Risk Management week 7
PURPOSE OF ASSIGNMENT
One unique characteristic of this course is that we’ll bring Cyber IT Risk management ecosystems to life by studying a set of concrete case studies, based on real-world vulnerabilities and threats that organizations face worldwide. This is really the learning part, and I hope you’ll enjoy diving deep into the research and understand more deeply how these vulnerabilities and threats impact the Organization and produce Risk.
Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
So, to make the topics in our class concrete, we use four case studies (each one week long) to investigate concrete cyber vulnerabilities and threats that have impacted the Confidentiality, Integrity and Availability of Internet-facing e-commerce, gaming/entertainment, social media/blogging web sites.
ASSIGNMENT INSTRUCTIONS
For the third case study, we will focus on the impacts that DDoS attacks have on the Availability of Internet-facing e-commerce, gaming/entertainment, social media/blogging web sites. You will research one of the following “Distributed Denial of Service or DDoS” significant cyber events that have occurred within the last ten years.
1) Iran Tied to DDoS Attacks Against U.S. Banks. 2016. (
https://www.fbi.gov/news/stories/iranians-charged-with-hacking-us-financial-sector (Links to an external site.)
Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
)
2) Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington), and Dalton Norman (21-year-old from Louisiana) – who plead guilty to creating and distributing the Mirai Botnet. Several attacks peaked at more than 600 gigabits per second, and the attack against infrastructure provider Dyn in October 2016 exceeded one terabit per second. (
https://www.justice.gov/opa/pr/justice-department-announces-charges-and-guilty-pleas-three-computer-crime-cases-involving (Links to an external site.)
)
3) DDoS attack against GitHub in 2018 exceeded 1.35 terabits per second. (
https://www.wired.com/story/github-ddos-memcached/ (Links to an external site.)
)
4) NETSCOUT Arbor Confirms 1.7 Tbps DDOS Attack – memcached reflection/amplification attack. (
https://www.netscout.com/blog/asert/memcached-reflectionamplification-description-and-ddos-attack (Links to an external site.)
)
This assignment will be broken down into several parts to maximize learning. The first part is to understand the “Victim” that was impacted by the DDoS Attack.
Write a minimum 1200-word (not counting the title page) case study report document in the format mandated in the UCOL Style Guide (see the link to the guide document in the lower part of the course home page) with these four sections:
1.
Describe the background, history, organizational and leadership culture and risk appetite of the victim that was targeted. Did the Organizational Leadership communicate and demonstrate their cyber risk tolerance, appetite and influence the culture of the organization? Did the victim do anything to “provoke” the attack?
1. Identify the victim’s security policies, procedures, technical security measures and relationship with their Internet Service/Hosting Service Providers that were in place to prevent or immediately respond to the DDoS threat from impacting them.
1. Identify the motivation(s) of the Threat Agent. How was the Threat Agent identified?
1. Using the publicly known cyber vulnerability reporting systems and the MITRE ATT&CK framework, map out the DDoS attack Tactics, Techniques, and Procedures (TTPs) used by the Threat Agent. Reflect on why and how the Threat Agent was effective in attacking the Internet-facing e-commerce, gaming/entertainment, social media/blogging web sites.
1. Describe the response to the DDoS Attack – what was done to identify, assess, respond, and mitigate the attack? What information was used to make this decision? What role did the ISP/hosting service provider have in responding to and mitigating the attack? What were the lessons learned in responding to this attack? Where there any consequences to the Threat Actor or other considerations?
1. Build a Cyber Risk Register for a DDoS Attack against the Internet-facing e-commerce, gaming/entertainment, social media/blogging web sites. Include three different possible scenarios/events that could occur. Use the elements described on pages 82-83 of the CRISC All In One book.
1. Create a DDoS Cyber Threat Incident Response Plan Annex. Identify specific “DDoS” policies, procedures, technical security controls, executive management roles and responsibilities, decisions, checklists, communications plans (internal, external), legal considerations, external support, ISP/Web Hosting services engagement requirements, business continuity, and disaster response considerations.
Pro Tip: Look at the rubric for this assignment to best understand the assignment expectations in detail.
