15 pages paper

Anonymous
timer Asked: Nov 21st, 2016

Question description

This is Incident Response Project

- Please read the instruction in " Group Project One " pdf, it is the main file you'll work on it.

- I uploaded the templates and informations " samples " that might help you for this project as well

- Be Aware this project is about 15 "250" words each

- I Only Need well organized Report so please Read " Deliverables of the Team Project – Report Deliverables " from part 1 to part 6 carefully

Then going through,

3.Project Specifications

4.Data Center Architecture

5.Data Center Diagram

6.Information Technology Department / a.Information Technology Department Organization Chart / b.FinanceDepartmentOrganizationChart / c.Operations Department Organization Chart / d.InformationDepartmentOrganizationChart

7.Security Concerns/Requirements

8.Recent Threats Faced by the Company

Then only left is designing " for example project team leader > team leader > team members. something like that it's a hierarchy.

For the designing the flow charts, Network Diagrams, use " Visio software"

Use Microsoft Office " word document " to do this project please.

i've got a 3 videos uploaded here via google account link so please try at least to catch the format of the whole project that my friend took in class while our instructor was talking ^.^

link Video 1: Video Incident Response 1

link Video 2: Video Incident Response 2

link Video 3: Video Incident Response 3

Note: I know it's hard to see but at least you can see the format of the project how it's looks like.

This project is fully Report wth designs and charts along with network diagrams.

I'm Here to provide you more with informations, use the videos to know the full idea of the project after reading the project itself.

Note: Do NOT create a software or powerpoint, i only need Word Document 15 to 20 or more pages that has all these mentioned above in it as it needed to be done in the project along with charts and designs, network diagrams.

I took the videos when my instructor showed us how the project looks like so you can get a lot of information for what it's look like, i mean the format, designs, network diagrams, charts .. etc similar in the video and don't forget to add the Table for Risk Assessment and table for BIA " Business impact analysis



