Computer Forensics Group Project/Assignment
Assignment: Before you get hired and joined this Cybersecurity consultancy firm, you
have been told that the company went through various cyber-attacks, and they do not
have a well-established Forensics and or cybersecurity team to investigate post and/or
pre-attack scenarios. The company have had a global presence and upon hire, you met
and held recurrent meetings with the company Chief Information Officer (CIO) and Chief
Technology Officer (CTO). Finally, you all agreed upon the fact that the organizations do
not have a well-established Risk Management Framework as well as a Forensics Unit. So,
you are tasked to develop a comprehensive risk management strategy for the
enterprise/company. This company was established in March 2020 (literally during the
outbreak of the COVID pandemic).
You may consider the following attributes as your basis for the development of your
strategies.
It’s a Cybersecurity consultancy firm and have had offices in Tokyo, Tallinn,
and Cape Town – with the headquarter in Richmond, VA.
The firm started its operation in March 2020 (during the COVID outbreak)
2000+ employees
Users in Tokyo and Tallinn are authenticated through a domain controller
hosted on-premise in their respective data center (which is on the same
building), whereas users in Cape Town and Richmond are authenticated to
Microsoft Azure Active Directory (AD) infrastructure hosted in Microsoft’s
Azure cloud.
They do not have any Forensics unit at all
Employees who work in the Headquarter use non-secure File Transfer
Protocol to upload/send data with users at the branch office
Most employees have Admin access to the company social media sites and
can post company updates (Facebook, Instagram, Pinterest, Twitter, LinkedIn,
Users in Tokyo, Tallinn, and Cape Town are using on-premise exchange server
for email management as opposed to Microsoft O356 – as in the case with
Richmond users’
80% of employees have little awareness on Cyber security and its associated
risks
The organization do not have any threat model or methodologies to follow.
Threat model examples are MITRE’s ATT&CK, Lockheed Martin Cyber Kill
Chain)
They do not have different IT teams and creating of an IT team with different
responsibilities is required
Splunk Free is the Security information and event management (SIEM)
software which all locations use.
Each location has their own Configuration Control Board (CCB) and there is no
centralized repository to track hardware/software inventory.
Neither vulnerability management, nor incident response plan is formulated.
The Help Desk is in Richmond so that all users from Tallinn, Tokyo, and Cape
Town has to contact them for their technical issues. At times, when there is an
outage on their corporate email platform (outlook), they communicate with
Help Desk team in Richmond through public email domains, e.g., Gmail, Yahoo
Mail.
GOAL: Develop a comprehensive risk management strategy so as to implement defensein-depth in all locations. Provide a fictitious name to your project. Feel free to add
different attributes which you deem is necessary to beef-up the overall security posture
of the enterprise in question – as part of your risk management strategy.
RULES:
1. Your strategy/plan must be attainable and yet realistic
SUBMISSION: Word/PowerPoint/Video or Other means which includes:
Introduction
Outlines your strategy/plan
Identifies actual and potential issues/risks
Discusses the severity level of the risks
Mitigation/remediation strategies
Conclusion
FINAL THOUGHTS:
Be innovative and ensure your plan is executable.
NOTE: All group members are expected to present their research work on
Week 10 (Around March 25th time frame)