Expert Answer:Intelligence Debriefing- No cover page

Answer & Explanation:For the new project, attached are the documents need. Can you do it? if so, please let me know to submit a new request.Please!Your nation’s technical staff expects you to report on all summit events once you return to your nation’s capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, and SITREP 2.Each team member should develop his or her own briefing and submit independently. You may, however, use your team’s discussion area to share your findings with your peers.Refer to the CISO Deliverable Overview for a full list of requirements for the
business_continuity_plan_group_1.docx

sitrep__1_group_1_us.docx

sitrep__2.docx

ciso_deliverable_overview.pdf

Unformatted Attachment Preview

Running Head: BUSINESS CONTINUITY PLAN
Business Continuity Plan
Ivy Anane-Agyei, Mustafa Almahdawi, Brandon Apolito, Veronica Daily, Mary Dolling
CYB 670
November 5th, 2019
University of Maryland Global Campus
1
BUSINESS CONTINUITY PLAN
2
Overview
A Business Continuity Plan (BCP) is a plan the ensures the continuation of business
processes during an emergency or during an attack. “The BCP focuses on sustaining an
organization’s mission/business processes during and after a disruption” (Swanson, Bowen,
Phillips, Gallup, & Lynes, 2010). In this case the FVEY USA team has been hit with a Reveton
ransom attack, an attack that is disguised as originating from a country’s law enforcement
agency. It locks the victim out of their computers and asks them to pay a ransom or face criminal
proceedings within 48 hours based on very serious offenses. The attacker through the message
gives the option of paying a fine that is to be paid via Bitcoin. The team is tasked to look at all
such potential threats and devise a BCP to ensure continued operations should the threat become
a reality.
For the continues running of operations and activities in any organization in the event of
a security breach, a cybersecurity Business Continuity Plan (BCP) is very essential. This BCP
involves strategies that focus on how FVEY will recover from the ransomware attack and any
other cyber-attack or incident that originates internally or externally. This BCP will include a
software development lifecycle with a matrix and the team’s software assurance needs. It will
also describe the normal operation standards, practices, and procedures for operating systems,
including critical systems. It will develop standard operating procedures based on the most
critical to least critical to continue business operations. It also identifies and documents resource
requirements to recover critical businesses, functions, and processes in the organization. It will
consider the differences between rogue access points, service set identifiers (SSID) and
authorized access points.
BUSINESS CONTINUITY PLAN
3
The BCP will also detail recovery from ransomware attack, and leadership decisions on pay outs
considering the use of Bitcoin. It will address remediation paths for ransomware attacks by using
its attack vectors as scenarios. I will include an incident response plan to ensure proper
communication channels. The plan will provide the basis for a relatively quick and effective
return to normalcy regardless of the cause of the disruption. The BCP will sustain operations
during any breach, recover and resume operations, and protect the team’s assets.
Software Development Lifecycle Assessment
Software usage is an important part of business operations and allows organizations to
manage data, resources, performance, and other internal tasks for effective results. In
implementing business processes into software support, the need for including business
requirements in the Software Development Life Cycle (SDLC) process arises. It involves several
clearly defined and distinct steps and work phases that software developers and engineers follow
to plan, develop, test, and deliver the final software solution to the intended end-user. SDLC
aims to develop high quality systems which meet the needs of the customer and bases its end
solution on the requirements of the end user with significant adherence to the set timeline to
deliver within the cost estimates. SDLC models and methodologies have been designed as a
solution to the complications in Software orientation architecture.
………………… Continue approved assessment SDLC from here.
BUSINESS CONTINUITY PLAN
4
Software Development Matrix
Software
Developm
ent
Pros and Cons
Software Assurance Concerns
Waterfall
Model
Pros: cost-friendly, easy to understand & manage.
Prototype
Model
Pros: quick to offer feedback, & realize errors.
Agile
Software
Developm
ent
Pros: flexible to change, customer satisfaction.
Rapid
Applicatio
n
Developm
ent
Pros: user feedback, allows for pre-testing.
Customer satisfaction.
Cons: big projects only, expensive, complex.
Testing allows risk management.
Dynamic
Systems
Developm
ent
Pros: user participation.
Customer satisfaction.
Spiral
Model
Cons: high risks of uncertainties, rigid to change.
Cons: incompetent in problem analysis, quite
complex to understand, expensive.
Cons: more expensive, only support big projects
Limit change, customer involvement, may
not assure customer satisfaction (Davis,
2013).
.Developer releases minimum codes,
securing the software from attackers.
Clients can give feedback easily (Davis,
2013).
.Assures customer satisfaction. Allows for
software testing, increasing software
security (Davis, 2013).
Cons: expensive, complex.
Pros: client involvement, support changes, fast
development.
Vulnerable to confidential risks, increases
customer satisfaction (Chemuturi, 2009).
Cons: quite expensive, needs strict measures.
Extreme
Programm
ing
Pros: quality improvement, support changes.
FeatureDriven
Developm
ent
Pros: prioritize clients’ needs, simplify projects.
Joint
Applicatio
n
Developm
ent
Pros: customer involvement, reduce cost.
Cons: Strict rules and policies, collective code
ownership.
Cons: expensive, undefined iteration.
Cons: requires full attention and commitment.
Testing allows confidential risks to be
