Your ISE5700 assignment is below. Please do not discuss the details of the assignment with other students for at least 30 days, but if you have questions or concerns, feel free to contact Stephen Northcutt, (Stephen@sans.edu) directly.
If you do call with questions, after the call is complete, please have a member of the team create a Memo to Record of what was discussed and what was decided and email to all involved parties with your final project submission.
There are THREE parts to your total project submission:
A. Technical report counts as 50% of GDWP score.
Your paper should include a CIO level executive summary to introduce your recommendations. The technical report should include: executive summary, the sub-assignments, and any appendices, and/or references. The rubric for grading the paper is shown below in the assignment. Max length fifteen (15) pages, typed single spaced, double-spaced between paragraphs. Hard and soft copies expected, (hard copy to the onsite STI representative), email soft copy to Stephen Northcutt (Stephen@sans.edu) , Toby Gouker (firstname.lastname@example.org), Chris Crowley (email@example.com) with copies to firstname.lastname@example.org. Submitted project emails must be sent before the live presentation.
B. "Back-of-the-envelope project plan" counts as 10% of the score.
Plan should include the relevant tasks, milestones, resources assigned to
the tasks and schedule. This is the first thing you do after receiving your
project assignment. Email to Stephen Northcutt Stephen Northcutt
(Stephen@sans.edu) , Toby Gouker (email@example.com), Chris Crowley (firstname.lastname@example.org) with copy to
email@example.com as soon as reasonable. Text only is fine. If you create a
diagram using computer tools, send as a JPEG or similar. If hand- done, scan
it or take a legible picture with a smartphone. Make sure to record the
amount of time to develop the plan and treat completion of the plan as a
milestone for the completed submission. Can you change your plan if you run into trouble? Of course, but create a version 1.1 of your plan. "A plan is so you know what you are deviating from." - Capt. Dan Ellrick USMC.
10 points possible.
C. Oral presentation with Slides counts as 30% of GDWP score.
Only one person presents, exactly 7 slides, 15 minute time limit, with a
couple of extra minutes for questions. Notes pages under slides should have
sufficient content so that someone not present can understand what you are
trying to convey. Remember to start and end on time; presentation skills
and content both count.
1. Presentation and presenter execute at the CIO level while accurately summarizing and supporting proposed processes. 10 points possible.
3. Presenter quality, (includes question handling), 10 points possible.
4. Presentation quality, 10 points possible.
Your company, GIAC Enterprises, is a small to medium sized growing business. It employs 1,500 employees, including 750 business and IT workers at corporate HQ, 250 employees at the Indonesian office and the remainder remote workers distributed worldwide. GIAC Enterprises has standardized on HP for desktop and laptop systems and Cisco for networking equipment. The servers are more diverse, almost of them run Linux. The company is the largest supplier of Fortune Cookie sayings in the world and prides itself on a rich history as well as cutting edge original research. The current primary product of GIAC Enterprises is the content of the fortunes themselves, i.e., the data. Data is stored and processed in 2 data centers at highly rated colocation facilities, one in the US and one in Indonesia.
On July 31, 2015, GIAC CIO/CISO, Karen Brown, walked into the office of one of the senior engineers, Chris Brown, and noticed a news story on her screen from LATimes:
Together they read the story, the LATimes article was similar to:
The CIO then remarked, “Tell me about that, a couple weeks ago, I was on UA Express 6395 Nashville -> Chicago (ORD) plane that had taxied to the TARMAC when they stopped operations. We were delayed 30 minutes, but when we got to ORD my next flight was delayed 45 minutes and the crazy thing is, the United employees didn’t seem to have a clue. They kept thinking the plane would be here shortly and Chicago is United’s HQ. I pity the poor souls that had their flights canceled.”
Chris said, “Crazy day, WSJ and the NY Stock exchange also had their share of troubles, here let me show you that story.”:
“Holy cow, were they hacked? Is this nation state? Or are these people clueless?”
Chris replied, I am not sure anyone knows, if they do, they aren’t talking, at least not yet.
“Hmmm”, Karen remarked, “we ought to review our incident response procedures so that when we make the call whether is it malicious or just a mistake, we have a good chance of being right. I think I will put a team together and I will sleep better if I have a first cut tomorrow about this time.”
Your CIO, Chris Smith, tasks you to create a technical report with the following items:
1) The three glitch scenarios: United Airlines, NYSE, WSJ should be considered guidance for “use cases”, i.e router glitch, computer glitch, web site glitch that have a significant impact.
a) For each glitch scenario summarize the architecture, essentially a critical controls 1 and 2 report. Keep in mind this is the size of GIAC Enterprises, NOT the New York Stock Exchange, (NYSE).
NOTE: feel free to choose the technology involved. For instance, if you read that the Wall Street Journal web servers ran Apache, but you are more familiar with Microsoft IIS, you are encouraged to create your checklist, (sub-assignment “b)” below), using Microsoft IIS.
15 points possible
b) For each scenario create a checklist to help the incident response leader determine if the cause of the glitch is human error or malicious intent. The checklist should be technical in nature and based on a technology that you understand and defined in sub-assignment “a)” above. Make sure to explain the “why” for each step. For each check give examples of what you would expect to find if it was user error or what you would expect to find if it was malicious intent.
30 points possible
c) Direct research for either “a) or b)” document in any: labs, scripts, screen shots, team created videos, interviews, demonstrations, that show you went beyond harvesting web pages on the Internet. This should be documented in the references section of your technical report.
5 points possible.
2) For each glitch, analyze and summarize what each organization did to manage PR:
Look for quotes in news stories and for full points try to find primary source examples, e.g. the Jennifer Dohm United Airlines “router email” or official United Tweets, or press releases from the three organizations etc.
5 points possible
Create a recommendation for each example use case on what they could have done better, (suggestions for improvement).
5 points possible
NOTE: While the executive summary of your paper is at the CIO level, (CIOs
only read the executive summary), the written technical paper should assume
a technical audience.
-- NOTE: when you send the email package, please point out the direct
research that you did. There is a risk that the graders might miss some of
-- NOTE: If you use someone's diagrams or a significant portion of their
material, you must ask for and receive permission to use. Please submit that
with your project.
* * *
Your oral presentation with Slides is scheduled for June 14 at 7:30pm in the
Billie Holiday 1 Room and your graders will be Toby Gouker.
Good luck and enjoy! (Remember that if you have any questions about the
assignment, please contact Toby Gouker and/or Stephen Northcutt).
* * *