Category: Cybersecurity

Locards Principle and Chain of Custody

Discuss how Locards principle is an essential part of crime scene investigation, both for cybercrime and non-digital crime. Give examples of how this principle was used to solve some crimes.

Why is chain of custody important? Describe the steps you would take to make sure you had a solid chain of custody from the crime scene to the trial. Use real-life examples.

InstructionsPurpose

This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.

Learning Objectives and Outcomes

Successful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:

• Evaluate compliance laws relevant to the U.S. Department of Defense.
• Assess policy frameworks appropriate for an organization in a given scenario.
• Evaluate security controls and standards for the seven domains of a typical IT infrastructure.
• Develop DoD-compliant policies for an organizations IT infrastructure.

Required Source Information and Tools

Web References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on August 26, 2020.

The following tools and resources will be needed to complete this project:

• Course textbook
• Internet access
• DoD instructions or directives
• https://www.esd.whs.mil/dd/
• Risk Management Framework (RMF) for DoD Information Technology (IT) https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001p.pdf?ver=2019-02-26-101520-300
• U.S. Department of Defense (DoD) Chief Information Office Library

https://dodcio.defense.gov/Library/

• Department of Defense Information Security Program
• https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol1.pdf?ver=2020-08-04-092500-203
• Department of Defense Internet Services and Internet-Based Capabilities
• https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/817001p.pdf

You may consult other relevant sources, if needed. If so, include citations for those sources in the final deliverable for this report.

Deliverables

This project is divided into several parts, each with a deliverable. The first three parts are research drafts, which should include organized lists and notes gathered during research, sources, and in some cases policy drafts. These documents should be organized and readable, but are not polished reports.

Item

Deliverables

Project Part 1

U.S. Compliance Laws Research

Submit a draft of your research of DOD-specific requirements for an organizations IT infrastructure and U.S. compliance laws that may affect the firm.

Scenario

You are a security professional for Blue Stripe Tech, an IT services provider with approximately 400 employees. Blue Stripe Tech partners with industry leaders to provide storage, networking, virtualization, and cybersecurity to clients.

Blue Stripe Tech recently won a large DoD contract, which will add 30 percent to the revenue of the organization. It is a high-priority, high-visibility project. Blue Stripe Tech will be allowed to make its own budget, project timeline, and tollgate decisions.

As a security professional for Blue Stripe Tech, you are responsible for developing security policies for this project. These policies are required to meet DoD standards for delivery of IT technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency.

To do this, you must develop DoD-approved policies, standards, and control descriptions for your IT infrastructure (see the Tasks section in this document). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies, standards, or controls in place.

Blue Stripe Tech’s computing environment includes the following:

• 12 servers running the latest edition of Microsoft Server, providing the following:
• Active Directory (AD)
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Enterprise resource planning (ERP) application (Oracle)
• A research and development (R&D) engineering network segment for testing, separate from the production environment
• Microsoft Exchange Server for email
• Email filter
• Cloud-based secure web gateway (web security, data loss protection, next-generation firewall, cloud application security, advanced threat protection)
• Two Linux servers running Apache Server to host your website
• 400 PCs/laptops running Microsoft Windows 10, Microsoft 365 office applications, and other productivity tools

Mid-Term Paper Assignment

Paper objective is to critically analyze a specific ethical challenge in Al and propose potential solutions.

1. Choose one of the suggested topics or propose your own (with instructor
2. Conduct thorough research using academic and reputable sources.
3. Write a 5-7 page paper (double-spaced) discussing the chosen topic, its implications, and potential solutions.
4. Include at least 5 citations from academic or reputable sources, which include your reading assignments.

Suggested Topics:

• Bias in Al algorithms
• Privacy concerns with Al surveillance
• Transparency and explainability in Al
• Accountability in Al decision-making
• Economic impacts of Al-driven automation

Formatting Guidelines:

1. Use 12-point Times New Roman font, double-spaced.
2. Include a title page with your name, course, and date.
3. Use APA citation (or Chicago) style for references.
4. Proofread your paper for grammar and clarity

This assignment challenges students to apply the concepts and knowledge gained throughout the first three modules of this course to analyze a real-world cybersecurity incident. Students will delve into the technical, human, economic, legal, and ethical aspects of the incident, demonstrating their understanding of the complex interplay of factors that contribute to cybersecurity vulnerabilities and their impact.

