Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

ICT205 Cybersecurity Final Exam Assessment T1 2020 T1 2020: ICT205 Cyber Security Final Exam Assessment Assessment Type: Individual Report Value: 50% Word Length: 2500 words Due Date: Week 14 (June...

1 answer below »
ICT205 Cybersecurity Final Exam Assessment T1 2020
T1 2020: ICT205 Cyber Security
Final Exam Assessment
Assessment Type: Individual Report
Value: 50%
Word Length: 2500 words
Due Date: Week 14 (June 18th 11:55pm)
Submission: Moodle Turnitin Submission
Case Study Description:
Imagine at one end when you are discussing with the security services to add up the
layers of security defences, you find that your company has been compromised. But
the intruder, rather than attacking your company's network, instead uses your servers
as a launching pad for attacks on other companies, making your firm an
unintentional ally.
This is the scenario that IT managers faced at ITBase. ITBase is a publicly traded
company that is considered a market leader in the highly competitive, multi-billion-
dollar IT infrastructure market. At the time of the attack, the IT managers were in
discussions with SeekSecNet, a network security company to plan an external
penetration test. The goal of the penetration test was to reveal IT infrastructure
weaknesses to ITBase management. Armed with this information, management was
to consider the benefits of further investment in security improvements versus the
isk of inaction.
ITBase had used a firewall to protect its corporate network, but the logs generated
y the firewall were not rarely reviewed by the system administrator. Moreover,
ITBase did not implement any intrusion detection capabilities. The organization
learned of the incident when an unrelated firm contacted the corporate

XXXXXXXXXXICT205 Cybersecurity Final Exam Assessment T1 2020
administrators in response to a network attack that originated from a server located
at ITBase headquarters and demanded that ITBase should take all necessary steps to
terminate the attack.
In the ITBase case, while the intruder launched his attack from a server within the
ITBase network, he happened to attack an outside system that was being monitored
for such activity. When the system administrator of the attacked network detected
the hostile activity, he quickly notified ITBase system administrators.
Assessment Requirement Specification
As discussed in the case study assume that ITBase has approached SeekSecNet to
add up the layers of the security. Now, ITBase wanted SeekSecNet to run further
investigation about the incident. Assume that you are part of SeekSecNet and your
team is taking the responsibility of running further investigation on the security
incident. It is important to note that only one company contacted ITBase to
complain; therefore, it is probably safe to assume that several compromised
organizations were unaware of the attacks. Also, if ITBase had not been notified by
the compromised organization, ITBase system may have remained compromised for
months without notice.
The IT professionals and the other business unit professionals of ITBase needs to
place all possible measures for SeekSecNet to work on the incident. As a step
towards this, ITBase should prepare a disaster recovery plan.
Furthermore, as a team from SeekSecNet responsible for further investigation the
team is expected to prepare a response based on the investigation and a Security
Incident Checklist.
Your report needs to include the following:
1. Prepare a disaster recovery plan for the incident experienced by the
organization. The plan needs to include detailed discussion on how the steps
of the plan are executed

XXXXXXXXXXICT205 Cybersecurity Final Exam Assessment T1 2020
2. Prepare a response summary in relation to the incident based on the
investigation
3. Prepare a security incident checklist to be used by the organization when they
have been compromised
Marking Criteria:
Sections Description Marks
Executive Summary A short description of what is being addressed in
the report
2
Introduction Discuss about the case study and the
equirements in terms of developing a disaster
ecovery plan and security incident checklist
5
Disaster Recovery
Plan (DRP)
Discuss the steps involved in DRP. You need to
discuss in detail as to how the steps are being
implemented by the organization discussed in the
case study
15
Investigation
Response
Prepare a short summary of the findings of the
investigation of the incident. The findings should
include what could be possible sources how the
system has been attacked
10
Security Incident
Checklist
Steps to be taken by the organization when they
have been compromised
10
Conclusion Present your findings in the report 3
Referencing List of references 5

XXXXXXXXXXICT205 Cybersecurity Final Exam Assessment T1 2020
Submission Details:
The report should be limited to 2500 words and should be structured according to
the sections mentioned in the marking criteria. The report should be submitted on
Moodle on the date of the deadline.
Marking Ru
ic

Criteria

Fail
(0 – 49%)

Pass
(50 – 64%)

Credit
(65 – 74%)

Distinctio
n (75 –
84%)

