Global Economic Summit
Start Here
Print Project
Your team has been given the responsibility of conducting a baseline analysis for establishing a secure communications network for your assigned organization at the summit. The risk assessment process for a baseline analysis requires a multidisciplinary examination of the internal and external cyber environments.
The graded assignment for Project 1 is a Cybersecurity Policy and Baseline Analysis Report, which should be a minimum of 20 pages. There are 16 steps in this project, and it should take about 17 days to complete. This project is longer in duration than others in the course because some of the work you will complete also lays the foundation for work to be completed in Projects 2, 3, and 4. Begin with Step 1, where you will complete preparatory exercises designed to familiarize you with the tools and processes to be used throughout the project.

Step 1: Complete the Preparatory Exercises

The first step in preparing your team for the summit is to individually complete preparatory lab exercises that will measure your readiness. These exercises are mandatory and will provide some basic review of the tools, techniques, and methods you will be using as you begin this cyber adventure of foreign intrigue at the Global Economic Summit.
You will perform each of the lab exercises and submit results, as well as the results of an electronic assessment, to the dropbox below. These submissions will show the CISO (your instructor) that you possess the fundamental skills for the summit. You will use what you have learned in your prior courses to prepare for your experiences within a cyber domain governed by international cyber law and policy.
Make notes of each step you take and take screenshots of all examination steps. Then, compile the screenshots into a single document and submit the proof of completion.

Step 2: Establish Team Agreement Plan

You’ve completed the preparatory exercises. Now, get started on the tasks that will lead to your final deliverable. For more information about your final deliverable, refer to the following document: Cybersecurity Policy and Baseline Analysis Report Instructions.
The first step is to create the team dynamics you and the other members will need to complete the assignments. As a part of your nation team, an agreement needs to be established in order to work efficiently. Begin by reviewing the team agreement, which includes a suggested schedule for project completion. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When your team has completed the plan, the designated team member should submit it for review by following the directions below.

Cybersecurity Policy and Baseline Analysis Report Instructions

Description of Final Deliverable

As a synthesis of all prior steps in this project, the Cybersecurity Policy and Baseline Analysis Report will integrate the following elements from this project:

• Cyber Policy Report: The culmination of your policy research, this report should provide your CISO with an understanding of the managerial, technical, and regulatory positions of the FVEY nations attending the summit. The cyber policy report comprises the following materials developed by you and your teammates throughout the project:
  • Cyber Policy Matrix: A spreadsheet or table that represents a matrix of your FVEY country’s policies and/or laws that the government has instituted to address cybersecurity management and technology, with a comparison of the other nations’ policies. International laws and regulations that deal with the acquisition, preservation, analysis, and transfer of data will also be included.
  • Transnational Legal Compliance Report: Itemized appraisal of the compliance requirements that are common among the FVEY nations.
  • International Standards Report: A review that determines which international initiative is most likely to result in cooperation from all the nations at the summit.
• Security Baseline Report: This is a comprehensive analysis of networks, tools, threats, and vulnerabilities surrounding this event. The report comprises three reports: Attribution Report, Network Security Checklist, and System Security Risk Vulnerability Assessment Report. The following materials are developed by you and your teammates throughout the project:
  • Attribution Report, in which you identify the rogue nation responsible for the breach document, detail your processes, and determine the impact to international relationships.
  • Network Security Checklist, an inventory of the network’s software and hardware components used to ensure multilevel security.
  • System Security Risk Vulnerability Report, in which you identify threats to your nation’s communication systems and the potential impact of an exploit.
• Forensic Analysis Report: The culmination of your investigative efforts, this report will document the eDiscovery process, your findings, and how they are connected to the countries involved. The Forensic Analysis Report comprises the following materials developed by you and your teammates throughout the project:
  • Chain of Custody Form, which tracks all digital evidence associated with the forensics investigation.
  • Environmental Review and Analysis, in which your team assesses the legal, environmental, and security postures of the FVEY nations.