identified and mitigated (Chemuturi,
2009).
Code inspection and testing improve data
confidentiality.
Risk mitigation due to client involvement,
promotion of quality.
BUSINESS CONTINUITY PLAN
Lean
Developm
ent
Rational
Unified
Process
Scrum
Developm
ent
Pros: cost management, waste management.
Cons: success highly depends on teamwork.
Pros: Allows for a change in any phase.
Cons: quite complex, requires experts, expensive.
Pros: involves product owner, client satisfaction.
Cons: delayed completion of projects due to
frequent changes and everyone’s involvement
5
Saves on cost, resources, & achieves
desired outcome (Leffingwell, 2011).
Risk management in every phase,
allowing for the quality end product
(Leffingwell, 2011).
Testing assures quality end products, and
customer satisfaction. Incorporation of
changes reduces risks (Davis, 2013).
Normal Operating Standards Practices and Procedures for Operating Systems
Normal operation standards for operating systems are step by step written procedures to
be followed by personnel in securing IT systems. Operating systems are used to support the basic
activities in any organization and must operate and run in a secure and reliable environment to
prevent disruptions in the organization’s daily operating activities. Other critical systems support
the activities of the team and they include network components such as file server, DNS Server,
key server, application server, active directory, windows and Linux operating systems,
supervisory control and data acquisition (SCADA). The scope of this BCP addresses prioritized
functions of the communication network and is categorized based on risk and threat assessments
by the team. This brings more focus on more critical functions than less critical functions of the
team’s operations.
“The operating system (sometimes called the ‘OS’) provides a common set of controls
for managing computer hardware, making it easier for users to interact with computers and for
programmers to write application software” (UMUC, n.d.). Operating systems also provide a set
of common commands for programmers to reduce errors on writing codes and also faster in
writing software.
BUSINESS CONTINUITY PLAN
6
With the OS being the main driver of IT operations in any organizations, it is faced with
several threats such as viruses, worms, malware or intrusion from hackers. End users pose as a
main threat to the security of operating systems and this must be considered when securing the
operating system. Methods for securing an operating system involves cybersecurity best
practices such as utilizing firewalls for to filter incoming and outgoing network traffic, ensuring
proper account management, installing updated antivirus engines and software and performing
regular OS patch management. Security patches of the operating system must always be updated
to ensure that the system can address any threats that could significantly affect the system.
Application whitelisting and software restriction policies must be implemented to prevent the
execution of programs in common ransomware locations, such as temporary folders. The team’s
vulnerability management policy must include applying patches immediately a critical
vulnerability is identified on the network without waiting for the scheduled patch cycle.
Access control on the operating system must also be managed proper in order to protect
the OS. Access control methods such as Role Based Access Control (RBAC) and Discretionary
Access Control (DAC) are based on managing user permissions and have been used over the
years. A more effective access control method to be employed in securing Operating Systems is
the Just Enough Administration (JEA). It aims to reduce administrative access to systems
wherever possible and at the same time allowing administrators to carry out their jobs
(Carnaghan, 2015). JEA allows specific users to carry out administrative related functions
without giving them administrative user access. It therefore focuses on task-based access control
rather than role based and builds controls for specific tasks using PowerShell constrained run
spaces available that are within the OS. The network operating system is basically used to
BUSINESS CONTINUITY PLAN
7
monitor network activities such as those devices connecting to the network and how they gained
access to the network. Therefore, patching and regular update of these systems are essential.
Ad-hoc Wireless Network Management
Considering the area of the summit, all partner nations are likely to adopt the use the use
of ad-hoc wireless network which allows computers to communicate with each other directly
without a router. This type of network is vulnerable to intruder attacks due to the lack of network
access control list and broadcast of Service Set Identifiers (SSID). For the purposes of securing
the network, strong encryption methods such as WPA2 data encryption must be used to protect
the SSID. It is also important to change the default SSID name and opt for name that cannot be
guessed easitly. Attacker use Rogue Access Points which are not authorized access points to
cause attacks on the network. Some of these attacks include DoS attacks, ARP poisoning, manin-the middle attacks and sniffing attacks. The FVEY USA team therefore ought to establish a
list of authorized access points and must cross-reference any identified access point against this
list in or determine approved access points. Authorized access points must be protected through
secured data encryption methods such as WPA2 and the use of MAC address systems to make
them recognizable on the team’s Address Resolution Protocol (ARP) tables. All these wireless
network security measures must be adhered to especially during a security incident.
Recovery Measures
For an effective Business Continuity Plan, the team must be prepared to recover from the
Reveton ransomware attack and resume normal operations. To achieve this, precautionary
measures must be put in place initiate a series of events before and after the ransomware attack
or any other cybersecurity threat.
BUSINESS CONTINUITY PLAN

