Cybersecurity Incident Report

Anonymous
timer Asked: Nov 7th, 2017
account_balance_wallet $35

Question description

Cybersecurity Incident Report

Cybersecurity Incident Report First Name Last Name University of Maryland University College Executive Summary Keep this summary to 1-page maximum! Write in past tense. Get right to the purpose of why the CIR was written and cover the main points of the report. In a few sentences give your overall conclusion. Cybersecurity Incident Report Give a very brief introduction to a major media and entertainment company for which you are the cybersecurity incident manager. Describe the purpose of this cybersecurity incident report (CIR) as a need to help the company leadership understand the technologies used in wireless networks and mobile device management. This CIR will educate them about threats, impacts, protections, and incident response strategies related to wireless, mobile, and bring your own device (BYOD) policies. Wireless and BYOD Security Plan Rogue Access Points Discuss the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Authorized Access Points Describe how to identify authorized access points within your network. Cyber Kill Chain Discuss how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. This framework/approach should be treated as your foundation for all wireless and BYOD-related problems within the network. Tracking Suspicious Employee Behavior Discuss identity theft and MAC spoofing. Can they happen in the workplace? How would you protect against both identity theft and MAC spoofing? Is it feasible to determine if MAC spoofing and identity theft has taken place in the workplace? How? Include a whitelist of approved devices for your company network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions of tracking a suspected employee? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Continuous Improvement Plan Wired Equivalent Privacy and Wi-Fi Protected Access Networks Describe and discuss wired equivalent privacy and Wi-Fi protected access (WPA) networks, to include WPA2. What are the pros and cons of each type of wireless network? Since WPA2 uses encryption to provide secure communications, define the scheme for using pre-shared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Comparative Analysis of Protocols Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of at least four protocols including the pros, cons, and suitability for your company. Remote Configuration Management Describe remote configuration management and discuss how it is used in maintaining the security posture of your company's network. Discuss a scenario of finding an undocumented device on the network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee's device. How would you show proof that the device was removed? Employee Misconduct Describe and discuss ad hoc wireless networks and identify the threats and vulnerabilities this type of network may present to your company. Can these networks contribute to the company infrastructure? Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. Discuss a scenario of discovering an employee that has recorded logins during unofficial duty hours. The employee has set up access through an ad-hoc wireless network. From your position as an incident manager, how would you detect an employee connecting to a selfconfiguring network or an ad hoc network? How would you validate that the user is working outside of business hours? How would you protect against this type of threat? Use notional information or actual case data and discuss. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? Conclusion This CIR helped educate company leadership about threats, impacts, protections, and incident response strategies related to wireless, mobile, and bring your own device (BYOD) policies. From here discuss your conclusions and recommendations…

Tutor Answer

Duke University

Attached.

Running Head: CYBERSECURITY INCIDENT REPORT

Cybersecurity Incident Report
First Name Last Name
University of Maryland University College

1

CYBERSECURITY INCIDENT REPORT

2

Executive Summary
As cyber securities incidences advance over the recent years and this has made
organizations to protect their sensitive data and systems. There is no organization regardless of
size and management is immune to cyber-attacks. Cybersecurity Incident report has played a
major role in the Sony Pictures Entertainment Inc. over a period. The report provides the
company, and its stakeholders with clear and greater understanding of cyber-attacks and the
organization should respond to the cybersecurity incidents. It is the role of the Cybersecurity
incident manager to identify and respond to any incident across the organization (Drew, J. 2012).
If these incidents are not identified at the right time, it can significantly compromise the business
operations and threaten information security. These incidents can include denial of services and
disrupting and theft of information by the external or internal personnel. The main goal to report
these incidents is to maintain confidentiality, integrity and the availability of information. The
report will ensure, and its clients understand the cybersecurity importance and various risks that
the company may encounter. The report also emphasizes the threats that the company encounters
such as an employee with a different mission in the company. It describes events and policies
related to wireless networking and BYOD.

