CSEC 610 CSEC610 CSEC/610 ENTIRE COURSE HELP – ASHFORD UNIVERSITY

Project 1 Information Systems and Identity Management

Video transcript

CSEC 610 Project 1 You are a systems administrator in the IT department of a major metropolitan hospital. Your duties are to ensure the confidentiality, availability, and integrity of patient records, as well as the other files and databases used throughout the hospital. Your work affects several departments, including Human Resources, Finance, Billing, Accounting, and Scheduling. You also apply security controls on passwords for user accounts. Just before clocking out for the day, you notice something strange in the hospital’s computer system. Some person, or group, has accessed user accounts and conducted unauthorized activities. Recently, the hospital experienced intrusion into one of its patient’s billing accounts. After validating user profiles in Active Directory and matching them with user credentials, you suspect several user’s passwords have been compromised to gain access to the hospital’s computer network. You schedule an emergency meeting with the director of IT and the hospital board. In light of this security breach, they ask you to examine the security posture of the hospital’s information systems infrastructure and implement defense techniques. This must be done quickly, your director says. The hospital board is less knowledgeable about information system security. The board makes it clear that it has a limited cybersecurity budget. However, if you can make a strong case to the board, it is likely that they will increase your budget and implement your recommended tool company¬wide. You will share your findings on the hospital’s security posture. Your findings will be brought to the director of IT in a technical report. You will also provide a non¬technical assessment of the overall identity management system of the hospital and define practices to restrict and permit access to information. You will share this assessment with the hospital board in the form of a narrated slide show presentation. You know that identity management will increase the security of the overall information system’s infrastructure for the hospital. You also know that, with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to those stakeholders.

Daily life requires us to have access to a lot of information, and information systems help us access that information. Desktop computers, laptops, and mobile devices keep us connected to the information we need through processes that work via hardware and software components. Information systems infrastructure makes this possible. However, our easy access to communication and information also creates security and privacy risks. Laws, regulations, policies, and guidelines exist to protect information and information owners. Cybersecurity ensures the confidentiality, integrity, and availability of the information. Identity management is a fundamental practice. Part of identity management is the governance of access, authorization, and authentication of users to information systems, Identity management is one part of a layered security defense strategy within the information systems infrastructure. Your work in this project will enable you to produce a technical report and nontechnical presentation that addresses these requirements.

There are five steps that will help you create your final deliverables. The deliverables for this project are as follows:

1. Nontechnical presentation: This is an 8-10 slide PowerPoint presentation for business executives and board members.

2. Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.

3. Executive summary: This should be a 2-3 page double-spaced Word document.

4. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.

• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.

• 6.2: Creating a roadmap for organizations to use in development of an Identity Access Management program (to address gaps in their current offerings).

• Step 1: Defining the Information System Infrastructure

Select a hospital or healthcare organization to research. You may choose an organization you are familiar with or can readily obtain information about. To maintain confidentiality, you do not need to mention the name of the organization. You may also choose a hypothetical/fictitious healthcare organization.

Others have researched several healthcare organizations, which have suffered major security breaches, extensively.

1. Describe the organization and structure including the different business units and their functions. You may use an organizational chart to provide this information.

2. Choose one or more mission-critical systems of the healthcare organization. Define the information protection needs for the organization’s mission-critical protected health information (PHI). This information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organizational information needs.

3. Define the workflows and processes for the high-level information systems that you have just identified that will store PHI. Workflows and processes for healthcare organizations define how the organization gets its work done. They describe the movement of patient information to the business units that have needs to process and manage that information, from billing to physician care. All these organizations have hardware and software implementations of their information systems, and it is critical to understand these components, and how they are connected (known as their topology), so the appropriate protections can be applied. Your research may produce instances and examples of how an information system is connected, to include cybersecurity components like firewalls, in the information system and network diagram. Be sure you understand the benefits and weaknesses for the different network topologies.

You may incorporate what you find in your research, in your definition for workflows and processes for the high-level information systems and provide explanation of how that topology fulfills the mission for the health care organization. Your definition should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources. They will help you construct your definition.

o Information systems hardware

o Information systems software

You may supply this information as a diagram with inputs, outputs, and technologies identified. Consider how you might restrict access and protect billing and PHI information.

4. The links shown below provide access to essential information you’ll need to complete this part of the hospital’s information system infrastructure definition. Click each link, review its resources, and refer to them as you compose this part of the definition.

o Open Systems Interconnections (OSI) Model

o TCP/IP protocols

o network protocols

You will include these definitions in your report.