Format of Final Report

The general format for this report:

1. Title page:This includes the title, team members’ names, program and university, and date of submission.
2. Abstract:The abstract should briefly describe the background and focus of the project, the methods, tools and techniques used in the project, a summary of results, and conclusions. The abstract should be a maximum of 250 words.
3. Table of contents
4. List of tables and figures
5. Background:This introduction should relate the background of the project, including a statement of the scenario and goals of the project. In one or two paragraphs, analyze the principles of warfare that lay the groundwork for cyber warfare theory and application.
6. Cyber Policy Report
7. Methods and techniques:This section will explain the methods, tools, and techniques used in this project so that the reader has a clear understanding and could replicate the work in future research.
8. Results:This section is a presentation of the collected information and data analysis. Relevant tables and figures should be included. All deliverables within the project should be discussed.
9. Appendices
   1. Security Baseline Report
   2. Network Security Checklist
   3. System Security Risk and Vulnerability Report
   4. Forensic Analysis Report
   5. Chain of Custody Form

Step 3: Research Your Country’s Policies

As a cybersecurity intelligence analyst assigned to your Five Eyes Alliance (FVEY) country’s team, there are several documents you will need to provide. Your team’s first responsibility will be to help other countries in attendance understand the policy framework within which your team will have to operate. Do not assume that all countries apply cybersecurity in the same way or with the same intentions.
The first order of business will be to create a spreadsheet or table that represents a Cyber Policy Matrix of your country’s policies and/or laws that the government has instituted to address cybersecurity management and technology. You may need to conduct additional research on those policies to complete the matrix. Include a cogent explanation of each item listed.
Each team member should create his or her own matrix using the cyber policy matrix template as a guide. In a later step, you will collaborate with your team members on a revision of the matrix and include it in a set of conference materials to be given to your CISO.
When you have completed the spreadsheet, move on to the next step, in which you will begin to track down who is responsible for the problematic cyber activity at the summit.

Step 4: Determine Bad Actors

Your team has learned about the differences in the cyber culture as well as the laws and regulations that exist for the nations at the summit.
In hopes of finding the source of the anomalous network activity, the host of the summit has provided your team with the IP addresses associated with the anomalous behavior.
These IP addresses are unfamiliar, and you need to find out information about them and about their source. The host of the summit has given these IP addresses to each nation’s cybersecurity team to analyze and take steps for defense and remediation of their nation team’s infrastructure. No other information is given.
As a team, you will provide an Attribution Report to the host of the summit, determining the bad actors. This two- to three-page report will be part of your Security Baseline Report.
You are familiar with ip2nation.com, and you want to examine the contents of the files, but first you want to determine the source. You need to be sure because any error can have ramifications in international diplomacy. You are also aware of AlienVault Open Threat Exchange and its capabilities for providing attribution for indicators, and additional information on adversaries.
You can use these two systems to help identify the indicator information. You and your team members will analyze the indicators and IP addresses using the systems.
Review the list of IP addresses that have been associated with the anomalous behavior.
Define what criteria you will use to confirm the attribution and determine which website serves to provide greater corroboration. Give reasons for that determination. Determine the effect on trusted relationships among the nations based on the international policy you have researched that governs the nations’ relationships with each other and with your nation team. Take your research seriously and properly cite your sources. Incorporate this information into your report.
This report will be provided by your team as part of the Security Baseline Report.
Step 5: Complete Chain of Custody Form
Each team member should complete a chain of custody form for digital evidence. That evidence from the eDiscovery process should include digital material taken from devices and media, as well from systems and hardware. This form will follow all digital evidence in this project. The chain of custody form will track dates and times, locations, and dispositions of devices that hold digital evidence.

Step 6: Prepare and Review Preliminary Conference Materials

Each team member should now have completed his or her own policy matrix and the chain of custody form. In this step, you will review your teammates’ materials and collaborate with your team to create one policy matrix and one chain of custody form for your nation.
Use the Discussion area to coordinate and collaborate with your team. Time management is crucial as your team progresses. Be fair with yourself and your team with a plan, schedule, and priorities to set you and your team up for success.
When the team has completed the revised policy matrix and chain of custody form, submit them to your CISO for feedback. Refer to your team agreement to determine who will submit the policy agreement and chain of custody form, and when it will be submitted. Also, share your materials with the other nations within the Discussion area and begin your review of the other nations’ matrices and custody forms.

