Organizational/ industrial assignment | Operations Management homework help

Project 4: Attack Vector Solutions
Start Here
Attack Vector Solutions
[Music]
As you complete your morning login routine, you notice an urgent
message from John, the chief technology officer.
“See Me ASAP!!”
You grab your tablet and stylus and rush to John’s office.
John gives you a friendly greeting as you enter his office, but he looks
concerned.
“Good morning,” John says. “I appreciate you dropping everything and
coming by so quickly. I need your help with a high-level matter. Top
executives are meeting to prepare for the quarterly meeting with the
board of directors. They would like to review the current vulnerabilities
and threats that the organization has in regards to our technology,
people, and cybersecurity policies. The board will also be asking about
our ability to educate the organization’s population on not only our
policies and practices, but also the need for them. I need to prepare a
presentation for the board meeting. However, I have several other
urgent matters to oversee.”
John continues, “I need you to prepare my presentation by reviewing
common attack vectors, analyzing our vulnerabilities, and preparing
recommendations on what we should do to protect ourselves. In
addition, I need a brochure to show the board what we are doing to
educate the organization on these issues. I need this review in two
weeks.”
You are grateful for John’s trust in allowing you to put together his
presentation for the board, and now you’re eager to show that his faith
in you is justified.
You will have to combine your technical and research abilities to come
up with the recommendations, and present them in a professional
manner.
[Music]
Organizations must implement countermeasures to protect information
and data that are vulnerable to cyberattacks. As new security threats
are introduced, these countermeasures must be evaluated and
improved.
This is the final of four sequential projects. In this project, you will
investigate common types of cyberattacks and possible solutions,
evaluate the costs of implementing identified countermeasures, and
communicate the recommended solution to a nontechnical audience.
You will present to management the most likely attack vectors against
your organization and suggest solutions ranked by cost and
effectiveness. You will also suggest how the mix of identified state and
nonstate actors should affect policy-maker decisions and policy
development for critical infrastructure protection.
There are 14 steps in this project. Begin by reviewing the project
scenario and then proceed to Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
 5.2: Examine architectural methodologies and components used
in the design and development of information systems.
 6.2: Create an information security program and strategy, and
maintain alignment of the two.
 7.2: Evaluate international cybersecurity policy.
 7.3: Evaluate enterprise cybersecurity policy.
 8.2: Evaluate specific cybersecurity threats and the combination
of technologies and policies that can address them.
Step 1: Define Vulnerabilities, Threats, and Risks
Vulnerabilities, threats, and risks are important to understand in order
to evaluate and ultimately improve security posture by mitigating risks.
Your organization’s security posture will determine its cybersecurity
policies. Assessing risk is key in this process.
Define vulnerability, threat, and risk. Consider their relationship to one
another and how they relate to the security of networks and data.
You will use this information to complete your vulnerability assessment.
Review topics as needed from previous projects: creating a
program, systems, utilities, and applications software, and interaction
of software.
Step 2: Identify Examples of Vulnerabilities, Threats, and
Risks
In the previous step, you familiarized yourself with the concepts of
vulnerability, threat, and risk. You now understand their relationship to
one another and how they relate to security. In this step, you are going
to identify at least two examples of a vulnerability, two examples of a
threat, and two examples of a risk in each of the following categories:
 technology
 people (human factors)
 policy
Identify a minimum of 18 examples. This will assist you in conducting
the vulnerability assessment and developing the educational brochure.
Review topics such as basic elements of communication and computer
networks.
In the next step, you will look more closely at current vulnerabilities and
threats.
Step 3: Identify Current Vulnerabilities and Threats
After defining and identifying examples of vulnerabilities, threats, and
risks in the first two steps, you should understand the basic concepts of
vulnerabilities and threats as they apply to general cybersecurity.
However, vulnerabilities and threats are dynamic: They can evolve with
changes in technologies, changes in adversary capabilities or
intentions, or changes in human behaviors and organizational policies.
It is important to understand current vulnerabilities and threats and
their applicability to the larger community as well as to your
organization (e.g., critical infrastructure protection), so that you can
make informed recommendations on how/whether to mitigate them.
Identify current known vulnerabilities and threats that could affect your
organization. The vulnerabilities and threats that you identify will be
necessary for your final presentation.
List a minimum of two current known vulnerabilities and threats
involving the following:
 people (human factors)
 technology
 policy
When complete, move to the next step, where you will take part in a
simulation.
Step 4: Vulnerability Assessment and Operational Security
eLearning Module
To prepare for the upcoming vulnerability assessment, you will practice
in a simulated environment with the Vulnerability Assessment and
Operational Security eLearning Module. You will learn how to maintain
effective audit, risk analysis, and vulnerability assessment practices in
a fictional scenario. You will also review risk and vulnerability analysis
tools. You may want to review some topics from earlier
projects: network devices and cables and network protocols.
Take notes during the simulation as the information will be helpful
during your own vulnerability assessment in Step 7. Specifically note
the major components of cybersecurity architecture, architectural
methodologies for the physical structure of a system’s internal
operations and interactions with other systems, and architectural
methodology standards that are compliant with established standards
or guidelines.
When you have completed the simulation, move to the next step, when
you will consider attack vectors.
Step 5: Identify Attack Vectors
Attack vectorsare the means by which vulnerabilities are exploited and
threats realized. As a result, understanding attack vectors is critical to
developing impactful mitigations. Identify applicable attack vectors, the
weaknesses exploited, and the means used to gain access based on
the vulnerabilities and threats identified in Step 2. Also note the
common types of cyberattacks.
The attack vectors and weaknesses that you identify will be necessary
for your vulnerability assessment and final presentation. You may want
to review some topics from earlier projects: a closer look at the World
Wide Web  web markup languages , and web and internet services.
Identify attack vectors and weaknesses exploited via the following:
 hardware
 software
 operating systems
 telecommunications
 human factors
In the next step, you will take a closer look at the importance of
attribution.
Step 6: Examine and Identify Known Attributes
Attribution is often difficult, if not impossible, to identify. One reason is
the anonymity afforded by the internet. Another reason is the potential
sophistication of malicious state actors and nonstate actors who are
able to disguise themselves and/or exploit an innocent and often
unknowing computer user to achieve their goals.
Attribution is desired because knowing who is behind an exploit can
provide insight into the motivations, intentions, and capabilities of
threat actors. Understanding attack vectors used by threat actors
provides key insights that help to build stronger defenses and construct
better policy management.
To complete your vulnerability assessment, you will need to first do the
following:
 From the attack vectors identified in the previous step, determine
if attribution is known for the threat actor (e.g., name of nation
state, nonstate and/or hackers and threat actors) most likely
involved in exploiting each weakness.
 Categorize the threat actor(s) based on attribution for previous
exploits, likely targets, and rationale(s) for targeting/exploitation
(e.g., profit, political statements, extortion, etc.).
In the next step, you will compile your findings from the past few steps
on a spreadsheet.
Step 7: Submit a Vulnerability Assessment Spreadsheet
From the results of Steps 4, 5, and 6, develop and submit a
spreadsheet that includes the following:
 characterization of current and emerging vulnerabilities and
threats
 identification of the attack vector(s) employed against each
 your assessment (high, medium, or low) of the impact the
vulnerability could have on your organization
Make sure to address security architectures, including components,
specifications, guidelines, standards, technologies, etc. Also consider
international threats and attack vectors. This assessment will be
included in your final presentation.
Submission for Vulnerability Assessment
Previous submissions
0
Drop files here, or click below.
Add Files
In the next step, you will consider ways to address the vulnerabilities
and threats identified.
Step 8: Identify Countermeasures
Now that you have assessed your organization’s vulnerability, you are
ready to identify possible countermeasures. Identify specific
countermeasures that will address the vulnerabilities/threats to your
organization that you summarized in the previous step.
Review best practices as well as any published mitigations for the
specific weaknesses identified. Include both cyber defenses and, as
appropriate and legal in the United States, cyber offenses (cyber
offensives/warfare). Make sure to address key cybersecurity
technologies, methodologies, standards, and legal compliance.
Record the findings to be included in your upcoming white-paper
resource for the final presentation.
You will need to figure out the cost of your security solutions, and you
will do that in the next step.
Step 9: Determine the Cost of Security Solutions
Once you have identified possible countermeasures for your
organization, you will need to determine their cost. Discuss the relative
financial impact of these countermeasures, considering appropriate
technology and policy changes to address cyberthreats at the
enterprise, national, and international levels as a result of procurement,
implementation, and maintenance. Also consider the policy and
technology trade-offs at each level.
Rank the countermeasures according to cost and effectiveness.
Record your findings to be included in your upcoming white-paper
resource for your final presentation.
In the next step, you will be asked to consider how successful your
mitigations will be.
Step 10: Assess the Potential Success of Mitigations
Now that you have identified countermeasures and their costs, develop
an assessment of the likelihood of success of the mitigations when
implemented as you prescribe. Criteria to be considered should include
the following:
 ease of implementation (technically as well as from a policy
perspective)
 ease of adoption by the workforce
 impact on ability to perform the organization's work (e.g., is
productivity affected are additional steps required that impede
workflow?)
 record of success of this mitigation on the same/similar weakness
 cost (as a factor of the overall budget of the organization, e.g.,
will significant trade-offs have to be made in order to invest in this
solution?)
 leadership support
Record the findings to be included in your upcoming white-paper
resource for the final presentation.
Step 11: Submit the Countermeasures White Paper
Compile your findings from the last three steps and submit a three-
page paper that describes the countermeasures, cost, and potential
challenges with implementing them in your organization. This paper will
provide much of the basis for your final presentation. Make sure to
include the following:
 critical issues in cybersecurity management and technology
policy
 principles of cyber warfare theory and application (cyber
offensives/warfare)
 various concepts of enterprise cybersecurity
 cybersecurity standards organizations
 key initiatives in international cybersecurity policy advances
Submit your paper for feedback.
Submission for Countermeasures White Paper
Previous submissions
0
Drop files here, or click below.
Step 12: Summarize the Solutions
In order to develop recommendations to include in your presentation,
you must prepare your solutions. Summarize recommended solutions
to mitigate the vulnerabilities and/or threats as identified in Step 10,
with at least two recommendations each in the categories of people,
technology, and policy. Rank your recommended solutions by both
cost and effectiveness. You will use this solutions summary to develop
your recommendations in your final presentation.
Step 13: Develop Your Security Recommendations
Your presentation will also need to consider an overall security
strategy. Develop the overall way forward for your company that
includes an explanation of the current security environment in your
organization, identification of security vulnerabilities and threats,
explanation of attack vectors, and recommended solutions. Refer
specifically to the information prepared in Steps 4 through 12. Your
recommendations must meet the following criteria:
 coincide with IT vision, mission, and goals
 align with business strategy
 incorporate all internal and external business functions within the
organization’s security program
 create an organizational structure, if it does not already exist, to
operate the security program and align it with the entities of the
organization as a whole
 include a rough implementation plan
 evaluate the effectiveness of the security program
These recommendations will be the focus of your presentation.
Step 14: Submit the Presentation
You now have the information needed to develop the slide presentation
that John requested for senior management. The presentation should
clearly explain current known weaknesses in your organization’s
security (to include people, technology, and policy) that could result in
successful exploitation of known vulnerabilities and/or threats.
Develop a narrated slide presentation of 16 to 20 slides that concludes
with the recommended way forward (e.g., continue to accept risks,
accept some risks (identify them), mitigate some risks (identify them),
mitigate all risks, etc.).
Submit your presentation for review when complete.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below,
which your instructor will use to evaluate your work. A good practice
would be to use each competency as a self-check to confirm you have
incorporated all of them. To view the complete grading rubric, click My
Tools, select Assignments from the drop-down menu, and then click
the project title.
 5.2: Examine architectural methodologies and components used
in the design and development of information systems.
 6.2: Create an information security program and strategy, and
maintain alignment of the two.
 7.2: Evaluate international cybersecurity policy.
 7.3: Evaluate enterprise cybersecurity policy.
 8.2: Evaluate specific cybersecurity threats and the combination
of technologies and policies that can address them.
Submission for Cybersecurity Recommendations
Presentation