Step 2: Threats

Now that you have defined the hospital’s information system infrastructure, you will have to understand what are the threats to those systems and describe the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access.

To complete this section of the report, you’ll brush up on your knowledge of threats by reading the following resources: web security issues, insider threats, intrusion motives/hacker psychology, and CIA triad. Take what you learned from these resources to convey the threats to the hospital’s information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your hospital data processing systems. Relate these threats to the vulnerabilities in the CIA triad.

This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control.  Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Review the content of the following resources.  As you’re reading, take any notes you think will help you develop your description.

1. Authorization

2. Access control

3. Passwords

4. Multi-factor authentication

Next, expand upon your description.  Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multi-factor authentication.

You will include this information in your report.

Step 3: Password Cracking Tools

You have successfully examined the threats to a healthcare organization’s information systems infrastructure. Now, you must begin your research into password cracking software. Do some quick independent research on password cracking as it applies to your organization.

You can click on this link to find the instructions for Navigating the Workspace and the Lab Setup.

Enter Workspace and complete the lab activities outlined in the Project 1 Workspace Exercise Instructions. There are additional password cracking tool resources, tutorials, and user guides to continue your familiarity with the tools.

Click here to access the Project 1 Workspace Exercise Instructions.

After completing the lab, you will have successfully tested more than one password cracking tool. Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. Compare the password cracking tools based on these characteristics, and include as part of your assessment and recommendations on the use of such tools. You will test the organization’s systems for password strength and complexity and complete validation testing. You will compare the results obtained from your first and second tool.

You have tested and made comparisons of the performance of various password cracking tools and you have the data to support your recommendations for the use of such tools.

Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. The comparison will be part of your assessment and help you make recommendations on the use of such tools. You will test the organization’s systems for password strength and complexity and complete validation testing. You will compare the results comparing the various tools.

1. Read this article about cyberattacks, perform two different types of cyberattacks in the first, and in the second tool, crack user account passwords. Describe them in simple nontechnical terms for the leadership. You can identify which tool is the most effective and why for your organization’s IT environment

2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords (each encrypted by the two hash algorithms). Show their benefits. You can make certain conclusions that help your company’s cybersecurity posture after using these methods.

3. Explain to the director of IT and the members of the board that the healthcare organization’s anti-virus software will detect password cracking tools as malware. Also explain how this impacts the effectiveness of testing security controls like password strength. Help the leadership understand the risks and benefits of using password cracking tools, through persuasive arguments in your report and presentation. If any of the tools take longer than 4-5 minutes to guess a password, record the estimated length of time the tool anticipates to guess it.

Include this information in your presentation.

Step 4: The Non-Technical Presentation

You now have the information you need to prepare your product for stakeholders. Based on the research and work you’ve completed in Workspace, you will develop two items: a technical report for the director of IT, and a nontechnical slide show presentation for the members of the board. You will tailor the language of your reports appropriately to the different audiences.

The nontechnical presentation: Your upper-level management team consists of technical and nontechnical leadership, and they are interested in the bottom line. You must help these leaders understand the identity management system vulnerabilities you discovered in password cracking and access control. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your presentation:

1. How do you present your technical findings succinctly to a non-technical audience? Your technical report for IT will span many pages; but you will probably be afforded no more than 30 minutes or 8-10 slides for your presentation and the following discussion with leadership.

2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.

3. How do your results affect business operations? Make sure you are presenting these very technical password cracking results in business terms upper-level management will understand.

4. What do you propose? Management will not only want to understand what you have discovered; they will want to know what you propose as a solution.

Step 5: The Technical Report and Executive Summary

The technical report and the nontechnical presentation will identify compromises and vulnerabilities in the information systems infrastructure of the healthcare organization, and identify risks to the organization’s data. You will propose a way to prioritize these risks and include possible remediation actions.

The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. Review the mission and organization structure of this healthcare organization. Review the roles within the organization, and recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format as part of your list of recommendations.

Provide a comparison of risk scenarios to include the following:

1. What will happen if the CIO and the leadership do nothing, and decide to accept the risks?

2. Are there possible ways the CIO can transfer the risks?

3. Are there possible ways to mitigate the risks?

4. Are there possible ways to eliminate the risks?

5. What are the projected costs to address these risks?

Provide an overall recommendation, with technical details to the director of IT.

The executive summary: In addition to your technical report, also create a nontechnical report as an executive summary.

The deliverables for this project are as follows:

1. Nontechnical presentation: This is a 8-10 slide PowerPoint presentation for business executives and board members.

2. Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.