Step 7: Compare International Security Policies

Now that you and the team members have viewed the conference material submission from all the countries, add a column to the policy matrix for each country represented in the conference. In this column, you and the other members of your team will compare each of their policies to those of your country.
In your comparison, be sure to address the following policy aspects of their submissions:

• security and risk management
• asset security
• communications and network security
• security engineeringpolicies
• identity and access managementpolicy
• data acquisition, preservation, analysis, and transfer

If one or more of the other countries lack a specific policy addressing any of these issues, note that in your updated report.

Step 8: Prepare the Network Security Checklist

You and the rest of the team have come to understand, using information from your research and current events, that there are different levels of sharing and collaboration between nations. There are trade and defense relationships between the nations.
The team now understands the policies that will provide data and communications governance of the network systems at the Global Economic Summit. This governance is also based on the trusted relationships between the nations and defines the access the nations will have to data, as well as the authentication mechanisms they will use in their communications with each other. The network configurations and the communications and data systems configurations will be designed to reflect these trusted relationships.
The policies your team has researched and developed will now be placed into networks, where information assurance concepts will be applied. These policies drive the security requirements of the systems being used. The risks and vulnerabilities on those systems and the security required to address those risks and vulnerabilities should also refer to the content within the cyber policy matrix.
Your team will create a two- to three-page Network Security Checklist that will include the components to be used for multilevel security communications in a multilevel trusted environment.
In your checklist, address the severity of threats from a security and risk management aspect. Remember that in previous documents you have researched policies on a global domain with regards to the relationships between nations. Those relationships have varying trust levels that translate into multilevel security in communications and information sharing, and are implemented technologically through policies for firewalls, public-key infrastructure (significance of public-key infrastructure), systems certification and accreditation, security vulnerability testing, SSL, IPSEC, and VPNs. Your network security checklist will encompass the levels of degrees of restrictions in these security components to defend against threats while allowing for communications and information sharing.
The checklist should include components of networks in software and hardware that will provide secure communications and data transmissions. Incorporate software and hardware components that could be on the network for secure data and communications transmission.
You and the other members of the team must first understand this inventory of your systems before evaluating risks and vulnerabilities. These are the steps prior to producing a baseline analysis of the network architecture of your nation team, and that of the nations you are communicating with at the Global Economic Summit.
You may research network components to include in your Network Security Checklist. This checklist will be used for the System Risk and Vulnerability Assessment and the Network Security Baseline you will compile for your nation team at the Global Economic Summit.
Your team will continue working on your checklist in the next step.

Step 9: Determine the Methodology and Create the Checklist

In this step, your team will continue to develop the security checklist. You and your team members will detail the method used to develop the checklist. While developing your checklist, you should include (but you are not limited to) the following components:

• communications and data-sharing policies and the network devices that will be used to implement these policies
• firewalls and how the rule sets will be determined
• systems certification and accreditation demonstrations as required by network administrators who are hosting the summit
• secure communications protocols
• digital authentication mechanisms—How will your nation team establish PKI systems and develop public/private key mechanisms as well as digital certificates? Will your nation team have a centralized key storage system? How else will you establish trust between the nations? You do not have to build an encrypted communications system for your nation team, but you should provide your plan for trusted communications in your Network Security Checklist.
• SSL and IPSEC protocols
• VPNs