HIGHER COLLEGES OF TECHNOLOGY Computer and Information Science Non-Exam Based Assessment Cover Sheet Course Code CSF 3103 Date Submitted Assessment Type / Weight Team Project (30%) College /Department Semester Course Title IR/DR Submission Due Date 21 s t April, 2016 Marks Granted % /100 Instructor 201520 Student Section # This assessment will assess the following Course learning outcomes: CLO1 CLO Mapping CLO2 CLO3 CLO4 X X X Academic Honesty: • • • • • • The entire project/case study/poster is designed and developed by me (and my team members). The proper citation has been used when I (and my team members) used other sources. No part of this project has been designed, developed or written for me (and my team members) by a third party. I have a copy of this project in case the submitted copy is lost or damaged. None of the music/graphics/animation/video/images used in this project have violated the Copy Right/Patent/Intellectual Property rights of an individual, company or an Institution. I have the written permission from people who are featuring in this project. 1 Student Name & Signature Date: Student Name & Signature Date: Student Name & Signature Date: Student Name & Signature Date: 2 Table of Contents 1. Instructions: ........................................................................................................................................................4 2. Team Project Description: ..................................................................................................................................4 3. Project Specifications ..........................................................................................................................................7 4. Data Center Architecture ....................................................................................................................................7 5. Data Center Diagram ..........................................................................................................................................9 6. Information Technology Department ...............................................................................................................10 a) Information Technology Department Organization Chart ...........................................................................10 b) Finance Department Organization Chart ......................................................................................................11 c) Operations Department Organization Chart ................................................................................................11 d) Information Department Organization Chart ...............................................................................................12 7. Security Concerns/Requirements .....................................................................................................................13 8. Recent Threats Faced by the Company ............................................................................................................13 9. Resources Required for the Practical implementation.....................................................................................14 a. VmWare Workstation 11.0 ...............................................................................................................................14 b. Windows Server 2012 Standard Edition Operating System .............................................................................14 c. FreeNas Open Sources NAS server ...................................................................................................................14 10. Report Assessment Criteria ..........................................................................................................................15 11. Project Demonstration Rubric (Individual) ...................................................................................................17 12. Project Groups ..............................................................................................................................................19 3 CSF 3103: Principles of Incident Response and Disaster Recovery Developing Contingency Plan within Information Security/Systems Team Project 1. Instructions: • • • • • • You will be required to work in learning teams in this course. I will assign teams during week 1 and will group you into teams of approximately 3-4 people. I expect each learning team to work independently. I will be an observer of all of the learning teams. If your team has a question for me, please send an email to your teacher. I will assess the degree to which each person contributed to the learning team effort via documenting the meeting minutes on a regular basis. In other words, if your team decides to hold a meeting using Instant Messaging, Email, or phones then your team must post the minutes of that meeting to the Learning team area (a folder created on your desktop computer). Failure to hold meeting minutes will reflect your grade. This project will constitute of 30% of your total final grade. The project will be divided in to the following: A) CP Plan Report (20%) Please you are required to follow the APA formatting B) DR Implementation (Practical = RAID 5 & NAS Server Clustering) 10% 2. Team Project Description: Each Learning Team will be responsible for preparing a Contingency plan within Information Security to include the following subordinate functions: Business Impact Analysis, Incident Response Plan, and Disaster recovery/Business Continuity Plan for XYZ Organization. The plan will consist of a minimum 15 page (250 words per page) document. In addition, the Learning Team will perform a 15-30 minute Microsoft PowerPoint presentation explaining the Plan. In particular, the practical part (Clustering Strategy) 4 Deliverables of the Team Project – Report Deliverables DEVELOPING CONTINGENCY PLAN WITHIN INFORMATION SECURITY/SYSTEMS TEMPLATE A Contingency Plan attempts to identify potential risks to a business enterprise, proactively determines the best response to such risks and details how the enterprise will recovery from the risk and resume normal business operations. A Contingency Plan should include the following content: Part 1: Introduction (Parts from 1 through 5 = 20%) A) Purpose of Plan B) Scope (boundaries of the CP) effective CP plan begins with effective policy. The purpose of this policy is to define the scope of the CP plan. Refer to page 55 as an example. C) Goals and Objectives (refer to NIST CP template)* D) Planning Methodology (use NIST.ORG) E) Critical Success factors (refer to NIST CP Template)** Part 2: Building the CPMT, IRT, and DRT • Form and Structure the CPMT (Contingency Planning Organizational Chart) to include names/titles and roles/responsibility and task assignments. Primarily the IR team and the DR team. You can derive it from the virtual organization. (Refer to page 51) Part 3: BIA (Business Impact Analysis) • Use Template provided (sp800-34-rev1_bia_template) Part 4: Incident Response Plan (IRP) • • Develop IR Planning Policy (See Page 136) Develop the IR plan to include: A) Include the four phases of IRP life cycle (Describe each one briefly). B) Describe the three sets of incident-handling procedures (During the Incident, after the Incident, before the incident). Use two or three attack success end case duing the Incident (Page 140) C) Tools rcommended for use by incident handlers (Page 148) D) Training the end user. See example of IR Plan (Page 153) E) Detecting Incidents techniqus or strategies (consider notification from IDPS is a must) IDPS Network, host, application Placement (use diagram to show where you would place your network-based IDPS) 5 Part 5: BRP [Business Resumption Plan] • • • Consider budgetary commitment to Disaster Recovery Develop the BR Planning Policy Statement (Pages 379, 380, 381) Identify Preventive controls (Refer to Part 6) *Data Storage and recovery techniques *Disaster Prevention Measures including Fault Tolerance*** the following are examples (see chapter 3) A) Transaction Journalizing and rollbacks B) Database Shadowing or mirroring C) RAID technologies D) Network redundancy (routers, etc.) E) POWER (Redundant UPS Power Supply) F) Business continuity: Site resumption strategies: Hot, cold, warm, mirrored, mobile, shared sites. Part 6: Disaster Recovery Implementation Document (Practical Part): RAID 5 & NAS Clustering (10%) Disaster Recovery Implementation: Requirements Document Draw a Logical diagram of DR setup Draw a physical diagram of DR setup Design an IP address scheme for DR devices Naming convention of DR devices Installation and configuration of Windows Domain Controller Installation and configuration of RAID 5 on DR devices Configuration of Storage on FreeNAS device Configuration of iSCSI on Windows servers Installation and configuration of Cluster on DR devices Testing of DR operations 6 3. Project Specifications Company XYZ is a software company which consists of 1500 total staff, employed at the headquarters and other branches across the country. Its business model relies on electronic transactions with key customers and suppliers. Company XYZ uses a BizTalk Server implementation for its transactions. Company XYZ uses BizTalk Server to manage transactions and communications between internal and external applications. Company XYZ communicates with approximately 85 internal applications and 2300 trading partners. It currently processes approximately 2.5 million documents per month, and estimates that it will process 6 million documents per month by the end of 2016. 4. Data Center Architecture Company XYZ has installed all the products from Microsoft, which includes domain controllers, file servers, print servers and exchange server. All products are licensed and number of licensed purchased are enough for the company employee strength. Company XYZ uses BizTalk Server as a message broker to communicate between internal applications and to process, send, and receive correctly formatted messages to and from its suppliers and customers. Company XYZ has to process internal and external documents in different formats. This includes flat files and XML documents. Company XYZ uses a single firewall to separate its corporate computers from the Internet. As an added layer of security, Company XYZ incorporates Internet Protocol security (IPsec) communication between all its corporate servers and workstations that reside within the corporate network. Company XYZ uses IPsec to encrypt all communications within its internal domain. Company XYZ uses a file share server to receive flat files. This file share server resides outside its corporate network and domain. A firewall separates the file share server from the corporate network. Company XYZ's external partners post their flat file documents on this file share server, and they communicate with the file share server through an encrypted Point-to-Point Tunneling Protocol (PPTP) pipeline. Company XYZ protects access to the file share server by partner passwords that expire every 30 days. Company XYZ has created a custom file-movement application that retrieves the flat file documents from the file share server and sends them to BizTalk Server for additional processing. The internal applications for Company XYZ also use the custom file-movement application to pass flat files to Application Server, transforms these documents and sends them to Company XYZ's trading partners. Before BizTalk Server transforms the partner data to the internal application formats, it validates that it has an entry for the sender, receiver, and document type. If BizTalk Server receives a message for which it does not have an entry for either the sender, receiver, or document type, BizTalk Server rejects the message, and the operations team of Company XYZ review the message. The internal applications send messages in a variety of formats. Company XYZ also receives documents through HTTP from internal and external sources. External partners post their documents to a Web server outside the corporate network. A firewall separates this Web server from the corporate network. The custom file-movement application also retrieves the documents posted through HTTPS. Company XYZ uses a third-party product to encrypt and sign messages 7 to its trading partners. As an additional piece of security, Company XYZ performs a nightly audit on all the servers to make sure they have the correct security settings. Company XYZ logs all exceptions for review. Company XYZ uses a Microsoft Exchange server to exchange emails internally and externally. A mail exchange relay is installed outside the firewall to receive emails, check for any virus infection and then move the message to the internal exchange server. An antivirus software is installed on the exchange relay to do the virus check. Outlook web access (OWA) is provided to all the internal users to use the email system outside the company using Microsoft Outlook software installed on their laptops. 