GDWP Assignment
Dear XXX
Your ISE5700 assignment is below. Please do not discuss the
details of the assignment with other students for at least 30 days, but if you
have questions or concerns, feel free to contact Stephen Northcutt,
(Stephen@sans.edu) directly.
If you do call with questions, after the call is complete, please have a
member of the team create a Memo to Record of what was discussed and what was
decided and email to all involved parties with your final project submission.
===
There are THREE parts to your total project submission:
A. Technical report counts as 50% of GDWP score.
Your paper should include a CIO level executive summary to introduce
your recommendations. The technical report should include: executive summary, the
sub-assignments, and any appendices, and/or references. The rubric for grading the
paper is shown below in the assignment. Max length fifteen (15) pages, typed
single spaced, double-spaced between paragraphs. Hard and soft copies expected,
(hard copy to the onsite STI representative), email soft copy to Stephen
Northcutt (Stephen@sans.edu) , Toby Gouker (tgouker@sans.edu), Chris Crowley (chris@montance.com) with copies to registrar@sans.edu. Submitted project emails must be sent
before the live presentation.
B. "Back-of-the-envelope project plan" counts as 10% of
the score.
Plan should include the relevant tasks, milestones, resources
assigned to
the tasks and schedule. This is the first thing you do after
receiving your
project assignment. Email to Stephen Northcutt Stephen Northcutt
diagram using computer tools, send as a JPEG or similar. If hand-
done, scan
it or take a legible picture with a smartphone. Make sure to record
the
amount of time to develop the plan and treat completion of the plan
as a
milestone for the completed submission. Can you change your plan if
you run into trouble? Of course, but create a version 1.1 of your plan. "A
plan is so you know what you are deviating from." - Capt. Dan Ellrick
USMC.
10 points possible.
C. Oral presentation with Slides counts as 30% of GDWP score.
Only one person presents, exactly 7 slides, 15 minute time limit,
with a
couple of extra minutes for questions. Notes pages under slides
should have
sufficient content so that someone not present can understand what
you are
trying to convey. Remember to start and end on time;
presentation skills
and content both count.
1. Presentation and presenter execute at the CIO level while
accurately summarizing and supporting proposed processes. 10 points possible.
3. Presenter quality, (includes question handling), 10 points
possible.
4. Presentation quality, 10 points possible.
Assignment Scenario:
Your company, GIAC Enterprises, is a small to medium sized growing
business. It employs 1,500 employees, including 750 business and IT workers at
corporate HQ, 250 employees at the Indonesian office and the remainder remote
workers distributed worldwide. GIAC Enterprises has standardized on HP for
desktop and laptop systems and Cisco for networking equipment. The servers are
more diverse, almost of them run Linux. The company is the largest supplier of
Fortune Cookie sayings in the world and prides itself on a rich history as well
as cutting edge original research. The current primary product of GIAC
Enterprises is the content of the fortunes themselves, i.e., the data. Data is
stored and processed in 2 data centers at highly rated colocation facilities,
one in the US and one in Indonesia.
On July 31, 2015, GIAC CIO/CISO, Karen Brown, walked into the office
of one of the senior engineers, Chris Brown, and noticed a news story on her
screen from LATimes:
Together they read the story, the LATimes article was similar to:
The CIO then remarked, “Tell me about that, a couple weeks ago, I
was on UA Express 6395 Nashville -> Chicago (ORD) plane that had taxied to
the TARMAC when they stopped operations. We were delayed 30 minutes, but when
we got to ORD my next flight was delayed 45 minutes and the crazy thing is, the
United employees didn’t seem to have a clue. They kept thinking the plane would
be here shortly and Chicago is United’s HQ. I pity the poor souls that had
their flights canceled.”
Chris said, “Crazy day, WSJ and the NY Stock exchange also had their
share of troubles, here let me show you that story.”:
http://www.ibtimes.com/wall-street-journal-homepage-wsjcom-down-nyse-stops-trading-computer-glitch-1999756
“Holy cow, were they hacked? Is this nation state? Or are these
people clueless?”
Chris replied, I am not sure anyone knows, if they do, they aren’t
talking, at least not yet.
“Hmmm”, Karen remarked, “we ought to review our incident response
procedures so that when we make the call whether is it malicious or just a
mistake, we have a good chance of being right. I think I will put a team
together and I will sleep better if I have a first cut tomorrow about this
time.”
Assignment:
Your CIO, Chris Smith, tasks you to create a technical report with
the following items:
1) The three glitch scenarios: United Airlines, NYSE, WSJ should be
considered guidance for “use cases”, i.e router glitch, computer glitch, web
site glitch that have a significant impact.
a) For each glitch scenario summarize the architecture, essentially
a critical controls 1 and 2 report. Keep in mind this is the size of GIAC
Enterprises, NOT the New York Stock Exchange, (NYSE).
NOTE: feel free to choose the technology involved. For instance, if
you read that the Wall Street Journal web servers ran Apache, but you are more
familiar with Microsoft IIS, you are encouraged to create your checklist,
(sub-assignment “b)” below), using Microsoft IIS.
15 points possible
b) For each scenario create a checklist to help the incident
response leader determine if the cause of the glitch is human error or malicious
intent. The checklist should be technical in nature and based on a technology
that you understand and defined in sub-assignment “a)” above. Make sure to
explain the “why” for each step. For each check give examples of what you would
expect to find if it was user error or what you would expect to find if it was
malicious intent.
30 points possible
c) Direct research for either “a) or b)” document in any: labs,
scripts, screen shots, team created videos, interviews, demonstrations, that
show you went beyond harvesting web pages on the Internet. This should be
documented in the references section of your technical report.
5 points possible.
2) For each glitch, analyze and summarize what each organization did
to manage PR:
Look for quotes in news stories and for full points try to find
primary source examples, e.g. the Jennifer Dohm United Airlines “router email”
or official United Tweets, or press releases from the three organizations etc.
5 points possible
Create a recommendation for each example use case on what they could
have done better, (suggestions for improvement).
5 points possible
NOTE: While the executive summary of your paper is at the CIO level,
(CIOs
only read the executive summary), the written technical paper should
assume
a technical audience.
-- NOTE: when you send the email package, please point out the
direct
research that you did. There is a risk that the graders might miss
some of
it.
-- NOTE: If you use someone's diagrams or a significant portion of
their
material, you must ask for and receive permission to use. Please
submit that
with your project.
* * *
Your oral presentation with Slides is scheduled for June 14 at
7:30pm in the
Billie Holiday 1 Room and your graders will be Toby Gouker.
Good luck and enjoy! (Remember that if you have any questions about
the
assignment, please contact Toby Gouker and/or Stephen Northcutt).
* * *