Instructions:

1. Choose an Incident: Select a well-documented cybersecurity incident that has occurred within the past 5 years. This could be a data breach, ransomware attack, malware outbreak, or any other significant cybersecurity event. Ensure the incident has sufficient information available for research and analysis.
2. Research and Analysis: Conduct thorough research on the chosen incident, gathering information from reputable sources such as news articles, official reports, technical analyses, and academic publications. Analyze the incident from multiple perspectives (within the context of the 3 previous modules), addressing the following key areas:
3. NOTE: The goal is for the student to relate previous content learned to the cyber event/incident you have chosen to research and write about. You can discuss information from all three previous modules, or only discuss concepts from module 1, or just module 2, or just module 3, it is up to you.

• Technical Aspects:
• Describe the technical details of the attack, including the vulnerabilities exploited, the attack vectors used, and the technical impact on the affected systems.
• Explain the type of malware or attack method involved (if applicable) and its characteristics.
• Discuss any technical countermeasures that were in place or could have been implemented to prevent or mitigate the attack.
• Human Factors:
• Analyze the role of human error or social engineering in the incident.
• Discuss the psychological factors that may have contributed to the success of the attack.
• Consider the impact of the incident on individuals and society, including any privacy violations or social consequences.
• Economic Impact:
• Assess the financial losses incurred by the affected organization(s), including direct costs (e.g., data recovery, system repairs) and indirect costs (e.g., lost revenue, reputational damage).
• Analyze the broader economic impact of the incident, considering its effects on the industry, the market, or the overall economy.
• Legal and Ethical Considerations:
• Identify any legal or regulatory frameworks that apply to the incident, such as data protection laws or cybersecurity regulations.
• Discuss the ethical implications of the attack, considering issues such as responsibility, accountability, and the potential for harm.
• Analyze the legal and ethical responses to the incident, including any lawsuits, investigations, or policy changes.

1. Paper Structure: Organize the research paper into a clear and logical structure, including the following sections:

• Introduction: Provide a brief overview of the chosen cybersecurity incident and its significance.
• Possible Titles that focus on Foundational Concepts:
• Foundations of Cybersecurity: Exploring the CIA Triad and Access Control
• Building Secure Systems: An Examination of Identification, Authentication, and Authorization
• The Human Element: Economics, Psychology, and Decision-Making in Cybersecurity
• Background: Describe the context of the incident, including the affected organization(s), the target systems, and any relevant background information.
• Technical Analysis: (as described above)
• Human Factors: (as described above)
• Economic Impact: (as described above)
• Legal and Ethical Considerations: (as described above)
• Lessons Learned: Discuss the key takeaways from the incident, including lessons learned about cybersecurity vulnerabilities, attack methods, and effective countermeasures.
• How does any area from the previous three modules apply to lessons learned?
• Conclusion: Summarize the main findings of the analysis and offer concluding thoughts on the significance of the incident and its implications for the future of cybersecurity.

1. Formatting and Citations: Adhere to the following formatting guidelines:

• APA Style
• 8 pages minimum (excluding title page and references, etc)
• Double-spaced, 12-point Times New Roman font, 1-inch margins
• Use a consistent citation style (e.g., APA,)
• Include a title page, a reference page, and an appendix (if necessary) with at least 8 reputable sources, (internet article, journal, report, etc, just accurately document your references within APA Style.

If you use AI, please cite it- See Ethical and Responsible Behavior

Cyber Security News:

Peer Reviewed Articles:

1. USENIX Security Symposium:
2. ACM CCS:
3. IEEE S&P:
4. NDSS:
5. WEIS:

read the qns carefully and refer to Microsoft Words for the links to articles. thanks

Assignment Details

NOTE: Unit 5 has two assignments: Assignment 1 and Assignment 2. Each will be submitted to its individual Dropbox.

Unit 5, Assignment 2: Risk Management Concepts Presentation

Course Outcome addressed in this activity:

GEL-1.03: Demonstrate college-level communication through the oral delivery of original materials in Standard English.

Assignment Instructions

This assignment requires you to provide an oral narration in a PowerPoint presentation.

Important: You must include your recorded narration within this presentation. See Microsofts instructions for

Reference

Microsoft. (n.d.). . https://support.office.com/en-us/article/Record-a-slide-show-with-narration-and-slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c#OfficeVersion=2013,_2016

Based on the knowledge you have achieved thus far in this class, compose a minimum 10-slide PowerPoint presentation, not including the required title and reference slides. In the presentation, summarize risk management concepts. Include the different frameworks you could use and why you might choose specific frameworks. Also, summarize the qualitative versus quantitative risk analysis approaches and techniques for managing risk. Your presentation should include a title slide and reference slide and follow APA guidelines.

