Computer Science Homework Help

Project 4-The Cybersecurity Threat Landscape Assignment

Scenario

“Thanks to all of your efforts, we have significantly increased our reach, accessibility, and presence on the web,” says Eliza, your CTO.

“But,” she adds, “this also increases the chance that our company will be a target for hackers and online attacks. If we are going to move forward, we need to anticipate those problems before they happen. In particular, we are especially worried about advanced persistent threats (APTs). I’m looking for as many ways to ward these off as possible, so I’m setting up teams to assess how APTs have operated, what they will look like in the near future, and what countermeasures we can implement against them.”

“I want this on my desk in two weeks.”

The Cybersecurity Threat Landscape Team Assignment Instructions

Advanced persistent threats (APTs) have been thrust into the spotlight due to their advanced tactics, techniques, procedures, and tools. These APTs are resourced unlike other types of cyber threat actors.

Your chief technology officer (CTO) has formed teams to each develop a detailed analysis and presentation of a specific APT (Attached see APT32), which she will assign to the team.

Your team’s report should use the Cybersecurity Threat Landscape Team Assignment Template (Attached) to cover the following six areas:

Part 1: Threat Landscape Analysis

• Provide a detailed analysis of the threat landscape today.
• What has changed in the past few years?
• Describe common tactics, techniques, and procedures to include threat actor types.
• What are the exploit vectors and vulnerabilities threat actors are predicted to take advantage of?

Part 2: APT Analysis

• Provide a detailed analysis and description of the APT your group was assigned. Describe the specific tactics used to gain access to the target(s).
• Describe the tools used. Describe what the objective of the APT was/is. Was it successful?

Part 3: Cybersecurity Tools, Tactics, and Procedures

• Describe current hardware- and software-based cybersecurity tools, tactics, and procedures.
• Consider the hardware and software solutions deployed today in the context of defense-in-depth.
• Elaborate on why these devices are not successful against the APTs.

Part 4: Machine Learning and Data Analytics

• Describe the concepts of machine learning and data analytics and how applying them to cybersecurity will evolve the field.
• Are there companies providing innovative defensive cybersecurity measures based on these technologies? If so, what are they? Would you recommend any of these to the CTO?

Part 5: Using Machine Learning and Data Analytics to Prevent APT

• Describe how machine learning and data analytics could have detected and/or prevented the APT you analyzed had the victim organization deployed these technologies at the time of the event. Be specific.

Part 6: Ethics in Cybersecurity. Ethical issues are at the core of what we do as cybersecurity professionals. Think of the example of a cyber defender working in a hospital. They are charged with securing the network, medical devices, and protecting sensitive personal health information from unauthorized disclosure. They are not only protecting patient privacy but their health and perhaps even their lives. Confidentiality, Integrity, Availability – the C-I-A triad – and many other cybersecurity practices are increasingly at play in protecting citizens in all walks of life and in all sectors. Thus, acting in an ethical manner, is one of the hallmarks of a cybersecurity professional.

• Do you think the vulnerability(ies) exploited by the APT consitute an ethical failure by the defender? Why or why not?
• For the APT scenario your group studied, were there identifiable harms to privacy or property? How are these harms linked to C-I-A? If not, what ethically significant harms could result from the scenario your group researched?
• For the APT scenario your group studied, when the targeted organization idenitified in the breach were they transparent in their disclosure? Do you feel the organization acted ethically?

Notes

• Use additional sources of information but also describe the concept in layman’s terms.
• Use visuals where appropriate.
• While quality is valued over quantity, it is expected that a quality paper will result in a minimum length of 10–15 pages.
• You will be assigned an individual grade for this assignment based on your contribution to the overall project.
• We will be using APA 7th Edition for the NRP.

The following evaluation criteria aligned to the competencies will be used to grade your assignment:

1.1.3: Present ideas in a clear, logical order appropriate to the task.

2.1.3: Explain the significance of the issue or problem.

4.1.1: Establish a collaborative approach for working together as a team.

4.2.4: Prepare a finished teamwork product.

10.1.1: Identify the problem to be solved.

12.6.1: Identify the controls needed for confidentiality.

12.6.2: Identify the controls needed for integrity.

12.6.3: Identify the controls needed for availability.

12.7.2: Explain the process of analyzing IT incidents.

14.1.1: Explain how ethical principles used in the information technology industry apply to the welfare and safety of stakeholders and society.