Blumenstein_E_CST610_Project_3

docx

School

University of Maryland *

*We aren’t endorsed by this school

Course

610

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by afeeblemind

Report
CST 610 Project 3 Cyberspace and Cybersecurity Foundations Security Event and Incident Report Prepared By: Elliott Blumenstein Version 1.0
Table of Contents Introduction .................................................................................................................................... 3 Objectives ............................................................................................................................................... 3 Definitions ............................................................................................................................................... 3 Predictions .............................................................................................................................................. 3 Reflections .............................................................................................................................................. 3
Introduction This report will document and analyze the incident/event, the response that was taken, and the prevention of future incidents/events. We will provide details of the incident in FICBank’s IT infrastructure, like when and how it was detected, the possible impact, and the actions taken to remedy this issue. Providing accountability will be crucial to FICBank’s future business and will begin a track record of any incidents/events in the future. This report will also provide FICBank with the objectives for this report. The goals are to give the company an idea of what we want out of this investigation and to give a report of our findings. We want to ensure no confusion in this provide, so definitions of certain words or phrases are listed. It will clarify some details and provide a better understanding of what is being reported. FICBank is a small company and cannot always have IT professionals on the ground monitoring. We predict that there will be different indicators of comprise, giving the tools that will be most useful to identify the cause and outcomes of using those tools. The company will be given details of the incident(s) using tools and techniques. We will provide screenshots of each incident we find and provide those details. Lastly, we will summarize the report. From the tools we used to our approach to identifying the incidents. The challenges we faced during this process will give us an idea of what can be done in the future. This report will be the starting point for FICBank in its endeavor to maintain the IT infrastructure. Objectives 1. Identify potential Indicators of Compromise in FICBANK’s systems architecture. 2. Conduct a preliminary investigation using fundamental digital forensics techniques. 3. Document your findings using the Security Event and Incident Report Template. Definitions “Indicators of Compromise are defined as forensic artifacts that can be used as signs to denote a system has been compromised by an attack or was otherwise infected by malicious software” (Catakoglu et al., 2016, p. 3, para.1). Predictions The most brute force indicator of compromise I predict we will see is multiple login failures. Usually, successful logins are only a few tries, but multiple login attempts could indicate that a bad actor is trying to access the system. A lockout should occur after multiple reentry times, but if not, that should be implemented into the solution. Another type is unusual outbound network traffic. “If the outbound traffic within the ICS network increases significantly or is not in the typical model, there could be malicious activity” (Asiri et al., 2023). The increase will alert us that something is suspicious, and the team will investigate this issue. “A large amount of database reads and queries is a clear indicator that an attacker has penetrated the system” (Asiri et al., 2023). The database serves a vital role in FICBank’s IT infrastructure as the storage, which will keep all data for transactions, searches, customer information, etc. These are just some types of IOCs.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1. What tools, techniques, and practices do you predict will be most useful in identifying the root cause of the reported events? For FICBank to ensure that it receives the root cause of the reported events, we will need to use certain tools, techniques, and practices to investigate properly. Tools that we could use: 2. What do you expect the outcomes to be from these tools, techniques, and practices? 3. Based on your knowledge of common security incidents, what do you predict might have occurred at FICBANK? Events and Indicators of Compromise Work Products [Document the hands-on exercises results here from your activities using text and screenshots. When providing screenshots, please do not forget to include a current date and time in the capture.] Reflections Provide a thorough and critical analysis for each of the following questions. Everyone must answer the General questions. If you want a challenge, take on the Technical questions too! General:
1. What digital forensic tools did you use during the investigation? 2. What was your approach to identifying potential indicators of compromise? 3. How did you verify the credibility of the artifacts from FICBANK's employees? 4. What challenges did you face during the investigation? 5. How did you ensure that the investigation met industry standards? Technical: 1. What techniques could you use to identify and investigate potential Indicators of Compromise in FICBANK's systems architecture? 2. How would you approach preserving volatile data during the investigation? 3. What forensic analysis methodologies would you use during the investigation? 4. What techniques would you use to track the movement of data within FICBANK's systems? 5. How did you validate the findings from your digital forensics investigation? 6. What are some other methods outside of traditional vendor tools you could use to analyze the data you have?
Reference Catakoglu, O., Balduzzi, M., & Balzarotti, D. (2016). Automatic extraction of indicators of compromise for web applications. Proceedings of the 25th International Conference on World Wide Web , 1–11. https://doi.org/10.1145/2872427.2883056
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CYS103 WK 1 CIA TRIAD ASSIGMNMENT CYS 103.docx
Blumenstein_E_CST610_Project_3 (1) (2).docx
ElliottBlumenstein_CST610_Project_1_SARS (2).docx
BlumensteinElliott_CST610_Project2 (3).docx
Blumenstein_E_CST610_Project_4.edited (1).docx
Blumenstein_E_CST610_Project_4.docx
Module_3.2.docx
Module_2.2.docx
Module 7_1.docx
Week 5 Discussion.docx
Week 6 Discussion.docx
Guided Practice Report Template.docx