Would need a helping hand for the following. PFA for questions

User Generated

xvpxsbezvpx

Computer Science

Description

Topic is Veterans Administration (VA)

IN EVERY DOCUMENT THE TOPIC IS Veterans Administration (VA)

GROUP RISK ASSESMENT NEED HELP IN FILLING TABLE IN THE DOCUMENT

INCIDENT RESPONSE HAS TO BE WRITTEN BASED ON THE TOPIC

You can use the following links for reference

http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf

http://www.va.gov/oig/pubs/VAOIG-11-01823-294.pdf

https://www.va.gov/oig/pubs/VAOIG-13-01391-72.pdf

https://www.va.gov/oig/pubs/VAOIG-16-01949-248.pdf

Unformatted Attachment Preview

Risk Assessment In this assignment, you will perform a qualitative risk assessment, using a template that has been provided below. Your last assignment in the course will be to take one of these risks and develop a section for your Incident Response Plan or Disaster Recovery Plan that address that risk. 1. Groups will work on a risk assessment using one of the agencies as assigned, below: Organization National Aeronautics and Space Administration (NASA) Veterans Administration (VA) Securities and Exchange Commission (SEC) USPS Office of Personnel Management (OPM) FTC Link to Audit Reports http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf http://www.va.gov/oig/pubs/VAOIG-11-01823-294.pdf https://www.va.gov/oig/pubs/VAOIG-13-01391-72.pdf https://www.va.gov/oig/pubs/VAOIG-16-01949-248.pdf Groups 1, 8, 15 2, 9, 7 3, 10 http://www.sec.gov/about/offices/oig/reports/audits/2013/512.pdf https://www.uspsoig.gov/sites/default/files/document-library-files/2015/usps_cybersecurity_functions.pdf https://www.uspsoig.gov/document/mobile-system-review https://www.uspsoig.gov/sites/default/files/document-library-files/2017/IT-AR-17-007.pdf https://www.uspsoig.gov/sites/default/files/document-library-files/2015/usps_cybersecurity_functions.pdf https://www.opm.gov/our-inspector-general/reports/2016/federal-information-security-modernization-act-auditfiscal-year-2016-4a-ci-00-16-039.pdf https://www.opm.gov/our-inspector-general/reports/2015/federal-information-security-modernization-act-audit-fy2015-final-audit-report-4a-ci-00-15-011.pdf https://www.opm.gov/our-inspector-general/reports/2016/federal-information-security-modernization-act-auditfiscal-year-2016-4a-ci-00-16-039.pdf https://www.ftc.gov/system/files/documents/reports/oig-fy-2016-independent-evaluation-federal-trade-commissionsinformation-security-program-practices/oig_fisma_evaluation_fy_2016_redacted.pdf https://www.oversight.gov/sites/default/files/oig-reports/OIG%20FISMA%20FY%202017%20%20FINAL%20REDACTED%203-8-2018.pdf 4, 11 5, 12, 14 6, 13 You will read through the report and look for findings and recommendations from the GAO’s audit of the agency’s security practices. Your job will be to develop a risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below: Threat Origination Category Threats launched purposefully Threats created by unintentional human or machine errors Threats caused by environmental agents or disruptions Type Identifier P U E Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category. Some threat types are more likely to occur than others. The following table takes threat types into consideration to help determine the likelihood that vulnerability could be exploited. The threat table shown in Table 2-2 is designed to offer typical threats to information systems and these threats have been considered for the organization. Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are. Threat Name ID T-1 T-2 Type ID Description Typical Impact to Data or System Confidentiality Alteration Audit Compromise U, P, E P Alteration of data, files, or records. An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event. Also applies to a purposeful act by an Administrator to mask unauthorized activity. Integrity Availability Modification Modification or Destruction Unavailable Accurate Records Threat Name ID Bomb T-4 Communications Failure T-5 Compromising Emanations T-7 T-8 Description Typical Impact to Data or System Confidentiality T-3 T-6 Type ID Cyber Brute Force Data Disclosure Data Entry Error T-9 Denial of Service T-10 Distributed Denial of Service Attack P U, E An intentional explosion. Integrity Availability Modification or Destruction Denial of Service Cut of fiber optic lines, trees falling on telephone lines. Denial of Service Disclosure P Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information. Disclosure P Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities. Disclosure P, U An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration. Also used in instances where misconfiguration or the lack of a security control can lead to the unintentional disclosure of data. U Human inattention, lack of knowledge, and failure to cross-check system activities could contribute to errors becoming integrated and ingrained in automated systems. Denial of Service P An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems. Denial of Service P An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems. Modification or Destruction Denial of Service Modification Threat Name ID Type ID Description Confidentiality E T-11 Earthquake Seismic activity can damage the information system or its