8 5. Data Center Diagram 9 6. Information Technology Department Company XYZ has an IT department which takes care of the data center, network infrastructure, Application servers, software and user support. The IT department does not employ any specialized security specialists, however, it relies on the network engineers to look after security issues. Company is willing to spend considerable amount in hiring new staff for information security. The company realize that the information security is more important than responding to an incident and loosing important data. An organization chart of the company is shown below. a) Information Technology Department Organization Chart CEO Assisstant CFO COO CIO 10 b) Finance Department Organization Chart CFO Mgr. Accounting Controller Admin Asst. Senior Accountant Audit Supv. Accountant Auditor Accountant Auditor Mgr. Marketing Sr. Auditor Exec. Asst Markeing Spec. PR. Coordinator c) Operations Department Organization Chart COO HR Consultant Admin Asst. Mgr. Marketing Mgr. Corp. Security Exec. Asst. Admin. Asst. 11 d) Information Department Organization Chart CIO Mgr. Systems Mgr. Applications Mgr. Help Desk Senior Help Desk Administrator Senior Help Desk Administrator Mgr. Networking Senior System Admin. Senior Systems Developer Third Shift Supv. Systems Admin. Systems Dev. Help Desk Tech. Help Desk Tech. Help Desk Tech. Senior Network Tech. Second Shift Supv. Senior Network Admin Systems Dev. Senior Help Desk Administrator Help Desk Tech. Help Desk Tech. Network Tech. Admin Asst. Intern Senior Help Desk Administrator Help Desk Tech. Help Desk Tech. Admin Asst. Admin Asst. Senior Help Desk Administrator Exec. Asst Admin Asst. Networking Architect Intern 12 7. Security Concerns/Requirements Company XYZ wants to make sure that it receives and processes only messages from authenticated sources. Company XYZ also wants to make sure that it can receive and retrieve documents from outside its corporate network as safely as possible. The firewall that separates Company XYZ's corporate network from the Internet only lets through traffic from port 80 and port 443. The firewall rejects all other traffic. Company XYZ also wants to make sure that their email system is not hacked or cracked because they heavily rely on the email messages from clients to process their transactions. Company XYZ also want to protect its data regarding its employees, customers, transactions, financial and other documents related to business by implementing proper RAID system and cluster systems in the data center. Company XYZ wants to look at the Cloud Computing and Virtualization solutions for the safety and availability of their data. Company XYZ wants to make sure that the employees use encrypted USBs only, they would like to distribute the digital certificate using the domain controllers. Company XYZ also wants to implement backup process to secure all critical data of the business. Company XYZ would like to implement physical security as well and central monitoring system. 8. Recent Threats Faced by the Company Following are the recent incidents faced by the company few months ago. 1. The help desk person realized that someone is sending emails from the CIO account, he suspected an email hack and escalate the Incident to the network team. The CIO assistant had access to the email account but she was not present in the office at the time of the email sent. The CIO was also at home and enjoying dinner with his family. The network team did its own checkup and concluded that email has been initiated by the director account and it’s a legitimate email and not hacked. Since the company do not have an information security team, they could not figure out on who has sent the email to the system and the case was closed. 2. The helpdesk team reported that one of the core switch failed to respond in the middle of the day, when most of the transactions were processing. A redundant switch is running in the datacenter and suppose to take over if one of one fails, but it did not happen. An application team member examined the situation and figured out that the problem in the server connection did not force the redundant switch to take over. However, it took him long time to fix the issue, which resulted in many transaction failure and loss of revenue. 3. Many of the employees in the company report virus threats and assume hacking and cracking. Therefore they have started copying their important data on the USB hard Drives and keep them in their laptop bags in case of emergency. The employees are allowed to bring in the USB flash drives, USB hard Drives and any other media into the company. 13 4. The company personal security officer reported that he has spotted a person roaming in the office area. This person does not seem to be an employee or any partner vendor engineer or support. He reported the issue to the management and the person was just asked to leave the premises without any interrogation. The management is concerned about the physical security of the company. They are concerned on privacy, identity theft, social engineering and physical theft of any device. 5. One of the female employee reported that another colleague is harassing her by sending personal emails. The company management intervened and gave warning to the employee if this is reported again he will be fired. However, the employee threatened the management if they fired him he will sue the company and fight for his rights. 9. Resources Required for the Practical implementation a. VmWare Workstation 11.0 b. Windows Server 2012 Standard Edition Operating System c. FreeNas Open Sources NAS server 14 10. Report Assessment Criteria Cover Sheet & Table of contents Organization Mechanics Introduction Form CPMT Form and Organize IRT Form and Organize DRT BIA 0 point No cover page No table of contents Good organization; points are logically ordered; sharp sense of beginning and end No spelling errors No introduction No CPMT team is formed No IRT is formed No DRT is formed No BIA is included 1 point 2 points 3 points 4 points Score Criteria Cover page with major errors TOC with major errors Organized; points are somewhat jumpy; sense of beginning and ending Cover page with minor errors TOC with major errors Cover page with minor errors TOC with minor errors Cover page with no errors TOC with no errors 4 Some organization; points jump around; beginning and ending are unclear Poorly organized; no logical progression; beginning and ending are vague Good organization; points are logically ordered; sharp sense of beginning and end 4 Only one or two spelling errors Introduction is well written More than two spelling errors Introduction is well written Introduction include only Purpose, Scope, and Goals & Objectives. CPMT team is formed with minor errors IRT is formed with minor errors and no roles DRT is formed with minor errors and no roles defined BIA has been conducted, somewhat clear and include some of the Numerous spelling errors distract from understanding Introduction is well written Introduction include only Purpose, Scope, Goals & Objectives, methodology. No spelling errors 4 Introduction includes only Purpose and Scope. CPMT team is formed with major errors IRT is formed with major errors and no roles DRT is formed with major errors and no roles defined BIA has been conducted, not clear and includes some of the criteria Introduction is well written Introduction include Purpose, Scope, Goals & Objectives, methodology and critical success factors. 