High
Distinction
(85 – 100%)
Executive
Summary
2%
Did not
provide
executive
summary in the
eport
Not a well
written summary
Presented the
summary but not
enough details
provided
Includes the
complete details
in the summary
Very clearly
written and
structured
Introduction 5% Did not
provided the
introduction
Introduction
provided but no
complete details
presented about
the organization
in the case study
Introduction
presented with a
eport on the case
study
Well-presented
introduction with
a report on the
case study but not
a clear structure
Very clearly
written and
structured
DRP Plan 15% No details on the
DRP plan or
very minimum
amount of
information
Minimum details
of security
information
provided for the
plan
A DRP plan has
een provided for
the organization
discussed in the
case study
A well written
DRP plan with
necessary details
for the
organization
discussed in the
eport
Very clearly written
and structured
plan for the
organization
discussed in the
eport
Investigation
Response 10%
The section not
presented in the
eport or the
investigation
eport not
appropriately
discussed
A few results has
een presented in
the report
Response
developed for
most of the
investigation
performed
A well discussed
set of response
for the
investigation
ca
ied out
Very clearly
written and
structured with all
esponse included
in the report
Security Incident
Checklist 10%
This section not
provided in the
eport or not
discussed
appropriately
No appropriate
amount of details
provided for the
checklist
Minimum amount
of details provided
in the checklist
Complete details
provided for the
organization so as
to follow the
checklist
Very clearly
written and
structured with
necessary details
Conclusion 3% No
conclusion
provided
Conclusion not
provided with
complete findings
in the report
Conclusion not
provided with
necessary details
Conclusion
provided
Very clearly
written and
structured
Referencing 5%
Total 50%
Answered Same Day Jun 15, 2021

Solution

Neha answered on Jun 16 2021
134 Votes
Executive Summary
This report is to help the organization to find out the compromise system save the systems from the attackers. This report includes the disaster management plan which can help the organization in future. it includes day by day plan which can be implemented in the system. A response summary is also included by the consultants.
Introduction
The ITBase has a publicly traded company which is considered as the leader in market and have highly competitive nature for other companies. The IT managers were discussing with the SeekSecNet to help them in securing their system. The SeekSecNet is a network security company which helps the organization by planning on external penetration test. The motive of this test is to find out the weaknesses which are present in the infrastructure of the organization stop the management wants to investigate all the systems and find out all the security improvements and their risk of inaction. The IT base organisation held used firewall to protect their network but the locks which were generated by the firewall were not check by the administrator of the system. They also did not implement and intrusion detection capabilities. An intruder launched the attack from our server which was present in the ITBase. The administrator fallout the attack and informed the in administrator of the IT base organization.
This report is based on the disaster management plan for the organizations. It is important to secure the network of the organization and manage the work. The disaster can result in stopping the flow of work in an organization, so it is important to keep a back up plan for the company which makes sure that there is no loss of connection. Here is the regular account of the security incidents which occurs in the organization on the daily basis. The report continues with the investigation performed at the ITBase.
Day 1: The initial call
An internal investigation was conducted at the ITbase by the administrator to find the potential compromised. A whole day was spent to conduct this investigation. after this initial investigation administrators of ITBase found that one of the FTP server presents in the organization was sending a huge volume of traffic to different external IP addresses (Švehla, Z.L., Sedinić, I. and Pauk, L). The whole system was reviewed again by the administrators of ITbase but they failed to find out any sign which proves the compromise. they did not find any suspicious program which can be termed as the source of the attacks which can happen in the organization. Finally, the administrators used SeekSecNet. The SeekSecNet was contacted to help them in analysing the intrusion and The ITBase can recover from any compromise. The initial interview or conversation was done over the telephone regarding the incident which happened in the organization. After the first conversation the SeekSecNet hey send their consultant to the site to analyse and assist the IT base. The very first advice of the consultant was given to the administrators to disconnect the network connection which is connected to the compromise system. He explained that this step can help them to stop any further damage which can be done by the hacker to the internal and external system of the ITBase. The case study in forms that the administrators of the IT base system work highly competent but they do not have any security experience which is required to find out the nature of the attack and its source. The reason of this failure is skills of the hacker which he uses to hide their presence. The IT base administrators tried to find out the hacker who is responsible for the system which is compromised and this resulted in a new risk which can destroy the potential evidence and this can also destroy the system itself by tripping on our landmine which is equal to the hacker unknowingly.
The consultant of SeekSecNet was able to
ing out the speed of the events which were not working as per the requirement. The FTP server which was not performing well was used to transfer the data related with customers between the partners and this restricted the ITBase to follow the suggestion given by SeekSecNet consultant to turn off the system.
As the consultant moved forward with the investigation, he created a backup for the critical data of the organization. Starting with an initial backup which is used to capture the low level image so
y the compromised system was critical when used for the future forensics specially when the intruder or hacker has some advanced techniques or tools to hack the system to stop the availability of the system was critical it was important to back up the data off the system you sing some system utilities which were provided online by the SeekSecNet (Komninos, N., Vergados, D. and Douligeris, C). The SeekSecNet suggested not to use the system utilities of the ITBase organization as the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here