FORMATTING AND STYLE REQUIREMENTS
1. Submissions should be between 1000 words and 1200 words in length.
1. Refer to the
UCOL Format and Style Requirements (Links to an external site.)
on the Course Homepage, and be sure to cite your sources using Turabian Author-Date style citations properly.
1.
1.
1.
1.
Rubric
ICT-4215 Case Study Rubric
|
ICT-4215 Case Study Rubric
|
|
Criteria
|
Ratings
|
Pts
|
|
This criterion is linked to a Learning OutcomeContent
|
2
5.0 pts
Excellent
Balanced presentation of relevant and legitimate information that clearly supports a central purpose or argument and shows critical thought and in-depth analysis of a significant topic. Results are based on findings. Conclusions reflect complete understanding of results. Reader gains important insights. Creativity is demonstrated where appropriate
16.3 pts
Meets Requirement
Information provides reasonable support for a central purpose or argument and displays evidence of a basic critical thinking and analysis of a significant topic. Results are not completely based on evidence. Conclusions are not completely related to results. Reader gains some insights. Creativity is minimally demonstrated
14.08 pts
Needs Work
Information supports a central purpose or argument at times. Findings are basic or general. Reader gains few insights and results appear muddled. Results and conclusions do not relate to evidence. Little creativity is present.
0.0 pts
Unsatisfactory
purpose support or argument is not clearly identified. Analysis is vague, not evident or biased. Reader is confused or may be misinformed due to poor results from findings. Inaccurate or incomplete conclusions. Does not demonstrate creative thought
|
25.0 pts
|
|
This criterion is linked to a Learning OutcomeOrganization
|
15.0 pts
Excellent
The ideas are arranged logically to support the purpose or argument. They flow smoothly from one to another and are clearly linked to each other. The reader can follow the line of reasoning. Every section, paragraph, sentence, and word of the paper supports the thesis of the project
11.85 pts
Meets Requirement
The ideas are arranged logically to support the central purpose or argument. They are usually clearly linked to each other. For the most part, the reader can follow the line of reasoning. Every section and the majority of paragraphs, sentences, and words support the thesis of the paper.
8.89 pts
Needs Work
In general, the writing is arranged logically, although occasionally ideas fail to make sense together. The reader is fairly clear about what writer intends. Every section, majority of paragraphs, sentences, and words support the thesis
0.0 pts
Unsatisfactory
The writing is not logically organized. Frequently, ideas fail to make sense together. The reader cannot identify a clear line of reasoning and loses interest
|
15.0 pts
|
|
This criterion is linked to a Learning OutcomeProject Assignment Requirements
|
10.0 pts
Excellent
Assignment is complete.
8.15 pts
Meets Requirement
Assignment is partially complete and majority of instructions followed.
5.93 pts
Needs Work
Assignment is missing key elements
0.0 pts
Unsatisfactory
Assignment is incomplete and instructions not followed.
|
|
|
|
10.0 pts
|
|
This criterion is linked to a Learning OutcomePurpose
|
10.0 pts
Excellent
: The writer’s central purpose or argument is readily apparent to the reader
8.15 pts
Meets Requirement
The writing has a clear purpose or argument, but sometimes digresses
5.93 pts
Needs Work
The central purpose or argument is not consistently clear throughout the paper
0.0 pts
Unsatisfactory
The purpose or argument is generally unclear.
|
10.0 pts
|
This criterion is linked to a Learning OutcomeQuality of References
|
10.0 pts
Excellent
References are primarily peerreviewed professional journals or other scholarly sources (e.g., government documents, white papers, respected industry sources, etc.). The reader is confident that the information and ideas are based on sound decision making and knowledge utilization. Reference bias is mitigated.
8.15 pts
Meets Requirement
Although most of the references are professionally legitimate, a few are questionable (e.g., trade books, internet sources, popular magazines, …). The reader is uncertain of the reliability of some sources, use of knowledge is slightly confusing. Decision making skills could be questioned. Bias of reference is recognized
5.93 pts
Needs Work
Most of the references are from sources that are not peer-reviewed or industry vetted and have uncertain reliability, demonstrates little understanding of knowledge utilization. The reader doubts the accuracy of much of the material presented or reference material is quite biased. Decision making skills are not demonstrated effectively.
