Start Here

Print Project

Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities.

The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:

1. Cybersecurity Risk Assessment including Vulnerability Matrix
2. Incident Response Plan
3. Service-Level Agreement
4. FVEY Indicator Sharing Report
5. Final Forensic Report

The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan.

The US reports data exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor.

Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: "I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it."

You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation's server is at risk.

"The report shows that the pattern of network traffic is anomalous," says the CISO. "And the point of origin is internal. Someone at the summit is involved in this."

Given the nature of the summit, participants understand that all nations have a common goal. "None of the FVEY members would have done this," says a colleague. "It's got to be the Russians or the Chinese. Friends don't read each other's mail."

The CISO says, "No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies."

Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.

Your CISO continues. "Let's get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that's part of what we're dealing with here? Or do you think there's more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event."

"Our systems went down due to this attack. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.

"Remember, no one is above suspicion—not even our allies. Got it?"

Everyone nods in agreement. The CISO says, "Good. Now get to work. I'm going to try to go back to sleep for a few hours."

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

Step 2: Identify Attack Vectors

Step 3: Discuss Attack Vectors and Known Attribution

Step 4: Analyze Attack Vectors and Known Attribution

Step 14: Conduct Wireshark Packet Capture Analysis

Step 15: Develop Final Forensic Report