8
Taking Inventory: In the recovery process, the first step involves carrying out an inventory
of all the authorized network devices to give the team a baseline of all authorized systems
under their control. This will help to identify the systems that are impacted by an event and
those that are not affected. The network must be scanned at this stage to identify rogue
devices and access points as well as the unauthorized wireless access points. An inventory
of authorized and unauthorized software must also be taken. This gives the team inventory
of software, their versions and state of each software that has been installed on each device.

Secure Configurations for Hardware and Software: Configurations must be secured on
software and hardware components of the network such as mobile devices, laptops,
workstations and servers. This allows all authorized systems to be configured according
to approved standards and to be monitored to allow changes to those configurations.

Installation of prevention hardware and software: This involves installing prevention
software and hardware such as firewalls, intrusion detection and systems (IDS), anti-virus
software, and intrusion prevention systems.
Recovery paths after being attacked by a ransomware attack involves several steps:

First, the infected machines or devices has to be disconnected from the network. This
could be due to the fact the ransomware may spread or may be dormant on other devices.
Disconnection all devices from the network will be the main network will stop the
malware from spreading.

The next step will be to identify the type of ransomware and report it to the authorities.
The team must provide law enforcement with a better understanding of the threat,
BUSINESS CONTINUITY PLAN
9
justification for a ransomware investigation and contribute relevant information to
ongoing ransomware cases.

The team must take a decision on how to handle the ransomware. It can decide to either
pay the ransom, which is not the best option, remove the malware or wipe the entire
system and reinstall from scratch. Paying the ransom is not the best option because it will
invite further ransomware and make the network vulnerable.

Determine the point of entry by assessing the damage caused. Determining the extent of
damage will decide which back ups are to be used. An alternative option in the case
where there are no back ups is to recover encrypted data.
Incident Response
While the team’s Business Continuity Plan recovers operations of the team, the Incident
Response manages the incident when it happens. The team’s incident response plan or
contingency plan establishes procedures to address cyber-attacks such as malware attacks,
ransomware attacks or DDoS attacks against the team’s information and communication
systems. It goes through the various phases which are preparation, identification, containment,
eradication, recovery, and lessons learned. The IR will include the IR team members with their
various roles and responsibilities. It involves the Chief Information Officer (CIO), the Help Desk
Manager and the FVEY USA Team members. The IR respond must be tailored to suit response
activities when attacks such as DDoS and ransomware occurs and detail defined responsibilities
and IR response flow for all team members. The IR document can then be attached to the BCP as
an appendix. Below is a diagram indicating communication flow among IT Team members.
BUSINESS CONTINUITY PLAN
10
Incident Response Flow Diagram
Incident Response Plan
FVEYTeam
Team
FVEY
Identification, Detection, analysis
Incident Detection
Submit Incident
Report
Notify CIO
Mitigation
Conduct/ Confirm
Mitigation
Closure
Incident Closure