Your narration will provide additional details of the points you have provided on each slide. You must have narration on every slide. Discuss and expand upon the points you have summarized on each slide by using the slide notes section on each slide to coincide with the narration. Do not just read what is on the slide. Remember, the slide should contain minimal information, so the audience can focus on your narration and the supporting information you provide.

Oral Parameters/Expectations

1. At least 10 slides in length, excluding the title and reference slides.
2. Each slide, except title and reference slides, must have an oral narration in Standard English explaining the key ideas in each slide.
3. The oral presentation should have a highly developed and sustained viewpoint and purpose.
4. The oral communication should be highly ordered, logical, and unified.
5. The oral delivery technique, including word choice and oral expressiveness, should display exceptional content, organization, and style, while leading the audience to a dynamic and supported conclusion.
6. Free of grammatical errors.
7. No evidence of plagiarism.
8. Ensure that the narration provides clear enunciation, a professional tone, and is free of background noise.

Written Parameters/Expectations

1. Include a title slide and reference slide.
2. Written work is provided in Standard English.
3. At least 10 slides in length, not counting the title slide and reference slide.
4. Includes a highly developed viewpoint and purpose, and exceptional written content.
5. Writing demonstrates superior organization and is well-ordered, logical, and unified.
6. Free of written grammar, punctuation, and spelling errors.
7. No evidence of plagiarism.
8. At least three outside references on the topic of risk management in addition to the text.
9. Make sure that the reference slide is in the latest APA Style.

For assistance with APA requirements, please go to Academic Writer. You will find the link in the Academic Tools section of the course.

Assignment Details

NOTE: Unit 5 has two assignments: Assignment 1 and Assignment 2. Each will be submitted to its individual Dropbox.

Unit 5, Assignment 2: Risk Management Concepts Presentation

Course Outcome addressed in this activity:

GEL-1.03: Demonstrate college-level communication through the oral delivery of original materials in Standard English.

Assignment Instructions

This assignment requires you to provide an oral narration in a PowerPoint presentation.

Important: You must include your recorded narration within this presentation. See Microsofts instructions for

Reference

Microsoft. (n.d.). . https://support.office.com/en-us/article/Record-a-slide-show-with-narration-and-slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c#OfficeVersion=2013,_2016

Based on the knowledge you have achieved thus far in this class, compose a minimum 10-slide PowerPoint presentation, not including the required title and reference slides. In the presentation, summarize risk management concepts. Include the different frameworks you could use and why you might choose specific frameworks. Also, summarize the qualitative versus quantitative risk analysis approaches and techniques for managing risk. Your presentation should include a title slide and reference slide and follow APA guidelines.

Your narration will provide additional details of the points you have provided on each slide. You must have narration on every slide. Discuss and expand upon the points you have summarized on each slide by using the slide notes section on each slide to coincide with the narration. Do not just read what is on the slide. Remember, the slide should contain minimal information, so the audience can focus on your narration and the supporting information you provide.

Oral Parameters/Expectations

1. At least 10 slides in length, excluding the title and reference slides.
2. Each slide, except title and reference slides, must have an oral narration in Standard English explaining the key ideas in each slide.
3. The oral presentation should have a highly developed and sustained viewpoint and purpose.
4. The oral communication should be highly ordered, logical, and unified.
5. The oral delivery technique, including word choice and oral expressiveness, should display exceptional content, organization, and style, while leading the audience to a dynamic and supported conclusion.
6. Free of grammatical errors.
7. No evidence of plagiarism.
8. Ensure that the narration provides clear enunciation, a professional tone, and is free of background noise.

Written Parameters/Expectations

1. Include a title slide and reference slide.
2. Written work is provided in Standard English.
3. At least 10 slides in length, not counting the title slide and reference slide.
4. Includes a highly developed viewpoint and purpose, and exceptional written content.
5. Writing demonstrates superior organization and is well-ordered, logical, and unified.
6. Free of written grammar, punctuation, and spelling errors.
7. No evidence of plagiarism.
8. At least three outside references on the topic of risk management in addition to the text.
9. Make sure that the reference slide is in the latest APA Style.

For assistance with APA requirements, please go to Academic Writer. You will find the link in the Academic Tools section of the course.

