In Project 3, your team is focused on preventing future incursions into the network and developing a business continuity plan to be deployed in case a breach occurs. There are 14 steps to be completed by the team, with the project culminating in the production of a video and forensics report that summarizes the lessons learned from the recent network breach. This project should take 14 days to complete. After reading the scenario below, proceed to Step 1 where you will establish your team agreement plan. Before the summit, each nation set up its own secure comms network. As summit events began, your team responded to anomalous network activity that was detected on your agency's server.Now, to make matters worse, the next day you awaken to the news that summit attendees are unable to get access to the confidential summit data needed for the conference. All of the computer screens show a pop-up message that says:"Your Computer has been involved in Computer Fraud Activity!!! and has been locked down by the FBI and the Justice Department. Unless you pay the sum of $500 (FIVE HUNDRED DOLLARS)—in Bitcoin you will be arrested immediately! You have 48 hours to pay up via email - fines@fbi.gov."Your CISO has called an emergency meeting with your team. She begins to speak to the group."We've just been hit with the Reveton ransom attack, which pretends to be a warning from a country's law enforcement agency. It locks you out of your PC and threatens criminal proceedings within 48 hours based upon very serious offenses. The message informs you that you can avoid prosecution by paying a fine to the attackers via Bitcoin. Based on the time of the incident, we believe that a single threat actor or group is responsible. This person or group is still unidentified."The CISO continues to brief you on the attack, confirming that no further information is known about the file, permissions, or tools used. Currently, systems show no signs of infection or additional malicious indicators.The attendees at the summit are divided on what should be done. Some of them want to pay the money—it's a small sum to be holding up the proceedings. However, cyber insiders know that once you pay a ransom, you set a precedent for further attacks since you appear vulnerable.In addition, you want to know how the attackers were able to infiltrate the system and plant the malware. What current protections are in place for systems at the summit? What methods and procedures are your team employing in response to the current attack? What is the plan if protections fall short? These are the questions pouring in from leadership, down to your CISO—and now, to you.Your CISO continues: "I need your team to provide a series of reports that will track this incident from start to recovery. Risk management briefings. Forensic reports. Situational reports. I need it all. They'll all come in handy when it's time to debrief our nation's leaders."CompetenciesYour work will be evaluated using the competencies listed below.1.8: Create clear oral messages.2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.6.4: Systems Life Cycle: Explain systems life cycle management concepts used to plan, develop, implement, operate, and maintain information systems.5.3: Demonstrate the appropriate use of multiple digital forensic tools and techniques for imaging.6.1: Knowledge of methods and procedures to protect information systems and data by ensuring their availability, authentication, confidentiality, and integrity.7.1: Develop, implement, and maintain business continuity planning.These are the part of this project that I'm responsible for;1. You've begun your response to the ransomware attack. Intelligence gathered from this investigation can be shared with the other nation teams so they can search through their systems to see if they have the same activity. As a team, you will now create documentation that can be used by others for threat information for investigations.Using this situational report template, create your first situational report (SITREP #1) of the initial findings, and steps that are going to occur with the identified indicators that were presented. This report will be given to the rest of the nation teams. Describe the ransomware malicious activities such as file system alterations, services, IP addresses, and any other indicator that can be used by affected communities to search within their own networks.The SITREP will be used for information sharing across nations/partner business operations. The SITREP should contain, but is not limited, to the following information:when the problem was first detected and by whomscope of the incidentindicators of compromise (IP address, file hash, protocols, registry edits)how it was contained and eradicatedThe findings will be used to supply a situation report to internal staff along with external agencies/nations that could be experiencing the same type of attack. This information will speed the process of the incident response team by narrowing the search for specific indicators, whether they are targeting individuals, vulnerabilities, or resources such as web servers, databases, or even phone lines. These reports also keep management apprised of what is occurring so leaders can continue to address questions..When you have finished gathering the initial information and have compiled the document, your designated team member should submit SITREP #1 for review and feedback. The SITREP #1 will be used in the intelligence briefing that you will develop in a later step.Submission for Group 4: Project 3: SITREP #1Previous submissions0Drop files here, or click below.Add FilesIn the meantime, a number of operations need to take place so you and your team members can understand the reasons behind the ransomware attack. Those operations will include several steps, including the creation of a business continuity plan (BCP), in which you will address supply chain risks and the software development life cycle. In a later step, you will conduct digital forensics exercises in the lab.For now, we will begin the first parts of the BCP. In the next step, you will examine software life cycle processes en route to creating a software development matrix—a key portion of the BCP and a component of the final forensic investigation report.2. Meanwhile, as you and your team have been working on the various parts of the overall analysis of the systems as a result of the attack, the CISO has been notified by credible sources that malware has been located inside the network. The CISO has also received new intelligence regarding the ransomware attacker's demands. The attacker has raised the ransom from $500 to $5,000 in Bitcoin per nation state. Conference participants are split on whether to pay the ransom. You know that this decision requires an understanding of virtual currency and the financial implications of virtual currency. While leadership is contemplating options, the CISO needs to act quickly to facilitate operations recovery.The CISO needs a report on findings and further indicators that can be shared with allies. The indicators can be found for each team in this malware indicator file. Based on the findings, the CISO would like your team to generate documentation regarding defense mechanisms needed to stop this style of attack. This documentation will be your second situation report, or SITREP #2.In one to two pages, SITREP #2 should describe threat information and any other information that fellow nations could use to speed their investigations. It will be used for information-sharing across nations/partner business operations and will help incident response teams and operations centers narrow their search based on findings. The report should include:when the problem was detected and by whomscope of the incidentindicators