FVEYTeam
Team
FVEY
Governance
Governance
Team
Team
Chief
Chief
Information
Information
Officer
Officer
Yes
No
Receive Incident
Notification
Require more
info?
Analysis and
Verification
Categorise and
Classify incident
Data
Exposure
No
Coordinate
Mitigation
requirements
Yes
Receive Report
from CIO
Activate
Response
Team?
No
Inform of actions
needed to satisfy
national and
international
requirements
Determine
Compliance
requirements
Yes
Incident Closure
Activate the
response team
Review incident
Report and
continue
Investigation
Cordinate internalexternal
communication
with governance
team and CIO
Develop
Containment,
eradication and
Recovery
strategies
Relate and monitor
mitigation
requirements
Confirm
mitigation
BUSINESS CONTINUITY PLAN
11
Reference
Bauer, R. (2019, April 18). Complete Guide to Ransomware: How to Recover and Prevent an
Attack. Retrieved from https://www.backblaze.com/blog/complete-guide-ransomware/
Carnaghan, I. (2015, October 25). Operating Systems Security: Protection Measures Analysis Ian Carnaghan. Retrieved from https://www.carnaghan.com/operating-systems-securityprotection-measures-analysis/
Chemuturi, M. (2009). Software estimation best practices, tools & techniques: A complete guide
for software project estimators. Fort Lauderdale, Fla: J. Ross Pub.
Davis, B. (2013). Agile practices for waterfall projects: Shifting processes for competitive
advantage. Plantation, FL: J. Ross Pub.
Leffingwell, D. (2011). Agile software requirements: Lean requirements practices for teams,
programs, and the enterprise. Upper Saddle River, N.J: Addison-Wesley.
Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010, May). Contingency
Plan Guide for Federal Information Systems. Retrieved from
https://content.umuc.edu/file/ee31537c-cf00-40b5-ba6013b5973b95a7/1/ContingencyPlanningGuideforFederalSystems.pdf
Ouyang, A. (2004). CISSP Common Body of Knowledge: Business Continuity & Disaster
Recovery Planning Domain. Retrieved from https://content.umuc.edu/file/6aa8bfb87053-4fed-94f62547e454c501/1/web/viewer.html?file=https://content.umuc.edu/file/942c8321-01894340-8592-f74342df23da/1/DisasterRecoveryStrategy.pdf
UMUC. (n.d.). Operating Systems. Retrieved from https://content.umuc.edu/file/6aa8bfb87053-4fed-94f6-
BUSINESS CONTINUITY PLAN
2547e454c501/1/web/viewer.html?file=https://content.umuc.edu/file/dcbad591-0ff8492a-af64-2db84d5f705e/1/UnderstandingSoftwareAPrimerforManagers.pdf
12
SITREP #1
Group 1 United States/ Federal Government
Ivy Anane-Agyei, Mustafa Almahdawi, Brandon Apolito, Veronica Daily, Mary Dolling
CYB 670
November 11th, 2019
University of Maryland Global Campus
SITREP #
Situational Report
2
Security Incident Report / SITREP #2017-Month-Report#
Incident Detector’s Information
Date/Time of
Report
First Name
Last Name
OPDIV
Title/Position
Work Email
Address
Contact Phone
Numbers
Initial Report Filed
With (Name,
Organization)
Start Date/Time
Incident Location
Incident Point of
Contact (if
different than
above)
Priority
Possible Violation
of ISO/IEC
27002:2013
th
November 5 , 2019 8:58pm
Veronica
Daily
Cybersecurity and Infrastructure Security Agency
US Cyber Security Specialist
V.daily@CISA.gov
Government
Government
Pager
Work
Mobile
Irrelevant form Other
(386)366-4084
(202)324of
4558
Communication
Reported Incident Information
Chief Information Security Officer (CISO) of the Cybersecurity and
Infrastructure Security Agency/ United States
November 5th, 2019 7:30am
Global Economic Summit/ London, United Kingdom
n/a
Level 1
Yes: violation of information security obligations, information security in
supplier relationships,
2002 Homeland Security Act, which included the Federal Information
Security Management Act (FISMA)/ National Cybersecurity Protection
Advancement Act of 2015
Privacy
Information – ISO
27000 (Country
Privacy Act Law)
Incident Type
US-CERT
Category
CERT Submission
Number, where it
exists
Description
The incident was a violation of ISO 27000; the initial targets did suffer
adverse effects. In this case it held up the Global economic summit meeting
for hours, affecting all of the countries in attendances (All computers suffered
from the ransomware attack). The violation was intentional, to our
knowledge no information was used maliciously.
Alteration or destruction of information
Ransomware attack
CISA’s National Cybersecurity and Communications Integration Center’s
(NCCIC)
The ransomware attack occurred due to an employee (HR Benefits
Coordinator) following an unusual set of instructions while opening a
standard encrypted text file. The email had a Microsoft Excel document
atta …
Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more