber adversaries' methods change as digital transformation advances, requiring a comprehensive and flexible security strategy. By creating a methodical and well-orchestrated Incident Response Plan in compliance with NIST SP 800-61, the SecOps initiative meets this need. Executive leadership supports cybersecurity activities in our firm. Our company's security-first approach matches the project's incident response focus. Cybersecurity is a business priority, as shown by resource allocation and managerial stakeholder engagement. This top-down approach makes the SecOps project a strategic undertaking that supports the company's risk management and business continuity plan, not just an academic exercise. Moreover, the SecOps project also uses company resources, making it pragmatic and realistic. Current incident response documentation, historical event data, and internal security team collaboration provide nuanced and educated analysis. The project tailors the Incident Response Plan to the company's operating context to address obstacles and build on strengths. This guarantees that the project's proposals are grounded in our company's operations, improving the plan's effectiveness and practicality. The project incorporates the company's future. SecOps anticipates future difficulties and includes a forward-looking view into the Incident Response Plan as the organization extends its digital footprint and adopts new technologies. This proactive approach links the project with the company's growth trajectory, making the recommended plan a long-term solution that can adapt to the company's shifting risk picture.
What are the primary motivations for choosing that particular topic? (Company needs, support from your manager, your ease of access to company resources) –
The project topic, SecOps, was chosen due to its alignment with company needs, managerial backing, and company resources. First and foremost, the organization needs to improve its security. Businesses face increasingly sophisticated and persistent cyberattacks in the digital age. The organization understands the value of a strong security architecture and aligns its operations with best practices and standards. SecOps integrates security into daily operations to protect the organization's assets holistically and proactively. SecOps was chosen as the project topic to address the requirement for a comprehensive security plan that includes prevention, detection, and response. The possibility of managerial stakeholder endorsement boosts SecOps selection. Executive leadership often drives cybersecurity in many firms. The project topic shows the company's security-first approach. A project that covers critical security features including incident response planning in accordance with NIST SP 800-61 is expected to gain managerial endorsement and active support. This help is essential for implementing project suggestions and improving the Incident Response Plan to meet organizational goals. Easy access to firm resources boosts project feasibility. This includes current incident response documents, historical event data, and possible internal security team collaboration. This access allows a complete and accurate assessment of the organization's incident response landscape. It offers a comprehensive study of the current approach's strengths and weaknesses and tailors the proposed strategy to the company's needs and operational circumstances. This access to internal resources ensures the project's viability and helps create a customized Incident Response Plan that addresses the organization's particular issues and opportunities.
The topic you selected (from the list provided in “ISEC 690 – Project Description Document” or your suggestion)
My topic is SecOps
Explain how you will use the guide in your capstone project.
In my Capstone project, the utilization of authoritative guides such as NIST SP 800-37, the Federal Information Security Modernization Act (FISMA), PCI-DSS standard, and the NIST Cybersecurity Framework will be instrumental in shaping the methodology, governance, and overall effectiveness of the project. Each of these guides contributes unique perspectives and methodologies that align with industry standards and best practices, ensuring a comprehensive and robust approach to the project's objectives.
NIST SP 800-37: Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems
NIST SP 800-37 provides a structured and disciplined approach to risk management, specifically tailored for federal information systems. As my Capstone project involves the development of an Incident Response Plan (IRP), the guidance from SP 800-37 will be invaluable in the initial stages of risk assessment and categorization. Following the steps outlined in the RMF, I will identify and prioritize potential risks associated with the incident response process, ensuring a systematic and well-documented approach.
The continuous monitoring aspect of the RMF will also be integrated into the project, allowing for ongoing assessment and adaptation of the Incident Response Plan. This aligns with the dynamic nature of cybersecurity threats and ensures that the plan remains effective and up-to-date in the face of evolving risks. By adopting the principles of SP 800-37, the Capstone project will not only adhere to federal standards but also benefit from a comprehensive and methodical risk management framework.
Federal Information Security Modernization Act (FISMA)
FISMA serves as a foundational legislative framework for information security within federal agencies. In the context of my Capstone project, which focuses on the development of an Incident Response Plan, FISMA will guide the project in establishing a governance structure that emphasizes accountability, compliance, and risk management. Adhering to FISMA's mandates ensures that the Incident Response Plan aligns with federal regulations and provides a solid foundation for protecting sensitive information.
FISMA also emphasizes the importance of continuous monitoring, a principle that dovetails with the risk management framework outlined in NIST SP 800-37. By incorporating FISMA's requirements into the project, the Capstone will ensure that the Incident Response Plan not only meets federal standards but also adopts a proactive and adaptive approach to cybersecurity.
Payment Card Industry Data Security Standard (PCI-DSS)
Given the prevalence of financial transactions and the importance of safeguarding payment card information, the PCI-DSS standard becomes a crucial guide for my Capstone project. While PCI-DSS primarily focuses on the secure handling of payment card data, its principles can be applied to enhance the security posture of the overall organization, including incident response.
Incorporating PCI-DSS into the project will involve aligning incident response practices with the standard's requirements for data protection, access controls, and encryption. This ensures that the Incident Response Plan not only addresses general cybersecurity concerns but also aligns with industry-specific standards relevant to the organization's operational context. By leveraging PCI-DSS, the Capstone project aims to provide a comprehensive incident response framework that aligns with both industry standards and specific business requirements.
NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) is a widely recognized and adaptable guide for organizations to assess and improve their cybersecurity posture. The framework's core functions—Identify, Protect, Detect, Respond, and Recover—align seamlessly with the objectives of my Capstone project. The Identify function will guide the initial stages of the project, helping to define the scope, assets, and potential risks associated with incident response.
The Protect function will influence the design of the Incident Response Plan, emphasizing measures to safeguard critical assets and data. The Detect function will shape the proactive monitoring and detection capabilities embedded within the plan, ensuring timely identification of security incidents. The Respond function will guide the development of response strategies, while the Recover function will focus on post-incident recovery and resilience-building measures.
Moreover, the NIST CSF's emphasis on continuous improvement aligns with the iterative nature of incident response. By using the CSF as a guide, the Capstone project will not only develop a robust Incident Response Plan but also instill a culture of continuous improvement and adaptability within the organization's cybersecurity practices.
Integration of Guides in the Capstone Project
The integration of these guides will occur at various stages of the Capstone project, ensuring a comprehensive and cohesive approach:
1. Initiation and Planning: At the project's outset, NIST SP 800-37 will guide the initial risk assessment and categorization, laying the foundation for the subsequent development of the Incident Response Plan. FISMA mandates will inform the governance structure, ensuring alignment with federal standards.
2. Development: During the development phase, the principles of PCI-DSS will influence the design of the Incident Response Plan, particularly in terms of data protection, access controls, and encryption. The NIST Cybersecurity Framework will guide the incorporation of core functions into the plan, ensuring a holistic and well-rounded approach to incident response.
3. Implementation: As the Incident Response Plan is implemented, the continuous monitoring principles from NIST SP 800-37 and FISMA will ensure that the plan remains effective in addressing emerging risks. The CSF's emphasis on continuous improvement will be embedded in the ongoing assessment and refinement of incident response procedures.
4. Evaluation: Finally, the project's evaluation will involve assessing the effectiveness of the Incident Response Plan against the benchmarks set by NIST SP 800-37, FISMA, PCI-DSS, and the NIST Cybersecurity Framework. This evaluation will serve as a feedback loop, informing future iterations of the plan and contributing to the organization's overall cybersecurity maturity.