4 CPMT team is formed with no roles defined CPMT team is formed with detailed roles defined 4 IRT is formed and roles are clearly defined IRT is formed and roles are clearly defined 4 DRT is formed and roles are clearly defined DRT is formed and roles are clearly defined 4 BIA has been conducted, mostly clear and include major criteria BIA has been conducted, very clear and include all of the criteria is included 4 Incident Response Plan IRP does not include any of the project requirements. IRP is developed and includes only one objective. No attack scenario No Plan technique and strategy DRP/BCP/BRP DR/BCP Plan has NOT been developed or poorly written with no requirements DR/BCP Plan has been developed with 2 or 3 requirements. Conclusion Conclusion is not documented properly References No references cited at all DR Implementation No DR Implementation done Budgetary, policy, preventive controls, DR strategy, one DR scenario, site resumption, DR maintenance and training. Conclusion is documented with zero recommendation or feedback References are NOT well cited or formatted and includes less than 2 citations DR Implementation done with fewer components criteria IRP is developed and includes two or more objective. Include attack scenario. No plan technique and strategy DR/BCP Plan has been developed and met only 3 or 4 requirements, budgetary, policy, preventive controls, fault tolerance, One DR scenario, site resumption, DR maintenance and training. Conclusion is documented with only one recommendation or feedback References are NOT well cited or formatted and includes less than 4 citations DR Implementation done with more than fewer components IRP has been developed and include all objectives Include attack scenario Include plan technique and strategy and incident handling IRP has been developed and include all objectives Include attack scenario Include plan technique and strategy and incident handling with examples 4 DR/BCP Plan has been developed and met only 4, or 5 requirements: budgetary, policy, preventive controls, fault tolerance with at least three technologies, DR strategies and scenario, site resumption, DR maintenance and training. Conclusion is documented with only two recommendations or feedback DR/BCP Plan has been developed and met the 6 requirements: budgetary, policy, preventive controls, fault tolerance with at least three technologies, DR strategies, DR scenario, site resumption, DR maintenance and training. 4 Conclusion is documented with minimum of three recommendations or feedback to company 4 References are well cited or formatted and includes less than 6 citations References are well cited and includes minimum of 6 citations. 4 DR implementation done with all components but not functional DR implementation done with all components and fully functional 14 Total Points /60 11. Project Demonstration Rubric (Individual) Student Name: CATEGORY Demo: Introduction Demo: Behindthe-Scenes Demo: Windows Demo: Cluster ______________________________ ID No.: ______________________ Excellent - 5 Demonstration provides a clear introduction to the project idea. Project Title and Aims are clear. Satisfactory - 3 Unsatisfactory 1 was Demonstration provides an unclear No introduction introduction to the project idea. provided to demonstration. Project title and aims are not clear. Not aware of project details. A verbal behind-the-scenes description is provided during the demonstration. The use of an Operating System, cluster, NAS? Demonstration provides a limited discussion on the behind-thescenes systems. Not provided clear discussion of Operating Systems, Cluster or NAS. No behind-the-scenes discussion was provided to accompany demonstration. A Clear Demonstration is provided for topology, connections, IP addresses and domain configuration. Demonstration provides limited information on topology, connections, IP addresses and domain configuration. Demonstration do not provide proper discussion on topology, connections, IP address and domain configuration. A clear demonstration is provided on cluster configuration including iSCSI, quorum, shared storage, and health check. Demonstration provides limited information on cluster configuration including iSCSI, quorum, shared storage, and health check. Demonstration do not provide information on cluster configuration including iSCSI, quorum, shared storage, and health check. . Score /5 /5 /10 /10 Demo: NAS Demo: Application A Clear Demonstration is provided for NAS configuration, including adding a storage device, allocation, and configuration for Windows server 2012. Demonstration provides limited discussion on NAS configuration, including adding a storage device, allocation, and configuration for Windows server 2012. Demonstration do not provides clear discussion on NAS configuration, including adding a storage device, allocation, and configuration for Windows server 2012. Demonstration covers all major features of the proposed application from a user standpoint, including multiple user accounts and both text and binary data types. Application is fully functional. Demonstration provides a shallow overview of your application. Or, some application features were incomplete and not available for demonstration, such as multiple user accounts or text and binary data types. No demonstration was provided or the application is non-functional. Total Score INSTRUCTOR’S SIGNATURE: ________________________ DATE: _______________ Project Report Marks /60 Demonstration Marks /50 Total Project Marks % /10 /10 /50 12. Project Groups Domain Names and IP Addresses Name ID Group Project Number Domain Name IP Addresses G1 1 GroupOne.com 192.168.10.0/24 G2 2 GroupTwo.com 192.168.11.0/24 G3 1 GroupThree.com 192.168.12.0/24 G4 2 GroupFour.com 192.168.13.0/24

Tutor Answer

(Top Tutor) Studypool Tutor
School: UC Berkeley
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors