Project 2: Assessing Information System Vulnerabilities and Risk

Step 1: Enterprise Network Diagram

In this project, you will research and learn about types of networks and their secure constructs that may be used in an organization to accomplish the functions of the organization’s mission. 

You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. You will discuss the security benefits of your chosen network design.

Read the following resources about some of the computing platforms available for networks and discuss how these platforms could be implemented in your organization:

• common computing platforms
• cloud computing
• distributed computing
• centralized computing
• secure programming fundamentals

Include the rationale for each of the platforms you choose to include in your network design.

Step 2: Enterprise Threats

Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report includes many security deficiencies that likely left OPM networks vulnerable to being breached.

In addition to those external threats, the report describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.

You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization.

Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?

Step 3: Scan the Network

You will now investigate network traffic and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Explore the tutorials and user guides to learn more about the tools to monitor and analyze network activities you will use.

You will perform a network analysis of the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. You will identify any suspicious activities on the network through port scanning and other techniques. Include this information in your SAR.

Complete This Lab

Resources

• Accessing the Virtual Lab Environment: Navigating UMGC Virtual Labs and Lab Setup
• Self-Help Guide (Workspace): Getting Started and Troubleshooting
• Link to the Virtual Lab Environment: https://vdi.umgc.edu/

Lab Instructions

• Network Analysis Lab (Nmap and Wireshark)

Step 4: Identify Security Issues

You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization’s network in a SAR.

Now it’s time to identify the security issues in your organization’s networks. You have previously learned about password-cracking tools; in this step, provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization?

Step 5: Firewalls and Encryption

Next, examine these resources on firewalls and auditing related to the use of the Relational Database Management System (RDBMS), the database system and data. Also review these resources related to access control.

Determine the role of firewalls, encryption, and auditing for RDBMS in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.

Reflect any weaknesses found in the network and information system diagrams previously created, as well as in your developing SAR.

Step 6: Threat Identification

Now that you know the weaknesses in your organization’s network and information system, you will determine various known threats to the organization’s network architecture and IT assets.

Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization?

• IP address spoofing/cache poisoning attacks
• denial-of-service attacks (DoS)
• packet analysis/sniffing
• session hijacking attacks
• distributed denial-of-service attacks

In identifying the different threats, complete the following tasks:

1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems, as well as the types of remediation and mitigation techniques available in your industry and for your organization.
2. Identify the purpose and function of firewalls for organization network systems and how they address the threats and vulnerabilities you have identified.
3. Discuss the value of using access control, database transaction, and firewall log files.
4. Identify the purpose and function of encryption as it relates to files, databases, and other information assets on the organization’s networks.

Include these in your SAR.

Step 7: Risk and Remediation

What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate and mitigate vulnerabilities.

Read this risk assessment resource to get familiar with the process, then prepare a risk assessment. Be sure to first list the threats, then the vulnerabilities, and then the pairwise comparisons for each threat and vulnerability. Then determine the likelihood of each event occurring and the level of impact it would have on the organization.

Include this in your risk assessment report (RAR).

Step 8: Creating the SAR and RAR

Your research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership.

Prepare a Security Assessment Report (SAR) with the following sections:

1. Purpose
2. Organization
3. Scope
4. Methodology
5. Data
6. Results
7. Findings

The final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment.

Prepare a risk assessment report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation.

Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings.

Include this high-level plan in the RAR.

Summarize the results you obtained from the OpenVAS vulnerability assessment tool in your report.The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
3. Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.

Submit your deliverables after reading the instructions below.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
• 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
• 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
• 1.4: Tailor communications to the audience.
• 1.5: Use sentence structure appropriate to the task, message and audience.
• 1.6: Follow conventions of Standard Written English.
• 5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines.
• 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology.
• 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
• 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
• 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.

Take Action

Submit your assignment to your instructor for review and feedback.

Follow these steps to access the assignment:

• Click My Tools in the top navigation bar.
• Click Assignments.
• Select the relevant assignment.