I am resending the paper that you did. I will attach the paper.

This is the professor’s comment:

Paul, thank you for your submission. While your writing is professional and you have synthesized four interesting articles regarding AI and IoT security, you unfortunately missed the primary objective of this assignment. The instructions required a specific review of the article by Abomhara and Kien (2015) that addressed a specific set of evaluative questions. Because you focused on entirely different sources, much of the required content is missing. Additionally, I noticed several APA formatting errors and incomplete source links that need to be addressed in future work.

Make sure you’re reviewing the rubric and any APA 7th formatting. When you pick a topic and start your dissertation, they can be a lot more strict on APA and crafting your idea.

Instructions:

For this assignment, review the following article:

Abomhara, M., & Kien, G. M. (2015). . Journal of Cyber Security and Mobility, 65-88.

Address the following:

• What did the authors investigate, and in general how did they do so?
• Identify the hypothesis or question being tested
• Summarize the overall article.
• Identify the conclusions of the authors
• Indicate whether or not you think the data support their conclusions/hypothesis
• Consider alternative explanations for the results
• Provide any additional comments pertaining to other approaches to testing their hypothesis (logical follow-up studies to build on, confirm or refute the conclusions)
• The relevance or importance of the study
• The appropriateness of the experimental design

When you write your evaluation, be brief and concise, this is not meant to be an essay but an objective evaluation that one can read very easily and quickly. Also, you should include a complete reference (title, authors, journal, issue, pages) you turn in your evaluation. This is good practice for your literature review, which youll be completing during the dissertation process.

Your paper should meet the following requirements:

• Be approximately three pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)
• Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
• Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
• Be clear and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Discuss what best evidence is. How would you document that the best evidence being used in your case is a bit-for-bit copy of the original data? Hint: The answer is NOT the chain of custody. You may have to do some additional research related to original evidence, derivative evidence, and best evidence to find the answer. Your response must follow these parameters: Minimum length is 400 words. The Works Cited page is additional! You must use at least two sources DO NOT copy and paste from ANY source If you need to emphasize a word, use italics, NOT quotes Use MLA formatting You will be graded on grammar and punctuation, as well as proper use of in-text citations and providing a works cited page Each body paragraph MUST be only one subject or topic If you are comparing Windows to Linux, Each topic must be in separate paragraphs Windows security would be one Linux security would be another Introduction and conclusion (first and last paragraph) will not be cited Introduction will explain what you are attempting to prove Conclusion will state what you have proved Paragraphs should be 4 to 6 sentences (about 75 words). Don’t exceed double-space between paragraphs. When you change topics, hit enter to begin the next topic. Use this class book:Discuss what best evidence is. How would you document that the best evidence being used in your case is a bit-for-bit copy of the original data? Hint: The answer is NOT the chain of custody. You may have to do some additional research related to original evidence, derivative evidence, and best evidence to find the answer. Your response must follow these parameters: Minimum length is 400 words. The Works Cited page is additional! You must use at least two sources DO NOT copy and paste from ANY source If you need to emphasize a word, use italics, NOT quotes Use MLA formatting You will be graded on grammar and punctuation, as well as proper use of in-text citations and providing a works cited page Each body paragraph MUST be only one subject or topic If you are comparing Windows to Linux, Each topic must be in separate paragraphs Windows security would be one Linux security would be another Introduction and conclusion (first and last paragraph) will not be cited Introduction will explain what you are attempting to prove Conclusion will state what you have proved Paragraphs should be 4 to 6 sentences (about 75 words). Don’t exceed double-space between paragraphs. When you change topics, hit enter to begin the next topic.

Prompt

For the scenario above, you must address the critical elements listed below. The codes shown in brackets indicate the competency to which each critical element is aligned.

1. During the Incident
2. Managing the Incident
3. Identify the potential assets (e.g., single assets, groups of assets, and/or systems of assets) affected by the incident.
4. Explain potential methods you would use to contain the incident.
5. Explain potential steps for remediation of the incident.
6. Recommend potential strategies to minimize the possibility of this type of incident reoccurring in the future.
7. Business Continuity
8. Recommend a potential strategy for maintaining normal business operations during the recovery process.
9. Post Incident: Disaster Recovery
10. Describe how failover could benefit the organization and explain how it would affect the people, process, and technology aspects of the disaster recovery plan.
11. Propose an update to the backup strategy and explain how it would affect the people, process, and technology aspects of the disaster recovery plan.