CIS098-6 Cyber Defence
Submission Deadline Marks and Feedback Before 10am on: 10-09-2020 20 working days after deadline (L4, 5 and 7)
15 working days after deadline (L6)
10 working days after deadline (block delivery) 24/09/2020
Unit title & code CIS098-6 Cyber Defence Assignment number and title 2 Assignment type WR + Threat model Weighting of assignment 75% Size or length of assessment 5000 words (maximum) Unit learning outcomes 1. You are required to demonstrate critical and in-depth knowledge of cyber threat intelligence frameworks, tools and methodologies that can be utilized to mitigate and ensure resilience in an organization.
2. Flexibly and autonomously apply knowledge on real-time reputation intelligence in order to evaluate and respond to multi-faced attacks towards innovative and pragmatic solutions in Network security.
3. The report should also include a section where you elaborate in great details, how you have assembled your threat model in your chosen TM tool.
What am I required to do in this assignment? This assessment will require you to use open source intelligence frameworks, sources of information (e.g. NIST vulnerabilities database) ir order to produce a threat model for a given scenario. On the basis of the scenario and the threat model you have produced you will be required to present a report that contains the following:
1. An overview of the intelligence sources you chose to utilize and why they were chosen (500 words)
2. A fully formed threat model using an open source framework such such as OWAPs Threat Dragon. You can download a free copy of OWASP Threat Dragon from: https://owasp.org/www-project-threat-dragon/ this will work on Linux, mac and Windows. You can take screen short of your developed threat model
3. On the basis of the threat model,the intelligence and vulnerability you should provide a summary (up to 1000 words) outlining the basis of the threat model you have used, and how the sources that you collected information from helped you to develop your threat model.
4. You should outline the key threats to the systems in your chosen scenario, and present these in the form of a risk table, identifying the likelihood of the threat (high, medium, low) and the likely impact that the threat could have on the business in monetary terms (business failure, business interruption or business as usual). You should then suggest mitigation actions that should be put in place to reduce the impact of the threat (1500 words).
5. A separate section should be dedicated for the developed threat model.
You will submit a single word file containing points 1-5 above via the BREO submission link.
MoneyTransfer4U is an organization that has over fifteen years of experience providing money transfer services on the UK High Street. The organization has stores across the UK, including in London, Birmingham, Leeds, York, Liverpool, Manchester and Edinburgh.
The organization has a set of 50 UK wide stores, and they are all currently connected via a Metropolitan Area Network. Daily transactions are sent using FTP to the Headquarters in London from each of the other stores across the UK on a daily basis. Each local store also maintains a MYSQL database of daily transactions and customer details. To make things easier the IT team created a single database for each region/city, and customer details, tables, financial transaction table, staff log-on credentials and an annual financial reporting data store are all located in this single database.
In terms of transactions, customers can either vii a store in person, in which case a member of staff performs the transaction, or else customers can log-on and create an account. All they need to do is enter their personal details, bank account details and address to get started. As the organization has a small staff base of 200 across the UK, there is no verification service in house, so the transactions are set to an-off site service via email for verification before a transaction can take place.
The organization has set up Windows 10 accounts for all in-store and back-house staff. As well as this, all data is stored on physical servers installed with Windows 2012 Server. The IT has five members of staff and they have to travel across the UK to personally apply patches in each location. Given the geographical spread of stores and offices, this can only take place once a month.
As some staff want to work remotely, then a virtual image has been created and staff can log in using a standard browser.
Staff are asked to create their own passwords, but there is no official password policy in place regarding the correct formation of strong passwords. You have been employed as a consultant as over the past month they have suffered XSS attacks on their website, a major personal data breach and a Distributed Denial of Service (DDoS) attack
Possible sources of open source intelligence frameworks for Cyber Threat Intelligence and known vulnerabilities Cyber Threat Intelligence reports
National Cyber Security Centre (UK): https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports?q=&defaultTypes=report&sort=date%2Bdesc&start=0&rows=20
Threat Connect: https://threatconnect.com/free/?ads_adid=108312688988&ads_cmpid=8843566946&ads_creative=429392777942&ads_matchtype=b&ads_network=g&ads_targetid=kwd-368521182887&ttv=2
Cyber Threat Intelligence Feeds: https://logz.io/blog/open-source-threat-intelligence-feeds/
MISP Open Source Threat Intelligence Tool https://www.misp-project.org/feeds/
National Vulnerability Database: https://nvd.nist.gov/
Vulnerability Database: https://nvd.nist.gov/
Common Vulnerabilities and Exposure: https://cve.mitre.org/
Snyk vulnerability database: https://snyk.io/product/vulnerability-database/
What do I need to do to pass? (Threshold Expectations from UIF) 1. Implement, evaluate and review one or more emergent paradigms that underpin modern CTI models.
2. Investigate threat mitigations and improvements made through information consumption using a technical demonstration(s) while meeting organizational objectives
How do I produce high quality work that merits a good grade? In order to achieve a high grade you need to provide an in-depth assessment of the possible threats to MoneyTransfer2U, and to clearly explain not only the vulnerabilities, but also the ways in which positive actions can be put in place in order to better secure the systems.
You should also outline an action plan that can be put in place in order successfully implement an Information Security Action Plan.
In is important that you also document any assumptions you have made, and effectively evaluate the measures you consider for their suitability for a small organization (cost, manpower required, timelines etc.)
How does this assignment relate to what we are doing in scheduled sessions? This bring together the lecture topics relating to cyber threat intelligence, threat modelling, intrusion detection and presentation and the general concepts of cyber defense. How will my assignment be marked? Your assignment will be marked according to the threshold expectations and the criteria on the following page. You can use them to evaluate your own work and consider your grade before you submit. Pass – 40-49% Pass – 50-59% Commendation – 60-69% Distinction– 70%+ 1 Clearly identifies a set of appropriate cyber threat intelligence sources of information that can be used to inform the specific scenario. Identifies a good range of cyber threat intelligence sources and clearly explains why they have been chosen, signposting how they address the needs of the scenario Goes beyond the identification of cyber threat intelligence sources and clearly documents how these have been used in tandem with the vulnerability databases to identify the foundation of a risk management approach Excellent application of a wide variety of cyber threat intelligence feeds, cross-checked with vulnerabilities to identify a risk management approach and identify a set of mitigating measures to reduce the impact of the risks identified. 2 Outlines a basic set of mitigating technical solutions that can help protect the systems in thee given scenario Outlines a clear set of approaches (system and people-based) that can be used to protect systems and clearly explains how and why each is relevant to the chosen scenario. Detailed approach that is justified and well explained, clearly identifies the steps required for implementation and deployment and has clearly explained and justified each approach chosen with specific reference to the scenario. Professional level approach that documents each tools, uses criteria as a way of choosing the best approach, and back this up with a written outline of how and why the measures chosen will help to protect the organization