0.0 pts
Unsatisfactory
There are virtually no sources that are professionally reliable. The reader seriously doubts the value of the material and stops reading. Personal and reference bias is obvious.
|
10.0 pts
|
This criterion is linked to a Learning OutcomeWriting
|
10.0 pts
Excellent
Sentences are clear, wellphrased and varied in length and structure. They flow smoothly from one to another. Flow continues from one paragraph to the next and from section to section. Demonstrates effective communication
8.15 pts
Meets Requirement
Sentences are wellphrased and there is some variety in length and structure. The flow from sentence to sentence, paragraph to paragraph and section to section is generally smooth. Effective communication is generally demonstrated
5.93 pts
Needs Work
Some sentences are awkwardly constructed so that the reader is occasionally distracted. The fluency of sentences, paragraphs and sections is disruptive. Effective communication skills are not readily apparent
0.0 pts
Unsatisfactory
Errors in sentence structure are frequent enough to be a major distraction to the reader. Communication is not effective.
|
10.0 pts
|
This criterion is linked to a Learning OutcomeGrammar, Spelling, Writing, Mechanics (punctuation, italics, capitalization, etc.)
|
5.0 pts
Excellent
The writing is free or almost free of errors. Shows evidence of proofreading.
3.7 pts
Meets Requirement
There are occasional errors, but they don’t represent a major distraction or obscure meaning. Not thoroughly proofread.
2.22 pts
Needs Work
The writing has many errors, and the reader is distracted by them. Minimal proofreading is evident.
0.0 pts
Unsatisfactory
There are so many errors that meaning is obscured. The reader is confused and stops reading. Lack of evidence of proofreading.
|
|
|
|
5.0 pts
|
|
This criterion is linked to a Learning OutcomeTone
|
5.0 pts
Excellent
The tone is consistently professional and appropriate for an academic research paper. The writing is compelling. It hooks the reader and sustains interest throughout. Demonstration of fully empowered thinking about project and confidence in presented ideas.
3.7 pts
Meets Requirement
The writing is generally engaging, but has some redundancy or lacks clarity in a few sentences or paragraphs. In general, it is focused and keeps the reader’s attention. The tone is generally professional. Largely, it is appropriate for an academic research paper. Tone uses active voice when appropriate
2.22 pts
Needs Work
The writing is dull and unengaging. Though the paper has some interesting parts, the reader finds it difficult to maintain interest. The tone is not consistently professional or appropriate for an academic research paper. Little confidence in presented ideas.
0.0 pts
Unsatisfactory
The writing has little personality. The reader quickly loses interest and stops reading. The tone is unprofessional or overly casual. It is not appropriate for an academic research paper.
|
5.0 pts
|
This criterion is linked to a Learning OutcomeUse of References and Sources
|
5.0 pts
Excellent
Compelling evidence from professionally legitimate sources support claims. Attribution is clear and fairly represented. No plagiarism is evident. Documentation style is followed for every level of rubric.
3.7 pts
Meets Requirement
Professionally legitimate sources that support claims are generally present and attribution is, for the most part, clear and fairly represented.
2.22 pts
Needs Work
Although attributions are occasionally given, many statements seem unsubstantiated. The reader is confused about the source of information and ideas
0.0 pts
Unsatisfactory
References are seldom cited to support statements or consistently cited incorrectly. Plagiarism may be a concern. Knowledge utilization and decision making skills are not apparent.
|
5.0 pts
|
This criterion is linked to a Learning OutcomeWord Choice
|
5.0 pts
Excellent
Word choice is consistently precise and accurate.
3.7 pts
Meets Requirement
Word choice is generally good. The writer often goes beyond the generic word to find one more precise and effective
2.22 pts
Needs Work
choice is merely adequate, and the range of words is limited. Some words are used inappropriately or repetitively
0.0 pts
Unsatisfactory
Many words are used inappropriately, confusing the reader. There may be extensive and unwarranted repetition.
|
5.0 pts
|
Total Points: 100.0
|
Turn in your highest-quality paper
Get a qualified writer to help you with
“ Risk Management week 7 ”
Get high-quality paper
NEW! AI matching with writer
