Cybersecurity Research Paper- Cryptolocker - 89770

Solution Posted by
Solution Detail
Price: $20.00
Request Description
Cybersecurity Research Paper (15 points) Select a research topic from the list below. After selecting your topic, research the incident using news articles, magazine articles (trade press), journal articles, and/or technical reports from government and industry. · For a grade of A, a minimum of five authoritative sources (not including course modules and the course textbook) are required. · For a grade of B, a minimum of four authoritative sources (not including course modules and the course textbook) are required. · For a grade of C, a minimum of three authoritative sources (not including course modules and the course textbook) are required. Your research is to be incorporated into a 3- to 5-page written analysis of the attack or incident. Your report is to be prepared using APA formatting and submitted as an MS Word attachment to the Cybersecurity Research Paper entry in your assignments folder. Pre-approved topics include Adobe Source Code & Customer Data hacked (2013) APT1 (see Mandiant report of People’s Liberation Army cyberattacks) Cryptolocker Ransomware (2013) DigiNotar Certificate Theft / Compromise (detected in 2011) HomeDepot data breach (2014) Operation High Roller (detected in 2012) Gameover ZeuS botnet (countered by Operation Tovar; made public in 2014) RSA SecurID breach (2011) Target data breach (2013/2014) Telephone Tech Support Scam (2014) see http://www.ic3.gov/media/2014/141113.aspx You may propose an alternate topic for your instructor’s approval. Approval is NOT guaranteed. Your request for approval should be posted as a message in the Ask Your Instructor conference. 1. Short Topic Name 2. URL for news article about the security incident or attack that you will research for your paper 3. URL for a second authoritative Internet resource that you will use to provide information about your chosen security incident or attack. Ideas for additional topics can be found on various security-related websites, including ID Theft Resource Center (2014 Data Breach Report) http://www.idtheftcenter.org Bruce Schneier on Security http://www.schneier.com/blog/ Carnegie-Mellon CERT: http://www.cert.org/insider_threat/study.html CSO Online: http://www.csoonline.com/ Data Breach Today http://www.databreachtoday.com SC Magazine: http://www.scmagazine.com/ Symantec: http://www.symantec.com/threatreport/ US-CERT: http://www.us-cert.gov/security-publications/#reports After you have performed your research, use your sources to analyze the major characteristics of the cybersecurity incident. Your analysis must include: identifying the type of breach identifying and explaining how the breach occurred (or suspicions by authorities as to how it may have occurred) identifying and discussing known or suspected losses of confidentiality, integrity, and availability for information and/or information systems identifying and discussing technological improvements that would help prevent recurrence Grading Rubric: Rubric Name: Research Paper Rubric Criteria Level 6 Level 5 Level 4 Level 3 Level 2 Level 1 Identifies and Introduces the Attack or Breach (20%) 20 points Completely and thoroughly introduces the security incident or attack using the 5W formula (who, what, when, where, why). Discussion clearly identifies and briefly summarizes the attack, the attackers, and the information, information systems, and networks which were attacked (includes identification of victims). 18 points Introduces the security incident or attack using the 5W formula (who, what, when, where, why, and how). Discussion clearly identifies and briefly summarizes the attack, the attackers, and the information, information systems, and networks which were attacked (includes identification of victims). 16 points Introduces the security incident or attack using the 5W formula (who, what, when, where, why, and how). Discussion mentions the attack, the attackers, and the targets (victims). 14 points Introduces the attack, the attackers, and the victims. Uses at least three of the criteria from the 5W formula (who, what, when, where, why, and how). 10 points Introduces the attack, the attackers, and the victims. Provides some information about where and when. 0 points Research paper does not have an identifiable introduction that provides information about the attack, the attackers, and/or the victims. Means & Methods Used in the Attack (20%) 20 points Completely and thoroughly discusses how the attack or security breach occurred or the suspected means / methods used by the attackers. Paper includes a separate major section which addresses the means and methods used in the attack. Addresses specific exploits or tools used in the attack or the suspected means / methods used by attackers. Discussion identifies and provides an assessment of security controls which were ineffective. Discussion addresses specific known or suspected vulnerabilities which were exploited by the attackers. 18 points Paper includes a separate major section which addresses the means and methods used in the attack. Identifies and discusses how the attack or security breach occurred. Addresses specific exploits or tools used in the attack or the suspected means / methods used by the attackers. Identifies and provides an assessment of security controls which were ineffective. Addresses known or suspected vulnerabilities which were exploited by the attackers. 15 points Paper includes a complete and easily identifiable discussion of the means and methods used during the attack or the suspected ways in which the security breach occurred. (Add 1 point for discussion of specific exploits or tools used in the attack or the suspected means / methods used by the attackers. Add 1 point for discussion of security controls which were ineffective. Add 1 point for discussion of vulnerabilities which were exploited by the attackers). 10 points Identifies and discusses how the attack or security breach occurred or the suspected means / methods used by the attackers. Discusses one of the following: (a) tools & exploits, (b) ineffective security controls, or (c) vulnerabilities. 5 points Mentions how the attack occurred but does not specifically address means / methods, tools, exploits, security controls, or vulnerabilities. 0 points Does not address how the attack or breach occurred. Impacts of Attack on Information Security / Information Assurance (20%) 20 points The research paper contains a separate and thorough discussion of the known or suspected impacts of the attack upon the confidentiality, integrity, availability, authentication, and non-repudation characteristics of the targeted or impacted information, information systems, and/or networks. (All five characteristics are defined, discussed, and analyzed.) 18 points The research paper contains a separate and thorough discussion of the known or suspected impacts of the attack upon the confidentiality, integrity, availability, authentication, and non-repudation characteristics of the targeted or impacted information, information systems, and/or networks. (At least four of the characteristics are defined, discussed, and analyzed.) 15 points The research paper contains a separate and easily identified section which provides a discussion of the known or suspected impacts of the attack upon the confidentiality, integrity, availability, authentication, and non-repudation characteristics of the targeted or impacted information, information systems, and/or networks. (At least three of the characteristics are defined, discussed, and analyzed.) 12 points
Solution Description
Attachments
Cryptolocker.docx
Cryptolocker.do...