As a team, complete the two- to three-page Network Security Checklist.
Step 10: Conduct the System Security Risk and Vulnerability Assessment
Your Network Security Checklist is ready, and in this international domain, you and your team members will now prepare to assess the networks for communication and information sharing that have built-in multilevel security, based on trusted relationships between the different nations.
You have already seen that there are some suspicious behaviors involving the nations. The modes and methods of those behaviors vary, and the attack vectors are just as diverse. The attendees at the Global Economic Summit use different technologies for communications, and a cyber intelligence analyst must demonstrate an understanding of the threats to those devices. To that end, your team will collaborate in developing a System Security Risk and Vulnerability Report.
This report refers to the Network Security Checklist and to the policies you have created and researched that define the levels and ways of communication and data transmission between the nation teams.
Now that your team has provided the foundational network and policy information for your nation communications systems, you and your team members will identify the threats, risks, and vulnerabilities to those systems. Your team will determine the effect on your nation team and the other teams if those risks and threats are exploited. Your team will provide what means should be available to address the threats from a risk management perspective.
The report, which you will continue to develop in the next step, should accomplish the following:

• List the different threats to authentication and credentials.
• Explain how social engineering can be a threat to credentials as well as the defenses against social engineering. How can social engineering be used to access email?
• Explain the concept and use of public-key infrastructure and digital signatures (significance of public-key infrastructure) and how it is used to protect access to networks, ensure nonrepudiation of transmissions, and preserve the confidentiality of information sharing.
• Describe “leapfrogging” across networks and what it means for the multiple networks. What is escalation in the cyberattack phase?

The material in the report can come from research of current events or from your experience.
Explain the ways you and the team members can perform remediation and mitigation against the threats you have identified. What are some of the countermeasures that can be used? Include these explanations in your System Security Risk and Vulnerability Report.
In the next step, you and team members will use these findings to write a system security risk and vulnerability assessment report.
Step 11: Write the System Security Risk and Vulnerability Report
You and your team members have gathered the information required for a two- to three-page System Security Risk and Vulnerability Report. Include the attack vectors to the nation system in the report. This report should comply with information assurance standards, practices, and procedures covered in the policies outlined in the policy matrix. This collected information is that needed in the baseline of your system and should be used to provide a security baseline report.

Step 12: Analyze the Security Baseline of the Global Economic Summit

Take Note

This step includes a mandatory lab exercise. The teams should work together on the exercise, relying on each other’s expertise in the subject area of the exercise. Include the results in your team’s Security Baseline Report.
Your team’s analysis of the policy matrix will allow team members to create an overview of the methods used to provide a Security Baseline Report of the organization and the need for evolving summit communications.
Your team’s baseline analysis should also include an evaluation of network forensics information such as traffic analysis and intrusion analysis, as well as the type of information needed for any future forensics investigations. The team’s evaluation of information needs for network forensics could include what is needed to support security software and hardware across multiple platforms, multiple applications, and multiple architectures to communicate with the other nations. All teams will do this by using security baseline tools to build an audit file and then scan their systems. The systems should be hardened based on the policies, procedures, and standards to ensure desired levels of enterprise-wide information assurance requirements developed by the Global Economic Summit.
In the Security Baseline Report, which also includes the Attribution Report, Network Security Checklist, and the System Security Risk and Vulnerabilities Report, your team will use scanning and auditing functions to determine the baseline security posture of your nation team system and those of the other nation teams.
As you perform your baseline, address the following tasks:

• Define the components you are searching for in this baseline determination and what you would do in light of possible disasters.
• Include the systems-level diagram of how your nation team is configured, which can be obtained from your lab documentation.
• How would you recover information assets, and how would you ensure integrity of data if such a situation were to take place?
• What are the steps to producing the scan and audit report? What are the communication ports to be used or closed during operation during the Global Economic Summit?
• How will you maintain a baseline of registers and images of data? How would you ensure integrity of these components over time?
• What are different ways to implement security controls to a system after the security posture has been defined, in order to meet the policy requirements?
• What are the missing security configurations or security updates, if any? Report on how these should be addressed to fortify the security posture of the nation system.
• In your scanning, can you determine if there are missing security updates on target computers based on your access? If so, what were they, and what tool did you use for this scan? Is there security from/to the IP network to/from the PSTN caller? You will be given decryption information, and then you will determine what are the data types in transit. Identify if these are image files, or document files, and anything else.

Your team will provide all artifacts from the baseline scanning exercise and refer to them in the security baseline analysis report.
Additionally, you should assess (compare) security issues during the scans and provide issues created by social engineering. You should cover the following testing while implementing network infrastructure contingency and recovery plans in your comparison:

• damage assessments
• types of vulnerabilities and associated attacks
• distributed computing model
• information assurance (IA) principles
• digital certificates
• digital signatures (significance of public-key infrastructure)

These will be provided in the Security Baseline Report. Remember to discuss your findings with your team members while you take part in the lab.

Step 13: Analyze the International Domain

In the previous step, you developed the security baseline report. In this step, your team will analyze the legal and regulatory aspects of the summit.
The Global Economic Summit will encompass a mix of attack vectors, forensic laws and regulations, the international law of cyber warfare (cyber offensives/warfare) and ethics as you have researched and provided in this project. It is your responsibility to report clear, accurate, and honest research. The mobility of devices and data further complicates the tracking and analysis of international incidents. In the field of digital forensics, you use tools and techniques, such as visual analysis, to look at geospatial information and connectivity hops for tracking mobile devices.
Mobile data, including storage in the cloud (i.e., cloud computing), presents even more robust challenges to the investigator. Considerations include incorporating international jurisdictional issues as well as whether all the data can be recovered, even when it can be accessed.
Using the policy matrix created in previous steps, you and your team members will complete a Digital Forensic Environment Review and Analysis of the international laws and regulations that deal with data acquisition, preservation, analysis, and transfer. This environment review and analysis is the Forensic Analysis Report for this project and will be submitted with the International Standards Report.
From the environment review and analysis, what artifacts (digital certificates, for example) do you see and keep track from the network traffic, and how does this information inform you of the security posture of the communications and information-sharing networks?
Your team should now have enough information to create a comprehensive report demonstrating the legal and environmental position of each country involved. There are standards that each country, as a member of the international community of nations, will have included in its laws and regulations.
Your environment review should be three to five pages in length. Your team will submit this review with your Transnational Legal Compliance report, which you will complete in the next step.
This environment review and analysis is the Forensic Analysis Report for this project and will be submitted with the International Standards Report.
Submit the Digital Forensic Environment Review and Analysis for instructor feedback. Note: This review and analysis is part of the final graded deliverable.
Step 14: Compare Nations’ Regulations
Based on the policy matrix and the environmental review and analysis you developed in previous steps, the team should provide a two- to three-page Transnational Legal Compliance Report itemizing all the compliance requirements that overlap or are similar among all the nations on the cybersecurity task force for the conference. Include a short analysis on how these requirements are consistent (or not) with the Tallinn Manual 2.0 on the International Law Applicable to the Conduct of Cyber Operations.
Then, proceed to the next step in the project to identify the critical or key international standards determined in previous steps.

Step 15: Review Key International Initiatives

Now that you have looked at the regulations used by the other nations, in this step you will consider international initiatives that foster cooperation with each other.
Among the items identified in the Transnational Legal Compliance Report and the policy matrix from the previous steps are certain international initiatives that each country has undertaken to demonstrate cooperation and compliance with other nations.
From the information you have gathered and what you have learned in previous courses, determine as a team which of these initiatives provides the best opportunity for cooperation among all the delegates at the conference.
Your team should develop a two- to three-page International Standards Report. State your sources and support your recommendations with the facts that have been gathered.

Step 16: Compile the Cybersecurity Policy and Baseline Analysis Report

As a team, you will work together to create a Cybersecurity Policy and Baseline Analysis Report. This report will address the current cyber disposition of legal standing for the Five Eyes (FVEY) country you represent regarding international cyber relations. This final report will be a minimum of 20 pages in length and meet APA standards for writing. Refer to the Cybersecurity Policy and Baseline Analysis Report Instructions for further details of what to include and the general format of the report. Submit your Cybersecurity Policy and Baseline Analysis Report for assessment.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.