Bethesda University of California Network Security Checklist Discussion

Background.

Your team has been given the responsibility of conducting a baseline analysis for establishing a secure communications network for your assigned organization at the summit. The risk assessment process for a baseline analysis requires a multidisciplinary examination of the internal and external cyber environments.

The graded assignment for Project 1 is a Cybersecurity Policy and Baseline Analysis Report, which should be a minimum of 20 pages. There are 16 steps in this project, and it should take about 17 days to complete. This project is longer in duration than others in the course because some of the work you will complete also lays the foundation for work to be completed in Projects 2, 3, and 4. Begin with Step 1, where you will complete preparatory exercises designed to familiarize you with the tools and processes to be used throughout the project.

Transcript

Narrator: You are a cybersecurity professional in the information security branch for a government agency in your assigned location. Today, you received an email from your CISO that directed you and other members of your team to a meeting about a new cybersecurity team assignment. As the meeting is about to start, you leave your office, head to the conference room, and take a seat next to your colleagues. Your CISO is there, standing in the front of the conference room.

CISO: Congratulations! You’ve been assigned to the cyber team for our agency at the Five Eyes (FVEY) global economic summit in the United Kingdom.

The summit will be held at a country club and resort near London. As part of the summit, your team is tasked with setting up and maintaining a secure communications network.

The network will need to be accessible by authorized users via cellular phones, laptops, desktops, and tablets. The network will also need to interface with the primary network servers here at the agency’s headquarters.

Colleague: Are we setting up a joint comms center with other members of Five Eyes?

CISO: No. Each nation will set up its own independent secure comms network. While the partner nations in FVEY do have intelligence sharing and mutual defense agreements, not all data is shared. Some allies in FVEY have occasionally “spied” on other members, hacked secure communications networks, or cut off intelligence sharing due to their own national security concerns, particularly with respect to protection of communications or intelligence collection sources and methods. There have been several incidents of anomalous network activity at our agency of late. Attribution of this activity is unknown. It may or may not be related to the upcoming FYVE summit. The summit begins in four weeks. Before you head off to the summit, however, there is a lot of preparatory work to be done. Get started!

What I need for you to do.

Prepare the Network Security Checklist

You and the rest of the team have come to understand, using information from your research and current events, that there are different levels of sharing and collaboration between nations. There are trade and defense relationships between the nations.

The team now understands the policies that will provide data and communications governance of the network systems at the Global Economic Summit. This governance is also based on the trusted relationships between the nations and defines the access the nations will have to data, as well as the authentication mechanisms they will use in their communications with each other. The network configurations and the communications and data systems configurations will be designed to reflect these trusted relationships.

The policies your team has researched and developed will now be placed into networks, where information assurance concepts will be applied. These policies drive the security requirements of the systems being used. The risks and vulnerabilities on those systems and the security required to address those risks and vulnerabilities should also refer to the content within the cyber policy matrix.

Your team will create a two- to three-page Network Security Checklist that will include the components to be used for multilevel security communications in a multilevel trusted environment.

In your checklist, address the severity of threats from a security and risk management aspect. Remember that in previous documents you have researched policies on a global domain with regards to the relationships between nations. Those relationships have varying trust levels that translate into multilevel security in communications and information sharing, and are implemented technologically through policies for firewalls, public-key infrastructure (significance of public-key infrastructure), systems certification and accreditation, security vulnerability testing, SSL, IPSEC, and VPNs. Your network security checklist will encompass the levels of degrees of restrictions in these security components to defend against threats while allowing for communications and information sharing.

The checklist should include components of networks in software and hardware that will provide secure communications and data transmissions. Incorporate software and hardware components that could be on the network for secure data and communications transmission.

You and the other members of the team must first understand this inventory of your systems before evaluating risks and vulnerabilities. These are the steps prior to producing a baseline analysis of the network architecture of your nation team, and that of the nations you are communicating with at the Global Economic Summit.

You may research network components to include in your Network Security Checklist. This checklist will be used for the System Risk and Vulnerability Assessment and the Network Security Baseline you will compile for your nation team at the Global Economic Summit.

Determine the Methodology and Create the Checklist

In this step, your team will continue to develop the security checklist. You and your team members will detail the method used to develop the checklist. While developing your checklist, you should include (but you are not limited to) the following components:

• communications and data-sharing policies and the network devices that will be used to implement these policies

• firewalls and how the rule sets will be determined
• systems certification and accreditation demonstrations as required by network administrators who are hosting the summit
• secure communications protocols

• digital authentication mechanisms—How will your nation team establish PKI systems and develop public/private key mechanisms as well as digital certificates? Will your nation team have a centralized key storage system? How else will you establish trust between the nations? You do not have to build an encrypted communications system for your nation team, but you should provide your plan for trusted communications in your Network Security Checklist.
• SSL and IPSEC protocols

• VPNs

As a team, complete the two- to three-page Network Security Checklist.

MY home country is Team Australia.