3. Executive summary: This should be a 2-3 page double-spaced Word document.

4. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

Submit your deliverables to the assignment folder.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.

• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.

• 6.2: Creating a roadmap for organizations to use in development of an Identity Access Management program (to address gaps in their current offerings).

CYB 610 Project 2 Congratulations, you are the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector. This is a senior¬level position. You were hired two months ago based on your successful cybersecurity experience with a previous employer. Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this company’s culture, processes, and IT funding decisions, which are made by higher management. You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources. First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes. You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization. You’re also tasked with creating a non-technical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-based and Linux¬based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network. You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders

The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer’s memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer’s memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.

Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.

There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.

3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.

• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.

• 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.

Step 1: Defining the OS

The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.

Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:

• operating systems fundamentals

• the applications of the OS

• The Embedded OS

• information system architecture

• cloud computing

• web architecture

After reviewing the resources, begin drafting the OS overview to incorporate the following:

1. Explain the user’s role in an OS.

2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.

3. Describe the embedded OS.

4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture..

Include a brief definition of operating systems and information systems in your SAR.

Step 2: OS Vulnerabilities

You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying “So what?” The organization’s leaders are not well versed in operating systems and the threats and vulnerabilities in operating systems, so in your SAR, you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.

Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:

• Windows vulnerabilities

• Linux vulnerabilities

• Mac OS vulnerabilities

• SQL PL/SQL, XML and other injections

Based on what you gathered from the resources, compose the OS vulnerability section of the SAR.  Be sure to:

1. Explain Windows vulnerabilities and Linux vulnerabilities.

2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.

3. Explain the motives and methods for intrusion of the MS and Linux operating systems;

4. Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.

5. Describe how and why different corporate and government systems are targets.

6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

You will provide leadership with a brief overview of vulnerabilities in your SAR.

Step 3: Preparing for the Vulnerability Scan

You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of the organization’s operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the purpose, goals, objectives, and execution of vulnerability assessments and security updates:

• Vulnerability assessments

• Patches

 Then provide the leadership with the following:

1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.

2. Include a description of the applicable tools to be used, and the limitations of the tools and analyses, if any. Provide an explanation and reasoning of how the applicable tools to be used, you propose, will determine the existence of those vulnerabilities in the organization’s OS.

3. Include the projected findings from using these vulnerability assessment tools.

In your report, discuss the strength of passwords, any Internet Information Services’ administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities.

Step 4: Vulnerability Assessment Tools for OS and Applications

Note: You will use the tools in Workspace for this step. If you need help outside the classroom, register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.

Click here to access the instructions for Navigating the Workspace and the Lab Setup.

Enter Workspace and complete the lab activities related to operating system vulnerabilities.

Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use.

You’ve prepared for your assessment; now it’s time to perform.

Security and vulnerability assessment analysis tools, such as Microsoft Baseline Security Analyzer (MBSA) for Windows OS and OpenVAS for Linux OS, are stand-alone tools designed to provide a streamlined method for identifying common security misconfigurations and missing security updates for the operating systems and applications. These tools work on layers 5-7 of the Open System Interconnection (OSI) model.

Your leadership will want to understand the differences and commonalities in the capabilities of both tools and will want this included in the SAR.

Use the tools’ built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA):

1. Determine if Windows administrative vulnerabilities are present.

2. Determine if weak passwords are being used on Windows accounts.

3. Report which security updates are required on each individual system.

4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.

5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.

You will also complete a similar exercise for Linux OS (e.g., using the OpenVAS tool). Select the following links to learn more about OpenVAS and computer networks:

• OpenVAS

• Computer Networks

Utilize the OpenVAS tool to complete the following:

1. Determine if Linux vulnerabilities are present.

2. Determine if weak passwords are being used on Linux systems.

3. Determine which security updates are required for the Linux systems.

4. You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.

5. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment

Knowledge acquired from this Workspace exercise and capability of this tool will help your company’s client organizations secure the computer networks’ resources and protect corporate data from being stolen.

Validate and record the benefits of using these types of tools. You will include this in the SAR.

Step 5: The Security Assessment Report

By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system’s security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).

In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.

Remember to include these analyses and conclusions in the SAR deliverable:

1. After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.

2. You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.

Include your SAR in your final deliverable to leadership.

Step 6: The Presentation

Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company’s leadership.

Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these non¬technical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your non-technical presentation:

1. How do you present your technical findings succinctly to a non-technical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.

2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.

3. How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.

4. Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.

Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.

The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.

3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

Submit your deliverables to the assignment folder.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.

• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.

• 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.