Wilmington University Computer Security Incident Response Team Paper

User Generated

nxva

Computer Science

Wilmington University

Description

Understand CSIRT process and be able coordinate and respond to CERT.

Understand and be able to apply Zero Trust to an environment

Unformatted Attachment Preview

Zero Trust Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access. The term was coined by a security analyst at Forrester Research (Forrester 2017) Over the next two weeks, you will be a security consultant hired by a mobile bank. The bank is not "Brick and Mortar" they are online only. Your job is to write a proposal for them to implement a Zero Trust environment. (both internal and external networks cannot be trusted) • • • • • • Identify Your Sensitive Data Map the Data Flows of Your Sensitive Data Architect Your Network Create Your Automated Rule Base Continuously Monitor the Ecosystem For this assignment, a minimum of 50 PowerPoint slides. APA style applies. CSIRT - Computer Security Incident Response Team CSIRT - "One particular organizational entity that may be established to help coordinate and manage the incident management process in an organization is a computer security incident response team" (us-cert.gov) The team's mission is to focus on minimizing damage, and recovering quickly. Responsibility: Collects and analyzes all evidence, determines root cause, directs the other security analysts, and implements rapid system and service recovery CSIRT incident handling activities include: • • • • • • • • determining the impact, scope, and nature of the event or incident understanding the technical cause of the event or incident identifying what else may have happened or other potential threats resulting from the event or incident researching and recommending solutions and workarounds coordinating and supporting the implementation of the response strategies with other parts of the enterprise or constituency,1 (Links to an external site.) including IT groups and specialists, physical security groups, information security officers (ISOs), business managers, executive managers, public relations, human resources, and legal counsel disseminating information on current risks, threats, attacks, exploits, and corresponding mitigation strategies through alerts, advisories, Web pages, and other technical publications coordinating and collaborating with external parties such as vendors, ISPs, other security groups and CSIRTs, and law enforcement maintaining a repository of incident and vulnerability data and activity related to the constituency that can be used for correlation, trending, and developing lessons learned to improve the security posture and incident management processes of an organization For your assignment, you work in the information security department of a hospital. You are responsible for all CERTs that are reported at the national level that impact the hospital's systems/infrastructure. You will be responding to this vulnerability listed below. : https://www.kb.cert.org/vuls/id/119704/ (Links to an external site.) Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability Following the guidelines in the syllabus, document who, what, and how the CSIRT will respond to this CERT. You can approach this as a bullet point format with steps/roles or in research paper form all in APA format. I want to be able to see that you understand the different facets of incident response. Main focus: Understand CSIRT process and be able coordinate and respond to CERT. • Short paper on topic (4-5 pgs)*
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Find attached work. Please let me know if everything is ok. I will be happy to help with more assignments in the future. Thank you. Goodbye for now.

objectives
 Identify Your Sensitive Data
 Map the Data Flows of Your Sensitive Data
 Architect Your Network

 Create Your Automated Rule Base
 Continuously Monitor the Ecosystem

Agenda
 3 Tier Architecture
 History of Zero Trust
 Definition of Zero Trust and key terms

 Current events related to Zero Trust
 Challenges I’ve experienced with Zero Trust
 My suggestions to successfully embrace Zero Trust

Introduction
 Zero Trust, Zero Trust Network, or Zero Trust

Architecture refer to security concepts and threat
model that no longer assumes that actors, systems or
services operating from within the security perimeter
should be automatically trusted, and instead must
verify anything and everything trying to connect to its
systems before granting access. The term was coined
by a security analyst at Forrester Research

Architecture

3-Tier Architecture

PCI, HIPAA, PII, PHI,
FISM, Company
Competitive Data

Web Tier

Corporate
Network
App Tier

Database Tier
3rd Party Partner

Internal Users

Active
Directory

Challenges

 Limited visibility once traffic is Trusted
 Lack of enforcement options in Trusted zones
 Typically relied on layer-4 enforcement
 Application designs increasingly diverge from 3-tier topology
 Cloud offerings move critical data to offsite locations making perimeter protections useless
 BYOD increases risk of introducing threats inside Trusted zones
 External connections are difficult to control once given access to any internal Trusted

resource

Breaches since 2010…

 Your smartphone or mobile device of choice is

increasingly going to become your ID and secure
access to resources across the enterprises you work for.
 Passwords have proven to be ineffective in thwarting
the most common source of breaches, which is
privileged credential abuse.
 Enterprise executives interviewed for two completely
different studies reached the same conclusion:
 IT infrastructure will be much safer once passwords
are gone.

 While 95% of enterprise executives say they have

multi-factor authentication (MFA) implemented,
a little more than half of their users are using it.
 Senior security executives say they doubt the security
benefits (36%), expense (33%), and the decision that
users don’t access sensitive information (45%), making
MFA pointless.

 86% of senior security executives would dump

password use as an authentication method if they
could.
 In fact, nearly half of those surveyed cited eliminating
passwords as a way to cut almost half of all breach
attempts.
 Perceived security shortcomings are a key reason why
almost three-quarters of these security leaders say
they’re actively looking for replacements for passwords
for authentication.

 62% of the senior security execs reported extreme

user irritation with password lockouts.
 The percentage of respondents who reported extreme
user frustration at password lockouts rose to 67% at
companies with more than 5,000 employees.

Zero Trust Fundamentals

Untrusted

Zero Trust Fundamentals
 All resources are accessed in a secure manner regardless of location.
 Access control is on a “need-to-know” basis and is strictly enforced.
 Verify and never trust.
 Inspect and log all traffic.
 The network is designed from the inside out.

Zero Trust Terminology
 Segmentation Gateway (SG) – High speed security device providing Firewall, IPS,

WAF, NAC, VPN and Encryption services
 Microcore and Perimeter (MCAP) – Physically segmented by SG interface zone that

shares similar functionality and global policy attributes
 Data Acquisition Network (DAN) – Facilitates the extraction of network data –

typically, packets, syslog, or SNMP messages to a central inspection point
 MGMT Server – Backplane that acts as a jump host in separate MCAP for management

of devices

Segmentation Gateway (SG)
• Next Generation Firewall

• Spec’d to handle very high throughput
• Virtual offering to suppor...


Anonymous
Really useful study material!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags