Professional Documents
Culture Documents
CST610 Team3 Project Outline
CST610 Team3 Project Outline
CST610 Team3 Project Outline
1. Establish Roles
2. Assess Suspicious Activity
3. The Financial Sector
4. Law Enforcement
5. The Intelligence Community
6. Homeland Security
7. The SAR and AAR
1. Security Assessment Report (SAR): This report should be a 14- to 15-page double-spaced
Word document with citations in APA format. The page count does not include figures,
diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 10- to 15-page double-spaced Word
document with citations in APA format. The page count does not include figures,
diagrams, tables, or citations.
3. Presentation: This should be a five- to eight-slide PowerPoint presentation for executives,
along with a narrated or in-class presentation, summarizing your SAR and AAR reports.
Team Roles
1. Bryan, a representative from the financial services sector, who has discovered the
network breach and the cyber-attacks. These attacks include distributed denial-of-service
attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors
typical of this nation-state actor.
2. Mikaal, a representative from law enforcement, who has provided additional evidence of
network attacks found using network defense tools.
3. Joe, a representative from the intelligence agency, who has identified the nation-state
actor from numerous public and government-provided threat intelligence reports. This
representative will provide threat intelligence on the tools, techniques, and procedures of
this nation-state actor.
4. Fernando, a representative from the Department of Homeland Security, who will provide
the risk, response, and recovery actions taken as a result of this cyber threat.
All team members must leverage network security skills by using port scans, network scanning tools, and
analyzing Wireshark files to assess any suspicious network activity and network vulnerabilities.
Step 3: The Financial Sector
Financial Sector
To be completed by the Financial Services Representative
Provide a description of the impact that the threat would have on the financial services sector.
These impact statements can include the loss of control of the systems, the loss of data integrity
or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a
result of this security incident to the financial services sector. Ensure that the information is
appropriately cited.
To be completed by all team members
Provide submissions from the Information Sharing Analysis Councils related to the financial
sector. You can also propose fictitious submissions. Then, review the resource for industrial
control systems and explain their level of importance to the financial services sector. Explain
risks associated with the industrial control system. Ensure that the information is appropriately
cited.
Law Enforcement
To be completed by the Law Enforcement Representative
Provide a description of the impact that the threat would have on the law enforcement sector.
These impact statements can include the loss of control of systems, the loss of data integrity or
confidentiality, exfiltration of data, or something else. Also provide impact assessments as a
result of this security incident to the law enforcement sector. Ensure that the information is
appropriately cited.
Review this threat response and recovery resource and use what you learn to propose an analytical
method in which you are able to detect the threat, identify the threat, and perform threat response and
recovery. Identify the stage of the cyberthreat life cycle where you would observe different threat
behaviors. Include ways to defend and protect against the threat. Provide this information in your SAR
and AAR. Ensure that the information is appropriately cited.
Homeland Security
To be completed by the Homeland Security Representative
Use the US-CERT and similar resources to discuss the vulnerabilities and exploits that might
have been used by the attackers. Ensure that the information is appropriately cited.
Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps
that should be taken if an entity suffers the same type of attack.
To be completed by all team members
Provide a risk-threat matrix and a current state snapshot of the risk profile of the financial
services sector. These reports will be part of an overall risk assessment, which will be included in
your SAR and AAR. Ensure that the information is appropriately cited.
Review and refer to this risk assessment resource to aid you in developing this section of the
report.
Prepare your SAR for the White House Cyber National Security staff, describing the threat, the
motivations of the threat actor, the vulnerabilities that are possible for the threat actor to exploit,
current and expected impact on US financial services critical infrastructure, the path forward to
eliminate or reduce the risks, and the actions taken to defend and prevent against this threat in the
future.
Prepare the AAR. This knowledge management report will be provided to the cyberthreat analyst
community, which includes the intelligence community, the law enforcement community, the defense
and civilian community, the private sector, and academia. The purpose of the AAR is to share the
systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.