Project2-Template-IncidentResponsetemplate.docx

Project 2

Cover page

Table of Contents

Executive Summary

Goal: Develop a cybersecurity incident report (CIR) for management with an executive summary, along with an executive briefing for a company

Step 1: Develop a Wireless and BYOD Security Plan

“Wireless and BYOD Security Plan” section

· Provide an executive summary to answer other security concerns related to BYOD and wireless.

· Provide answers to the threat of unauthorized equipment or rogue access points.

· Describe how to detect rogue access points and how they can actually connect to the network.

· Describe how to identify authorized access points within your network.

· Include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.

Step 2: Track Suspicious Behavior

"Tracking Suspicious Behavior" section

· How would you track the location of the company asset?

· Explain how identity theft could occur.

· Explain how MAC spoofing could take place in the workplace.

· How would you protect against both identity theft and MAC spoofing?

· Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace.

· Include a whitelist of approved devices for this network.

· Are there any legal issues, problems, or concerns with your actions?

· What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns?

Step 3: Develop a Continuous Improvement Plan

"Continuous Improvement Plan" section

· Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks. Include the pros and cons of each type of wireless network, as well as WPA2.

· Define the scheme for using pre-shared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this?

· Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company.

Step 4: Develop Remote Configuration Management

"Remote Configuration Management" section

· Describe remote configuration management and how it is used in maintaining the security posture of your company's network.

· Describe how you would remove an undocumented device found on the company network.

· How would you show proof that the device was removed?

Step 5: Investigate Employee Misconduct

"Employee Misconduct" section

· Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company.

· How could this network contribute to the company infrastructure and how would you protect against those threats?

· Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented.

· How would you detect an employee connecting to a self-configuring network or an ad hoc network?

· How would signal hiding be a countermeasure for wireless networks?

· What are the countermeasures for signal hiding?

· How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not?

· How would you validate that the user is working outside of business hours?

Step 6: Analyze Wireless Traffic

"Wireless Traffic Analysis" section

· Include all screenshots requested in the lab document.

· List all of the IP addresses found within this packet capture.

· How can you modify the ngrep to include all IP addresses?

· Based on the filters you completed within this appendix, how many addresses were found, and what were those addresses?

· Which IP address had the highest count of request?

· Which IP had the highest request to the web server?

· Review the traffic between the web server and the IP address. Review the requests and determine what was requested.

· Analyze the details of the header and identify the file that was uploaded to the web server.

· Use the details you collected within this lab to create three Snort rules to detect the activity. Include those rules in this section.

Recommendations and Conclusion

References

NOTE: The idea is that you are preparing an Executive Summary as described in Step 1, and it is submitted as part of the CIR. 

So, four things appear in the deliverables list, but only three documents are submitted. The Executive Summary is included in the CIR.

Deliverables:

Executive Summary (which is included at the beginning of the CIR), Cybersecurity Incident Report (CIR), Executive Briefing, and Lab Report.

· Prepare Executive summary: This is a one-page summary at the beginning of your CIR.

· Submit Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.

· Submit Executive briefing: This is a three- to five-slide visual presentation for business executives and board members.

· Submit your Lab report: A document sharing your lab experience and providing screenshots to demonstrate that you performed the lab.