6 pages IT work needed by friday
Arun1990
Team-Project.docxInstructions:
*** Need task completed for D's portion of the project:
3-pages for a SAR;
3-pages for an AAR
covering the topic "Assessing Suspicious Activity" ***
Team e-mail discussing Instructions about the Project:
Team,
I was talking with Team member #2 in class today and the outlines don't match up to the assignment. I propose we write in the order of the assignment and each do 3 pages for each paper. The SAR will be the assessment prior to implementation of our recommendations and the AAR is the assessment afterwards. The breakdown will look like this:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
If we each do 3 pages we will hit the 15 required. I can put it all together and edit if needed, and someone else or I can do the PowerPoint.
Thanks,
Team Lead
------------------------------------------------------------------------------------------------------------------------------
Team Lead,
Based on the reading of our assignments, I see that there are only 4-roles in the assignment (see bold below). My understanding is that you need me to write up 3 pages on "the cyber threats and vulnerabilities that are facing the US critical infrastructure" (separate from the SAR and AAR); 3-pages for the SAR, and 3-pages for the AAR. If this is the case, what role do you want me to write up for the SAR and AAR? Also, we are not to follow the SAR and AAR outlines?
Roles:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
Thanks,
D
-------------------------------------------------------------------------------------------------------------------------------------
D,
The two outlines are nearly identical for different projects. Team member #3, Team member #4, and I are on board with writing to the tasks vs the outline. If you agree, the task you will do is Task 2 for the Project 4. This task is called "Assessing Suspicious Activity" and we will need 3 pages on this for the SAR and 3 pages for the AAR.
Thanks,
Team Lead
-------------------------------------- SEE PROJECT DETAILS BELOW-----------------------------------------------
US critical infrastructure-power—water, oil and natural gas, military systems, financial systems—have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the Internet and other digital controls systems. The lesson learned in defending and mitigating cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing is key for success and survival.
This is a group exercise, representing collaboration across all sectors, to support and defend US critical infrastructure. In the working world, a team like this would include some agencies, some industrial partners, and some private sector corporations. Each organization has different strengths and skills, different access to information, and different authorities to report to. When the sectors work together and leverage resources and skills, the result is that everyone benefits from the defense and protection of US IT infrastructure. In your teams, you can model the same collaboration, leveraging each other's expertise, sharing each other's knowledge, teaching each other, and providing contributions specific to your role in the scenario.
· Financial Services Representative: special task in Step 3
· Law Enforcement Representative: special task in Step 4
· Intelligence Agency Representative: special task in Step 5
· Homeland Security Representative: special task in Step 6
There are seven steps that will help you create your final deliverables. The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This report should be a 3 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 5 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
3. This is a 5-8 slide PowerPoint presentation for executives along with a narrated or In-Class Presentation summarizing your SAR and AAR report.
Step 1: Establishing Roles
As described in the scenario, you will be working in a small team (usually five members). Your instructor has provided an area for your group discussions, collaboration, and file sharing. Take some time to learn about your teammates (introductions, LinkedIn profiles and bios) to understand the experience and expertise of the team members.
Studies on teamwork outline the typical team stages of forming, storming, norming, and performing (see Tuckman, Bruce W. (1965), "Developmental sequence in small groups," Psychological Bulletin, 63, 384-399.) This guidance on teamwork may be helpful.
In order to do well, you and your team members must start communicating or "forming" immediately and discuss how you will divide the work. Review the project and if you have portions of the work that play well to your strengths, make this known to your team members. Then develop a project plan and schedule to get the work done.
Finally, agree on a communications plan, which allows your team members to know where the project stands. During this stage, you may have disagreements or differences of opinion about roles and division of work. This is a normal aspect of "storming."
Once you start agreeing on roles and tasks, you are well on your way to "norming." You should settle on a collaboration space and share drafts of your work in your classroom team locker so your team members and the instructor can see the work progression. All team members must contribute, but the deliverables need to be cohesive. Therefore, each of you will need to review each other's work and help each other.
While you may have to use collaborative tools outside the classroom, maintain the key documents in the respective team project locker in the classroom. Your team will use this area to establish ground rules for communication and collaboration. Team members will gain an overview of the entire project, establish roles, agree on the division of work, and complete and sign the Team Project Charter.
If you decide to use Google Docs for your collaborative work, you could also choose a Google drive with appropriate sharing with your team members and your instructor, and provide information on this in your team locker. Part of teamwork is looking at each other's work and providing constructive feedback and improvements.
If you sense problems during your team communications sessions, discuss risk management and project adjustments your team may need to make. If you sense trouble, contact your instructor and request intervention as soon as you recognize issues.
After the plan is completed, elect one person to attach or link the final document to the team project locker. This step should have been completed early in the term between Weeks 2 and 4.
Setting up the team roles and expectations is an important part of this project and completing the charter is critical to the project's success. When you have completed this important step, move to the next step.
Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It's time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure. Begin by selecting the following links to brush up on your knowledge:
1. network security
2. mission critical systems
3. penetration testing
To be completed by all team members: Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative: Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector.
To be completed by all team members: Provide submissions from the Information Sharing Analysis Councils related to the financial sector. You can also propose fictitious submissions. Also, review the resources for Industrial Control Systems, and advise the importance of them to the financial services sector. Explain the risks associated with the Industrial Controls Systems.
Step 4: Law Enforcement
To be completed by the Law Enforcement Representative: Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector.
Step 5: The Intelligence Community
To be completed by all team members: Provide an overview of the life cycle of a cyber threat. Explain the different threat vectors that cyber actors use, and provide a possible list of nation-state actors that have targeted the US financial services industry before.
Review this threat response and recovery resource and use what you learned from the resource to provide or propose an analytical method in which you are able to detect the threat, identify the threat, and perform threat response and recovery. Identify the stage of the cyber threat life cycle where you would observe different threat behaviors. Include ways to defend against the threat, and protect against the threat. Provide this information in the SAR and AAR.
To be completed by the Intelligence Community Representative: Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure. Include this information in the SAR and AAR.
Step 6: Homeland Security
To be completed by the Homeland Security Representative: Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.
To be completed by all team members: Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector. These reports will be part of an overall risk assessment, which will be included in the SAR and AAR.
Review and refer to this risk assessment resource to aid you in developing this section of the report.
Step 7: The SAR and AAR
All team members: After you compile your research, and your own critical assessments and analysis, determine which information is appropriate for a Security Assessment Report (SAR) that will be submitted to the White House, and an After Action Report (AAR) that will be submitted to the rest of the analyst community.
1. Prepare your SAR for the White House Cyber National Security Staff, describing the threat, the motivations of the threat actor, the vulnerabilities that are possible for the threat actor to exploit, current and expected impact on US financial services critical infrastructure, the path forward to eliminate or reduce the risks, and the actions taken to defend and prevent against this threat in the future.
2. Prepare the AAR. This knowledge management report will be provided to the cyber threat analyst community, which includes the intelligence community, the law enforcement community, the defense and civilian community, the private sector, and academia. The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.
The deliverables for this project are as follows:
2. After Action Report (AAR): This report should be a 3 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
3. A 5-8 slide PowerPoint presentation for executives along with narration or In-Class presentation by each team member summarizing a portion of your SAR and AAR report.
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
· 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
· 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
· 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
· 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team.
· 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.