facility. Please refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF081128_v1.1.pdf . T-12 Electromagnetic Interference E, P Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra-high frequency (UHF) communications devices (jamming) or sun spots. T-13 Espionage P The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information . T-14 Fire T-15 Typical Impact to Data or System Floods Integrity Availability Destruction Denial of Service Denial of Service Disclosure Modification Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires. Destruction Denial of Service Destruction Denial of Service E Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation should be considered. Modification or Destruction Unavailable Accurate Records E, P T-16 Fraud P Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system. T-17 Hardware or Equipment Failure E Hardware or equipment may fail due to a variety of reasons. T-18 Hardware Tampering P An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides. Disclosure Denial of Service Modification Denial of Service Threat Name ID Type ID Description Typical Impact to Data or System Confidentiality Integrity Availability Denial of Service Hurricane E A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities that house the information systems. Destruction T-19 T-20 Malicious Software P Software that damages a system such a virus, Trojan, or worm. Modification or Destruction Denial of Service Modification or Destruction Denial of Service P Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source. Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information. E Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout). An error in procedures could result in unintended consequences. This is also used where there is a lack of defined procedures that introduces an element of risk. Disclosure Modification or Destruction Denial of Service Violations of standard procedures. Disclosure Modification or Destruction Denial of Service T-21 Phishing Attack T-22 Power Interruptions T-23 Procedural Error U T-24 Procedural Violations P T-25 Resource Exhaustion U T-26 Sabotage P T-27 Scavenging P Disclosure Denial of Service An errant (buggy) process may create a situation that exhausts critical resources preventing access to services. Denial of Service Underhand interference with work. Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data. Modification or Destruction Disclosure Denial of Service Threat Name ID T-28 Type ID Description Typical Impact to Data or System Confidentiality Severe Weather E Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornados, or snowfall. Integrity Availability Destruction Denial of Service T-29 Social Engineering P An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities. T-30 Software Tampering P Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions. Modification or Destruction Modification or Destruction T-31 Terrorist P An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations. T-32 Theft P An adversary could steal elements of the hardware. P An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state). E Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo should be determined when considering the probability of local transportation accidents. T-33 T-34 Time and State Transportation Accidents Disclosure Denial of Service Denial of Service Disclosure Modification Denial of Service Destruction Denial of Service Threat Name ID Type ID T-35 Unauthorized Facility Access P T-36 Unauthorized Systems Access P Description Typical Impact to Data or System Confidentiality Integrity Availability An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability. Disclosure Modification or Destruction Denial of Service An unauthorized user accesses a system or data. Disclosure Modification or Destruction Analyze Risk The risk analysis for each vulnerability consists of assessing security controls to determine the likelihood that vulnerability could be exploited and the potential impact should the vulnerability be exploited. Essentially, risk is proportional to both likelihood of exploitation and possible impact. The following sections provide a brief description of each component used to determine the risk. Likelihood This risk analysis process is based on qualitative risk analysis. In qualitative risk analysis the impact of exploiting a threat is measured in relative terms. When a system is easy to exploit, it has a High likelihood that a threat could exploit the vulnerability. Likelihood definitions for the exploitation of vulnerabilities are found in the following table. Likelihood Low Medium High Description There is little to no chance that a threat could exploit vulnerability and cause loss to the system or its data. There is a Medium chance that a threat could exploit vulnerability and cause loss to the system or its data. There is a High chance that a threat could exploit vulnerability and cause loss to the system or its data. Impact Impact refers to the magnitude of potential harm that could be caused to the system (or its data) by successful exploitation. Definitions for the impact resulting from the exploitation of a vulnerability are described in the following table. Since exploitation has not yet occurred, these