USA: +1(669)289-8683 
Sign in
In Project 3, your team is focused on preventing future incursions into the network and developing a business continuity plan to be deployed in case a breach occurs. There are 14 steps to be completed by the team, with the project culminating in the production of a video and forensics report that summarizes the lessons learned from the recent network breach. This project will take 14 days to complete. After reading the scenario below, proceed to Step 1 where you will establish your team agreement plan.
Before the summit, each nation set up its own secure comms network. As summit events began, your team responded to anomalous network activity that was detected on your agency’s server.
Now, to make matters worse, the next day you awaken to the news that summit attendees are unable to get access to the confidential summit data needed for the conference. All the computer screens show a pop-up message that says:
“Your Computer has been involved in Computer Fraud Activity!!! and has been locked down by the FBI and the Justice Department. Unless you pay the sum of $500 (FIVE HUNDRED DOLLARS)—in Bitcoin you will be arrested immediately! You have 48 hours to pay up via email – fines@fbi.gov.”
Your CISO has called an emergency meeting with your team. She begins to speak to the group.
“We’ve just been hit with the Reveton ransom attack, which pretends to be a warning from a country’s law enforcement agency. It locks you out of your PC and threatens criminal proceedings within 48 hours based upon very serious offenses. The message informs you that you can avoid prosecution by paying a fine to the attackers via Bitcoin. Based on the time of the incident, we believe that a single threat actor or group is responsible. This person or group is still unidentified.”
The CISO continues to brief you on the attack, confirming that no further information is known about the file, permissions, or tools used. Currently, systems show no signs of infection or additional malicious indicators.
The attendees at the summit are divided on what should be done. Some of them want to pay the money—it’s a small sum contrasted with holding up the proceedings. However, cyber insiders know that once you pay a ransom, you set a precedent for further attacks since you appear vulnerable. Also, there is no certainty that paying the ransom will unlock the system. Hackers are not the most honorable of people.
In addition, you want to know how the attackers were able to infiltrate the system and plant the malware. What current protections are in place for systems at the summit? What methods and procedures are your team employing in response to the current attack? What is the plan if protections fall short? These are the questions pouring in from leadership, down to your CISO—and now, to you.
Your CISO continues: “I need your team to provide a series of reports that will track this incident from start to recovery. Risk management briefings. Forensic reports. Situational reports. I need it all. They’ll all come in handy when it’s time to debrief our nation’s leaders.”
Project 3: LockdownStep 4: Begin BCP: Investigate Software Assurance, Supply Chain Risks, Software Development Life Cycle Processes
Now that the first SITREP is complete, it’s time to take a step back and look at the processes that led to the ransomware attack. How did the malware get here? Is the supply chain safe? Who was the vendor, and how was the vendor vetted?
As a cyber professional, you know that high-profile cyberattacks that cripple the supply chains of prominent companies show that the point of entry for hackers is often through the weakest link in the supply chain.
That’s why it’s important to look at your team’s software, the supply chain, and the development processes—all components in a business continuity plan (BCP). Ensuring appropriate security controls are implemented and integrated in the system development life cycle and included in the comprehensive BCP is a critical step in finding out what happened, why it happened, and how you can keep it from happening again.
This BCP will be used to help the CISO identify current systems and timelines that will be used to bring systems back online and review the sequence of events that occur during BCP operations.
Begin this step by identifying the specific
software assurance
needs and expectations of the organization. The needs and expectations that you identify in this step will be used in the Software Development Life Cycle Assessment. For a refresher, refer to this information on
software development security
.
In this step, you will research and analyze issues in
supply chain risk management
(SCRM) in order to make informed decisions in the future regarding the selection of products. Identify the supply chain risks and challenges for your organization. Next, conduct research to determine other options that are available for consideration. The vulnerabilities and alternatives that you identify in this step will be used in the Software Development Life Cycle Assessment, which you will submit in the next step.
Research and analyze the processes used by your organization’s
software development life cycle
(SDLC). After you identify the existing processes, research alternatives that could be considered for optimization of security and efficiency. The processes and alternatives that you identify in this step will also be used in the Software Development Life Cycle Assessment, which will be part of the BCP that you will submit in a future step. You will assess the life cycle of software development in the next step.
Step 6: Develop Software Development Matrix Template
Now that you have completed an assessment of the software development life cycle, you will research open source, commercial, and internally developed software methodologies available to the organization to fulfill future software assurance needs and expectations. You will use this information to develop your one-page Software Development Matrix, a component of the BCP.
Using this
software development matrix template
, develop and submit a matrix that compares and contrasts open-source, commercial, and internally developed software development methodologies. Evaluate each alternative to help inform your final recommendation. Consider cost, software assurance needs and expectations, software assurance objectives, and the merits of a software assurance coding and development plan. This matrix will provide options to be considered for evaluation of maintenance in the next step and will also be used in your final project briefing, with a look at improving the process for the future. Commit to accurate and complete findings for a fully accountable final project briefing.
In addition to the BCP, the matrix will be included in the cyber operations and risk management briefing, which you develop later in the project. At this point, you should have several of the components of the BCP to submit in the next step of the project.
Project 3: LockdownStep 8: Submit IT Operations and Risk Management Briefing
As a synthesis of all prior steps in this project, you will now develop and submit the first component of your deliverable to your CISO: the Cyber Operations and Risk Management Briefing. The briefing will consist of a written evaluation and video presentation. Each team member should develop his or her own briefing and submit independently. You may, however, use your team’s discussion area to share your findings with your peers. Refer to the
CISO Deliverable Overview
for a full list of requirements for the briefing.
Research and evaluate the maintenance requirements for each option identified in the software development matrix you submitted in the previous step. What resources and processes are required for each option? You should also address the schedule to implement the recommended software and identify any potential impacts to the mission, any vulnerabilities or risks, and the likelihood of success.
Your video presentation should brief organizational stakeholders on your research, evaluation of alternatives, and recommendations.
Submit your briefing for review and feedback.
To submit your briefing:
- Follow the instructions below to submit the written portion of your briefing.
- How to submit the video: To submit the video, you may either upload it to OneDrive using your UMGC account or upload it to a video-sharing service. Once you have uploaded the video, copy the link and include it in a document or in the assignment folder.
Now that you have completed the briefing and video, it’s time to turn back to the situational reports that you and your team have been compiling for the CISO.
