In order to fully comprehend the many aspects that factor into information forensics and risk management, you must examine a situation from the perspective of a computer forensic specialist. For the Final Project, you will be placed in a hypothetical scenario in which you must utilize all of the information gained throughout this course.
Assume that you are the head of the Information Protection Department of XYZ Corporation. While performing your regularly scheduled duties, you receive a call from the Senior Vice President of the Human Resources Department informing you that, in the past 4 days, there have been 4 occurrences of money transfer to unauthorized recipients. Given your position and your understanding of recent cyber and information security attacks, you assume that an attack of some sort is at fault for the unauthorized transfers.
During the conversation, you are given the name of the department where the fund transfers have occurred. In addition, you know the external public IP address of the system that executed the transfers. Privilege escalation, man-in-the-middle attacks, buffer overflows, and malicious code were all present during the Information Assurance Team’s initial investigation. You are given specific instruction not to engage anyone from the department where the money transfer have occurred; however, you are permitted to engage law enforcement and third party agencies if appropriate. This is to preserve any ongoing investigations and to allow the greatest opportunity to catch the suspect. An initial allocation of $100,000 has been issued to cover the costs of the investigation.
Refer to the Final Project Network Diagram. The organization fund/money transfer systems are comprised of Microsoft, Linux, and Solaris servers. The firewall prior to the Cisco core switch only allows access to necessary web effacing application ports. The Microsoft servers are responsible for authentication through directory services. Despite one firewall and some group policy, the current information system needs an overhaul (as evidenced from this incident).
The Final Project Network Diagram will be used as a point of reference in determining what is necessary to determine how this incident occurred; this includes applications, systems, human experts, and any other authority. The final plan must also identify the technology and equipment and all access and file data that is compulsory—including log files, auditing, group policies, firewall rules, and other information system elements—to determine the root cause. Upon the successful completion of the investigation plan, a subsequent plan will determine a superior information system and plan for future mitigation and prevention. This can include everything from firewall rules to policy.
Before being graded, all code, access control rules, diagrams, and/or Visio diagrams (each) must include screenshots with a valid date and piece of data that shows completion on the student’s personal computer. The Final Project must be at least 20 pages (excluding the title page, diagrams, and reference page) and it must contain at least 5 peer-reviewed sources. The Final Project must also be written in current APA format. You are encouraged to utilize Microsoft Visio or a similar application in order to provide visual aides to assist in your assessment of the situation as well as Microsoft Project. In your analysis, be sure to include the following:
- A project adhering to an industry standard methodology (such as PMBOK) to manage the Final Project completion;
- An appraisal of the situation using the knowledge gained from this course and personal experience;
- A thorough assessment of the Information Assurance Team’s initial findings;
- A performance of a forensic investigation on the matter;
- An illustration of your strategy for conducting this investigation;
- The formulation of a complete plan including: a proposed personnel structure/team, mechanisms of defense, budget, schedule, risk management, procurement management, secure systems analysis, and design to prevent this incident from occurring in the future;
- A strong attempt to integrate a biblical worldview into the secure enterprise solution.