values are perceived values. If the exploitation of vulnerability can cause significant loss to a system (or its data) then the impact of the exploit is considered to be High. Impact Low Medium High Description If vulnerabilities are exploited by threats, little to no loss to the system, networks, or data would occur. If vulnerabilities are exploited by threats, Medium loss to the system, networks, and data would occur. If vulnerabilities are exploited by threats, significant loss to the system, networks, and data would occur. Risk Level The risk level for the finding is the intersection of the likelihood value and impact value as depicted the table depicted below. The combination of High likelihood and High impact creates the highest risk exposure. The risk exposure matrix shown in the table below presents the same likelihood and impact severity ratings as those found in NIST SP 800-30 Risk Management Guide for Information Technology Systems. Impact Likelihood High Medium Low High High Medium Low Medium Medium Medium Low Low Low Low Low Risk Assessment Results This section documents the technical and non-technical security risks to the system. Complete the following risk assessment table, ensuring that you have addressed at least 10 risks. You will be graded on your ability to demonstrate knowledge that the risks are relevant to the company you have identified, as well as that the security controls are appropriate to the controlling the risks you have identified. The following provides a brief description of the information documented in each column: ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Identifier: Provides a unique number used for referencing each vulnerability in the form of R#-Security Control ID. Source: Indicates the source where the vulnerability was identified (e.g., System Security Plan or Audit.) Threat: Indicates the applicable threat type from the table of threats.. Risk Description: Provides a brief description of the risk. Business Impact: Provides a brief description of the impact to the organization if the risk is realized. Recommended Corrective Action: Provides a brief description of the corrective action(s) recommended for mitigating the risks associated with the finding. Likelihood: Provides the likelihood of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. Impact: Provides the impact of a threat exploiting the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. Risk Level: Provides the risk level (high, Medium, low) for the vulnerability. This is determined by applying the methodology outlined in Section 3 of this document. Your deliverables, as a team, will consist of the following 2 documents (and presentation): 1. You will complete and submit the following completed table for grading. Organization/Agency Selected: Organization/Agency Mission: Identifier R-01. R-02. R-03. R-04. Source Audit Threat ID Risk Description Business Impact Recommended Corrective Action T-1, T-8, T23, T24, T-36 Notification is not performed when account changes are made. The lack of notification allows unauthorized changes to individuals who elevate permissions and group membership to occur without detection. Enable auditing of all activities performed under privileged accounts in GPOs and develop a process to allow these events to be reviewed by an individual who does not have Administrative privileges. Likelihood Impact Risk Level Medium Medium Medium Organization/Agency Selected: Organization/Agency Mission: Identifier R-05. R-06. R-07. R-08. R-09. R-10. R-11. R-12. R-13. R-14. Source Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level Organization/Agency Selected: Organization/Agency Mission: Identifier R-15. Source Threat ID Risk Description Business Impact Recommended Corrective Action Likelihood Impact Risk Level Incident Response Paper Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections: • • • • • • • Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? Training: specify a training frequency Plan testing: How (and how often) will you test the plan? Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. Incident Notification: What happens when an incident is detected? Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens. In this section, address the following subsections specific to your risk that you are identifying. o Preparation o Detection and Analysis o Containment o Eradication o Recovery and Post-Incident Activity (see Appendix A) Note: there are several scenarios in the appendix of the NIST document. You can use, for instance, Scenario 11: Unknown Wireless Access Point to help develop the response procedures for wireless access, as an example. Use any of these to help flesh out your procedures but the procedure you agreed to use must be one that addresses a risk you identified in your Risk Assessment. Grading Criteria Criteria Document is at least 5 - 7 double-spaced pages. Paper is well-written with minimal typing, spelling, or grammatical errors. 10% Required sections (above) are appropriately addressed. 25 points (5 each), 50 points for the Procedures Section. 75% Procedures provide sufficient information to enable recovery and mission restoration. 15%
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Similar Content

Related Tags