Step 1: Develop a Wireless and BYOD Security Plan
In this first step, you will develop a wireless and BYOD security plan for the company.
-Use the “NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153” to provide an executive summary to answer other security concerns related to BYOD and wireless.
-Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points.
-Describe how to detect rogue access points and how they can actually connect to the network.
-Describe how to identify authorized access points within your network.
-Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.
Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section “Wireless and BYOD Security Plan.”
Step 2: Track Suspicious Behavior
You decide to track an employee’s movements by using various tools and techniques.
-How would you track the location of the company asset?
-Explain how identity theft could occur and how MAC spoofing could take place in the workplace.
-How would you protect against both identity theft and MAC spoofing?
-Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace.
-Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices.
-Are there any legal issues, problems, or concerns with your actions?
-What should be conducted before starting this investigation?
-Were your actions authorized, was the notification valid, or are there any other concerns?
Include your responses as part of the CIR with the title “Tracking Suspicious Behavior.”
Step 3: Develop a Continuous Improvement Plan
-You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks, for education purposes.
-Include the pros and cons of each type of wireless network, as well as WPA2.
-Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption.
-Is this FIPS 140-2 compliant, and if not, what is necessary to attain this?
-Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company.
Include your responses as part of the CIR with the title “Continuous Improvement Plan.”
Step 4: Develop Remote Configuration Management
Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company’s network. Then, consider the following scenario:
An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee’s device. How would you show proof that the device was removed?
Include your responses as part of the CIR with the title “Remote Configuration Management.”
Step 5: Investigate Employee Misconduct
-Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company.
-How could this network contribute to the company infrastructure and how would you protect against those threats?
-Use notional information or actual case data and discuss.
-Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented.
-From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? –
-How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding?
-How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks?
-Are these always broadcast, and if not, why not?
-How would you validate that the user is working outside of business hours?
Include your responses as part of the CIR with the title “Employee Misconduct.”
Step 6: Prepare the Cybersecurity Incident Report, Executive Briefing, and Executive Summary
You’ve completed all of the individual steps for your cybersecurity incident report. It’s time to combine the reports you completed in the previous steps into a single CIR.
The assignments for this project are as follows:
- Executive summary: This is a one-page summary at the beginning of your CIR.
- Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.