of compromise (IP address, file hash, protocols, registry edits)how it was contained and eradicateduser screen captures (e.g., error messages or dialog boxes)Take findings from all files, hashes, IP addresses, URLs and any other indicators presented and investigate while using the following files provided to you:this curated list of malware analysis toolsmalware identification examplesituation report templateThese findings will be used to determine what other evidence can be derived from evidence provided in the form of indicators and possible files.This data sharing checklist for submitting and sharing information is available for all to use as nations become confident sharing information with fellow countries at the summit. Review it to ensure that your nation is exercising best practices in information sharing. Providing too much information could pose a threat to the nation's cybersecurity posture.Your team's level of detail could be the difference between a benign incident and a catastrophic breach/mission critical resource failure.When you and the other team members have finished compiling the second situational report, the designated team member should submit SITREP #2 for review and feedback. Your SITREP #2 will be used in the intelligence briefing that you develop in a later step.In the meantime, the team is going to work on digital forensics to help identify sources of the attack. You'll work on a lab exercise in the next step.Submission for Group 4: Project 3: SITREP #23. Your nation's technical staff expects you to report on all summit events once you return to your nation's capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, and SITREP 2.Each team member should develop his or her own briefing and submit independently. You may, however, use your team's discussion area to share your findings with your peers.Refer to the CISO Deliverable Overview for a full list of requirements for the debriefing.When you have completed your Intelligence Debriefing, submit it for feedback. The next step will be one of reflection, in which you will create a presentation on what you and your team members have learned from the ransomware attack and the mitigation and recovery activities that followed.Submission for Group 4: Project 3: Intelligence Debriefing

The objective is to perform the same tasks; first, by issuing SQL commands, and then by using MS Access (use the graphical interface to perform the tasks).Part A SQL (70%); by following the detailed instructions you will Create a table, Insert data into that table, and use Select commands to select and display data from the table.Submit one Word document, which includes the text of the SQL commands, and screen captures of the commands along with the Web site's feedback.Part B MS Access (30%): use MS Access to create the same tables, load the same content and perform the same Queries.The MS Access database is submitted.Two files will be submitted – a word document for Part A and an Access database for Part B.

Mackita, M., Shin, S.-Y., & Choe, T.-Y. (2019). ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing. Future Internet, 11(9), 195. Retrieved from  https://doi.org/10.3390/fi11090195 Puchley, T., & Toppi, C. (2018). ERM: Evolving From Risk Assessment to Strategic Risk Management. HFM (Healthcare Financial Management), 1–5. After reading the articles this week, please answer the following two questions. What are some of the potential risks involved with cloud computing? Does the research and model in this article propose a viable solution to cloud-based risk management? Reply: 1)With the knowledge of benefits, many of the companies were adopting cloud computing technology in moving the data to clouds. As there are no proper risk management processes directly for cloud computing, it illustrates numerous risks that are unidentified. In that unauthorized access to the customer data and business data is one of the potential risks involved with cloud computing (Fu & Liu, 2017). As cloud services of all kinds of organizations aggregate data from various sources, it pushes into the security risks where it will be a potential target for the attackers. They take it as a target and allows some inside threats by taking the control of data access. Compliance and legal risks are some of the risks that can be noticed with cloud computing. Transferring the data to the third party will not be protective which allows others to access the data. There is a chance to increase the threats for data confidentiality which is related to cloud computing. There is a need of having some private cloud for an organization in order to manage their sensitive data. Lack of privacy is one of the barriers that could be seen in cloud computing. This service allows many of the users to access the data which limits privacy. Loss of IT controls and governance in the organization under using the cloud services will increase the risks for data interception in the method of authentication and in the process of transmission (Gao, 2018). Moreover, lack of standards regarding data control with incomplete concerning securities will bring the risks for the company where it fails in data security and privacy. Loss of control on the cloud providing services will surprise the users with their costing prices that make to lose the access of confidential data locally in a safe manner. Jurisdictional issues and lack of standardization will also raise some risks within the use of cloud computing. This article introduces the enterprise risk management method (ERMOCTAVE) with objectives and strategies to resolve cloud-based risks (Santos et al., 2017). 2) Cloud computing is a technology that is used for adopting programs with recognizing traditional risk management. Some potential risks are included in cloud computing required for IT services. The major risk is unauthorized access of customers and business data is part of reaching their goals. Breach in the organization is an easy process that increases capable of protecting their data. Cloud services will increase the values of the business model by determining a potential target. A third-party server is a process of hacking the data with accessing system and government policies (Church et al, 2020). An email server is a problem with maintaining the critical services that will increase risks in an organization. Compliance and legal is lead to risks in an organization with regulates data security. This process is used for different types of industries to maintain data security regulations. But sometimes this process leads to a lack of control over data. Cloud services provided for increasing technologies with help of transferring the information. Protecting data with help of specific technologies among the control of services. Availability risks are provided for improving cloud services with maintaining internet access in business. cloud computing risks are a devastating breach in an organization (Samea, Azam et al., 2020). That increases risks are available in cloud services that increase associate legal information. There are propose of viable solution that is important for developing cloud-based risk management. This process of a business model is required for improving risk assessment at management. The Decision-making process is evaluated for improving analyze with using machine learning techniques. Cloud service providers the aggregated risk in an organization. That is secure with help of developing a business model. There are associated methods that are adopting cloud computing to protect the information. The impact of assessment in cloud computing is provided for improving prototypes with increase decision making process (Yinghui Zhang et al., 2020). Data protection is related to develop the regulations and policies in an organization.