CYBERSECURITY INCIDENT REPORT

3

Introduction
Sony Pictures Entertainment Inc. or cooperation is an American entertainment
corporation whose headquarter is based in Culver City, California, USA. This company deals
with various businesses such as customers and expert entertainment, gaming and various
electronics, production, acquisition, and distribution of filmed entertainment through different
platforms. Over several years it has been the leading entertainment company in the market.
Cybersecurity is a technique of protecting companies computers, programs, networks and data
from unauthorized persons especially those who aim at exploiting the company. The company
underwent a serious cyber-attack in 2014 (Reitinger, P., & United States, 2009). Since we live in
an increased networking environment, various cyber risks can endanger the companies economy.
As a result of this, the company requires a cybersecurity protection of infrastructure
improvements. Cybersecurity incident report enables company's management to understand the
purpose of a wireless network where they can remove them and associate them with other
wireless stations in the company thus enable them to balance act by weighing risk against the
cost that the company uses.
Develop a wireless and BYOD security plan
BYOD security plan is set by first identifying risk elements, form a committee to hold
BYOD and understand its risks, administering policies, estimate solutions made by committee,
implement answers and finally reassess solutions (Higgins, M., & Regan, M, 2016).
Wireless network faces threats through various ways especially to someone who attaches
the company wireless access point without legal authorization since wireless communications are
always done through broadcast over radio wire tappers who often listen to this transmission can

CYBERSECURITY INCIDENT REPORT

4

collect unencrypted information thus the company suffers a threat from sniffing to wiretappers.
The company can avoid this by installing a packet sniffer application that allows the capture of
all packets in a connection were by inspections can be done later. Moreover, wireless networks
face a threat caused by the denial of service attack whereby hackers jam or flood the network
with noises affecting wireless signals. A wrong constructed point can also be a threat that the
corporation faces and can be avoided, network abuse that gutter linking speed, delay and
consume bandwidth (Longo, B. 2013). A rogue access point is a wireless access point installed in
a network security without the awareness of the authority, and one can detect rogue access point
trough inspection of wireless intrusion detection system, skimming technologies work by
building an original database access point within the company and manually inspect the
skimming.
These skimming can be done through five stages the first stage is identifying the
company’s wireless device, despite the fact that it’s difficult to identify a wireless device to get
rid of if one lacks exact list about it. If not sure one can scan the whole environment and store its
inventory. An employee should also ensure that they secure their devices. The second step is
getting a skimming tool and correctly configure it by using a wireless scanner such as fluke
network air magnet and later alert all the functions. Step three decision should be made on where
to scan and later scan the entire environment of the corporation thus individual should pay
attention to the specific location he or she is skimming and locations whereby data is stored,
transmitted and processed should be regularly scanned. Step four is the remediation of any rogue
access point as not all alerts show important rogue since some may give false alerts. After
remediating it, the company should rescan the original cooperation. The fifth stage is by
maintaining a regular scan schedule this helps the cooperation to identify their weakness and

CYBERSECURITY INCIDENT REPORT

5

strengthen it thus reducing hackers, according to payment card industry data security standards
corporations should scan quarterly.
Since the evolvement of nature threats increases an organization requires an effective
method such as cyber kill chain. Cyber kill chain is a word adapted from a military concept that
shows the stages of cyberattacks starting from early investigation to the aim of information
exfiltration. Different seven stages are reconnaissance where emails and conference information
are harvested, and the second stage is weaponization where connection misuse are done
backdoor, and the third stage is delivery where armament bundles are delivered through email,
web or USB to the victim. The fourth stage is exploitation where susceptibility is subjugated to
implement codes on targets system. Installation is the fifth stage where malware is connected to
the sixth asset stage is command and control command channels are manipulated by victims, and
the last stage is action on objective where hackers accomplish their...

flag Report DMCA
Review

Anonymous
Thanks, good work

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors