Project Outlines

Part 1: Undertake research and develop a project plan

To complete this part of the assessment, read the following case study and initial report and complete the following task:  

• Task 1: Undertake research and write a research report.
• Task 2: Develop a Project Plan.

Case study 1

Cyber security issues are continuing to grow at an alarming rate. With so many accessing the internet daily, the risk of online crime, stolen information, and exploitation is rising.

Gelos Enterprises, a leading Australian organisation that offers services to Australian businesses, has engaged with Data Trust, a cyber security specialist company, to undertake security testing and audit their cyber security procedures and protocols. They have also been asked to research and report the nature of any cyber security issues impacting their organisation, including the likely causes of all identified issues.

Gelos Enterprises suspects they may have a data breach through a publicly exposed system or service.

Unfortunately, a data breach would mean that the attackers may now have access to data, including details of customers’ personal information.

Gelos Enterprises is concerned that a smaller group of customers may also have stolen their home addresses and government ID, such as passports and driver’s licence numbers. The risk to customers who may have had these official identification documents stolen is huge, largely because hackers can use these documents as identification to apply for a loan or other financial services. Identity theft can have severe ongoing consequences for a person’s finances and credit score.

Gelos Enterprises estimates that the worst-case scenario could mean that up to 3.4 million customers may have their data compromised due to the attack, with 1.38 million severely impacted. Gelos are also concerned that 15,000 valid driver’s licence numbers may have been exposed, including 10,000 customers with highly sensitive personal information such as passport numbers are also exposed and are now at risk.

Incident details

Working from home after a long weekend, Fernando Remi, a senior consultant with the Gelos Enterprises Operations Team, could not access the Gelos network. After multiple attempts, he could finally log on; however, the system was very slow and eventually shut down. This raised concerns for Fernando, who mentioned it to his manager, Chris Smith, who suggested he report the issue to the organisation’s Security Administrator, Lee Dowling. Lee was prompt to respond and wasted no time investigating the issues Fernando described.

After his initial enquires and review, Lee discovered that there’s a high probability that Gelos Enterprises may have experienced a data breach. Lee’s concern is further elevated because highly sensitive customer information may have been compromised. 

Upon further investigation, Lee also found that the security controls failed to meet the required organisational standards as most of the software was outdated. Furthermore, he identified that the security patches also need updating. From his findings, Lee concluded that the likelihood of an infected malware was extremely high.

Using his administrator privileges, Lee attempted to rectify the issues himself, to no avail. He then discussed the issues with his colleague Lucas Isaaks from the ICT department, who advised him to report the issue to the IT Security team as soon as possible.

The IT Security Team were immediately alerted, and it was decided that Gelos Enterprises would engage with Data Trust to audit their cyber security procedures and protocols and run thorough security testing.

Initial Report

Gelos Enterprises have requested the following representatives from the IT Security team to submit a preliminary report to Data Trust. The team includes the following personnel:

 Table 2 –  Team’s personnel

Team member	Role	Email
Tejas Aarush	Office of the CEO	t.aarush@gelosenterprises.com
Lucas Isaaks	ICT	l.isaaks@gelosenterprises.com
Chris Smith	Operations	c.smith@gelosenterprises.com
Lee Dowling	Security Administrator	l.dowling@gelosenterprises.com

Click CI_CyberSecProject_AE_Pro2of2_Appx_GelosInitialReport to view and analyse this report. The report is located in Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip).

Task 1: Undertake research and write a draft research report

To complete this part of the assessment, you will need to research Gelos Enterprises cyber security controls, policies and procedures as the senior manager of the Cyber Security Team at Data Trust. Your research must focus on understanding the nature of the cyber security issues affecting Gelos and their real or likely causes.

Once completed, you need to write a draft research report using Part A of the Cl_CyberSecProject_AE_Pro2of2_Appx_DataTrustReportTemplate.

The report template is located in Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip).

Word count:  1200– 1800

Using the template, your draft research report will need to:

1. Outline the objectives of your research. 
2. Identify and confirm the strategies/methods used to undertake the research and how the selected strategies are aligned with the research objectives.
3. List the various sources of information you identified, accessed and reviewed, including:
   1. Gelos policies and procedures
   1. existing risk controls and monitoring strategies
   1. privacy protection and storage policies and procedures implemented as part of the research project
   1. information and security policy.
4. Referring to the organisation’s policy and procedures, describe your action to store the research information securely.
5. Based on the information you extracted in the previous steps, identify and draw at least 3 conclusions describing the issue’s nature and its real or likely causes. Ensure you discuss the cyber-security vulnerabilities that Gelos is exposed to. All conclusions must be consistent with the evidence and research strategy.  
6. Justify your conclusions with reference to specific evidence, including Gelos policies, procedures and practices.  
7. Demonstrate that assumptions underpinning each conclusion and evidence are clear and justified.

Artefacts, resources, and templates required

Click on Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip) at the beginning of the document to access the following:

• Gelos initial report   
• Gelos Information and security policies
• Data Trust Research Report Template

Click to access the below documents:

• GE_Data-protection-policy (pdf)
• GE_Cyber-security-policy-and-procedure (pdf)
• GE_Data-backup-policy (pdf)

Evidence to be provided

You must submit the Part A: Research Report found within the Cl_CyberSecProject_AE_Pro2of2_Appx_DataTrustReportTemplate, ensuring the criteria outlined in the task are met.

Students must submit a research report related to the case study outlined in Part 1. The report must draw on the information outlined in the ‘Data Report’ supporting the case study.

The student’s research report must include:

1. Outlines the objectives of the research.
2. Describes the strategies/methods used to undertake the research.
3. Lists the various sources of information you accessed and reviewed, including:
   1. Gelos policies and procedures.
   1. Existing risk controls and monitoring strategies.
   1. Privacy protection and storage procedures implemented to protect Gelos intellectual property.
4. Comments on the reliability of each of the sources of information. For example, if certain information was not available, incomplete or inaccessible at the time of your research.
5. Outlines at least 3 conclusions describing the issue’s nature and its real or likely causes. Ensure you discuss the cyber-security vulnerabilities that Gelos is exposed to.
6. Explains each of your conclusions with reference to specific Gelos, policies, procedures and or practices.
7. Outlines the underpinning assumptions related to each of the conclusions.
   

Task 2: Seek feedback on draft research report

To complete this task, you will need to prepare an email to Gelos Enterprises stakeholder/s requesting their review and feedback on the draft research report.

Using the Data Trust email template, prepare an email to stakeholders. Your email must include the following:

• a summary of your research findings and recommendations
• the request for review, feedback, and comments aligns with organisational policies and procedures
• reference the research report as an ‘attachment’, for example, ‘Please see attached….’

Artefacts, resources, and templates required

You will need access to the Data Trust email template, .

Evidence to be provided

You will need to submit your draft email to your assessor.

Task 3: Develop a Project Plan

Stakeholder/s have completed a review of the draft research report and have provided feedback to confirm their agreement and approval. Next, you must develop a project plan detailing a cyber security project for the organisation outlined in the case study. The content of your project plan should be based on the issues identified as part of your research project completed in Task 1.

Using the CI_CyberSecProject_AE_Pro2of2_Appx_DataTrustProjectPlan:

1. Outline the background relating to the project, including a description of the cyber security problem/s the organisation is experiencing.
2. Outline the project scope, system boundaries and problem-solving methodology to be applied to the project.
3. Identify:
   1. at least 3 project  objective
   1. at least 3 questions the project will answer. 

The project objective is to develop, present and seek sign-off on a cyber-security implementation plan to ensure that Gelos Enterprise are in a position to protect themselves from future cyber security attacks and limit the impact of future attacks. Additionally, the project will assess Gelos Enterprise Incident Response capabilities in the event of a successful attack on the organisation.

• Identify the key project deliverables and their expected outcomes. Note that at least one of the deliverables MUST relate to researching how to solve the cyber-security issues experienced  by Gelos (as identified in your research as part of Task 1.
• Determine and detail the process of an implementation/work plan schedule that minimises end user disruption and includes:
  • a statement of work
  • identify, develop, and include key tasks and subtasks
  • allocation of resources required to complete each of the identified tasks
  • key milestones and realistic timelines for completing each identified task
  • costs associated with task execution. Students require to identify technology costs but should make an estimate based on research and assumptions on the organisation size. Any assumptions and research should be outlined here. Cost of resources must also be considered.
• Outline the structure of the project team:
  • Identify the team members, including their roles and functions, allocated to the project.
  • Determine the team member roles and responsibilities, including tasks and subtasks assigned to them and the resources required to complete them.
  • Establish the criteria which will be used to evaluate team performance. 
  • Define the methodology and sources of data that will be used to inform team performance criteria.
• Include the development of a risk management plan that includes:
  • potential risks/ unexpected events might impact the project and timelines, and considerations of potential end user disruptions and controls to minimise these
  • categorisation of risks in terms of their likelihood and consequence
  • risk control strategies include the resources required to control those risks.

Artefacts, resources, and templates required

You will need access to a Project Plan template.

The is located in Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip).

Evidence to be provided

You must complete and submit a Project Plan that meets all the criteria outlined in the task, and then submit to your assessor.

Students need to submit a Project Plan that relates to the research report completed in Task 1. The Project Plan must:

1. Outline the background relating to the project, including a description of the cyber security problem/s the organisation is experiencing.
2. Outline the project scope, system boundaries and problem-solving methodology to be applied to the project.
3. Identify at least 3 project objectives.
4. Key project deliverables and their expected outcomes. Note at least one of the deliverables MUST relate to conducting research into how to solve the cyber-security issues experienced by Gelos (as identified in your research as part of Task 1.
5. Detail an implementation plan that includes:
   1. Key tasks to be completed
   1. Resources required to complete each of the identified tasks.
   1. Timelines (5days to 1week, max 2 weeks) for completing each identified task.
   1. Costs associated with task execution. (refer to other pen test $2000-3000, $150 per hour for Jr pen tester, Sr $350-400)
6. Outline the structure of the project team, including:
   1. Team members, including their roles, are allocated to the project.
   1. Team member responsibilities, including tasks to which they are assigned and the resources required to complete them.
   1. Criteria will be used to evaluate team performance.
   1. Sources of data that will be used to inform team performance criteria.
7. Include a risk management plan that includes:
   1. Potential risks/ unexpected events that might impact the project.
   1. Categorisation of risks in terms of their likelihood and consequence.
   1. Risk control strategies including the resources required to control those risks.
      

Part 2: Distribute project plan to stakeholders

To complete this part of the assessment, you need to distribute to the Gelos Enterprises stakeholders a copy of the project plan seeking approval and feedback. 

Task 1: Distribute the project plan to stakeholders

After completion, Gelos has requested the Project Plan be emailed to Gelos stakeholders for review and approval. 

Using the Data Trust email template, prepare an email to Gelos Enterprises stakeholders sharing a copy of the project plan and seeking approval.

Your email must include the following:

• Refer to the project plan as an ‘attachment’. For example, ‘Please see attached….’
• Request feedback and comments.
• Request approval for your project plan.

Artefacts, resources, and templates required

You need access to the Data Trust email template.

Evidence to be provided

Submit your draft email to your assessor for marking.

Students need to submit an email (using the template) that:

1. Briefly summarises the student’s research findings and recommendations.
2. Requests feedback and comments.
3. Requests approval for the student’s project plan.
4. Refer to the project plan and research report as ‘attachments’. For example, ‘Please see attached….’

Part 3: Execute the IRP/T project

Research findings and recommendations have been submitted to Gelos Enterprises, who endorsed the project plan. Data Trust is ready to implement the project plan and investigate possible improvements. Data Trust will test the hypothesis of the project plan and record the results while recommending further improvements.

To complete this part of the assessment, you need to execute the IRT project and complete the following tasks:

• Task 1: Undertake research into Gelos cyber security systems.
• Task 2: Develop an Incident Response Plan.
• Task 3: Execute the Incident Response Team exercise.

Task 1: Undertake detailed research into Gelos cyber security systems

For this task, you must undertake and document research into the security infrastructure at Gelos. Your research should focus on how to solve the cyber-security issues experienced by Gelos. This will involve accessing and reviewing Gelos’ internal policies, procedures, and systems as well as (possibly) external resources such as standards, guidelines, and codes of practice. Also reference the Gelos’ network diagram of the blue and red teams, as shown in the next Figure.

Figure 1 – Blue and Red networking teams © TAFE NSW 2023

The research report will be communicated to the Gelos Enterprises stakeholder/s team.

Your research must comment on Gelos:

• information and security policy documents
• employee work habits and their impact on cyber security
• cyber security configuration and change management capability
• security clearance levels relating to organisational data
• valuation of organisational assets
• baseline security infrastructure, including physical security assets
• security infrastructure vulnerabilities.

Following your research, you must complete the Research Report using the Part B Cl_CyberSecProject_AE_Pro2of2_Appx_DataTrustReportTemplate and include in your report the following details: 

1. Identify, outline, and document the risks and vulnerabilities of the research objectives.
2. Explains how to research information will be stored securely. 
3. Outlines the research methods to be used and explain the reliability of each method. 
4. Identifies, evaluates, and outlines the implications of:
   1. current levels of employee awareness, strategies to promote awareness, habits, and compliance with cyber-security policies
   1. existing cyber security configuration and change management capability
   1. existing security clearance levels relating to organisational data
   1. existing security infrastructure baseline, including physical security assets
   1. Gelos are using Nessus and Splunk as part of the organisation’s security infrastructure, providing an audit review of these 2 tools and using a minimum of 100 to a maximum of 200 words for each tool (refer C2T10L1- Splunk training).
5. Outlines a valuation of the organisation’s assets impacted by cyber security policies. 
6. Identify, outline, and document the risks and vulnerabilities associated with:
   1. categorisation of risks based on their likelihood and consequence
   1. controls to effectively manage identified risks, including those associated with human interaction
   1. resources required by risk category which minimise business disruption.
7. Outlines conclusions relating to:
   1. cyber information and security policy and procedure documents
   1. employee work habits and their impact on cyber security
   1. cyber security configuration and change management capability
   1. strategies for raising employee awareness of cyber security practices, policies and procedures. 
8. Explains how the conclusions are justified.
9. Details a security recovery plan.

Artefacts, resources, and templates required

You need access to the Cl_CyberSecProject_AE_Pro2of2_Appx_DataTrustReportTemplate. This is located in Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip) at the beginning of the document.

Evidence to be provided

You must complete and submit the Research Report, which meets all the criteria outlined in the task.

Task 2: Develop an Incident Response Plan (IRP) 

You need to develop an Incident Response Plan (IRP) for this task.

Using the CI_CyberSecProject_AE_Pro2of2_Appx_Gelos – Red Team Playbook and CI_CyberSecProject_AE_Pro2of2_Appx_Gelos – Blue Team Playbook,  your IRP will need to:

1. Outline the scope of the IRP, including defining the services to be provided.
2. Summary of business implications associated with cyber security incidents are to be articulated and explained to the ICT.
3. Recruit and define the Incident Response Team (IRT) members, including their:
4. roles and responsibilities
5. training requirements. 
6. Create the fundamental red teaming activities in a Red Team playbook, also known referred to as systematic testing procedure, including:
7. the range of attacks to be used is defined
8. select, outline, and develop a suitable systematic process to implement the method of attack
9. the red team can include pre-prepared PCAP files in the SIEM. 

The following existing TAFE labs can be used as Range of attacks while creating Red team playbook:

• C1T7L1 – Wireshark Activity 1- The basics
• C1T7L2 – Wireshark Activity
• C5T04L1 –  NetCat
• C5T05L1 – Information gathering with nmap
• C5T06L1 –  Exploiting Metasploitable2- VSFTPD
• C5T06L2 – Metasploit
• C5T06L4 – Brute Force
• C5T06L6 –  TCP SYN Flood Attacks
• C5T12L1 – Spidering and Proxy Interception
• C5T13L1 – Nikto and Web enumeration
• C5T14L1 – XSS
• C5T15L1 – SQLi
• C5T16L1 – IDOR
• C5T18L1 –  Creating reverse shell using php

Using these labs, you need to:

1. Create the fundamental blue teaming activities in a Blue Team playbook, including:
   1. the services the IRT will provide are defined
   1. response handling plan for a range of incidents developed
   1. incident response reporting/communication process developed
   1. evidence collection and protection processes developed. 
2. Determine and outline the communication strategies and reporting hierarchy for the IRT.
3. Define 2 fundamental purple teaming activities in your IRP and include an observation checklist to monitor the red and blue teams.
4. Provide an evaluation of the organisation’s incident management plan.

Artefacts, resources, and templates required

You need access to an Incident Response Plan Template.

This is located in Cl_CyberSecProject_AE_Pro2of2_Appx_Files (zip) at the beginning of the document.

Evidence to be provided

You must submit the Incident Response Plan, which meets all the criteria outlined in the task.

Task 3: Execute the Incident Response Team exercise (IRTx)

For this task, you must implement the Incident Response Plan (effective risk controls to manage the risk) by executing an Incident Response Team exercise (IRTx). To complete the exercise, a minimum of 2 to a maximum of 4 team members. 2 teams are required to collaborate to perform the activity (one team red, vs one team blue) and to perform the IRTx. After completing their activities, the teams will swap roles (red/blue).

Each team should complete the activity as (a) Red Team and (b) Blue Team, each performing different red and blue team functions as described in Part 3, Task 2.

To execute the exercise, consider initiating the following steps:

• check access to the lab network as per the IRP
• the red team begins attacks as per the Red Team playbook
• the blue team begins analysing logs/data to determine if an incident has or is occurring
• the blue team also needs to monitor and take notes to allow for reporting later, and these observations should include what controls are being monitored
• the blue team follows the process as per the IRP outlined in the Blue Team playbook
• all evidence should be captured, processed and preserved according to the organisational guidelines.

Throughout the exercise, you will need to capture the following evidence:

1. Screenshot(s) of ping results showing an attempted connection(s) with the attack target(s)
2. Notes and screenshots verifying successful/unsuccessful attack attempts
3. Notes and screenshots verifying time taken for incident/event to be reported
4. Notes and screenshots verifying types of incidents were reported
5. Responses to attacks.

You should make use of the next observation checklist to record your note taking when acting on the Blue team.

Blue Team observation checklist

Observed by: [Name of student]

Date of observation: [Date of observation]

Table 3 – Blue team observation checklist

Time	Attack detected	Victim IP	Source IP	Description	Response

Artefacts, resources, and templates required

You need access to an Incident Response Sandbox to execute the activity.

This is located in Cl_CyberSecProject_TL_SW_Appx_Labs (zip) at the beginning of the document.

Evidence to be provided

You must submit the Incident Response Plan that meets all the criteria outlined in the task.

Part 4: Evaluate the Incident Response Plan exercise

To complete this part of the assessment, you must complete an End Project Report. To do this, you will need to complete the following task:

• Task 1:  Evaluate the Incident Response Plan Exercise.

Task 1: Evaluate the Incident Response Plan exercise

For this task, you must evaluate the incident response plan exercise and identify areas in which Gelos can improve its cyber-security systems.

Using the CI_CyberSecProject_AE_Pro2of2_Appx_EndProjectReport, your evaluation must:

• identify at least 3 improvements that can be made to the Incident Response Plan
• discuss, evaluate, and outline the blue-teaming strategy for incident response mitigation
• examine the effectiveness of the red teaming and incident response testing and exercises
• discuss the effectiveness of the blue team strategy in identifying and responding to events/incidents and review and evaluate incident response blue-teaming activities
• discuss the effectiveness of using the Incident Response Team exercise (IRTx) to evaluate and test the Incident Response Plan. Then, examine and identify at least 3 improvements that will be used to modify the incident response plan. Identify at least 3 improvements that can be made to the Incident Response Plan (IRP)
• assess and discuss the effectiveness of the communication between the cyber analyst and SOC shift supervisor, and if required, changes implemented
• assess and discuss the effectiveness and the communication between the SOC shift supervisor and the SOC manager, and if required, changes implemented
• review and evaluate project risk strategy, including products and strategies used to monitor risk criteria
• review and identify which vendor products can be used to monitor risk rating criteria that are the following (select 2):
  • SAP GRC
  • ServiceNow
  • OneTrust
  • Archer
  • SAI360
  • ProcessUnity.

Artefacts, resources, and templates required

You will need access to an CI_CyberSecProject_AE_Pro2of2_Appx_EndProjectReport.

Evidence to be provided

You will need to complete and submit the End Project Report.

Part 5: Develop and present Cyber-Security Implementation Plan

To complete this part of the assessment, you need to develop a cyber-security implementation plan and present the key content of the plan to key stakeholders.

This section consists of 2 tasks:

• Task 1: Develop an implementation plan.
• Task 2: Present research findings, recommendations and lessons learnt.

Task 1: Develop an implementation plan

For this task, you must evaluate the incident response plan exercise and identify areas in which Gelos can improve its cyber-security systems.

Using the Cyber-Security Implementation Plan Template, you must:

• document cyber-security risks to which the organisation is exposed
• outline actions to address the risks and shortfalls of existing cyber-security strategies used at Gelos
• outline timeframes and costs associated with implementing the suggested actions (point 1)
• identify cybersecurity hygiene best practices and processes that can be implemented
• outline strategies to promote cyber-security policy awareness amongst Gelos employees, including steps to review and modify awareness activities to ensure they remain effective
• outline a plan to train end users in updated cyber-security procedures and cyber -security hygiene
• develop and outline a change to at least one Gelos policy relating to cyber-security and user access
• develop and outline a change to at least one Gelos procedure relating to cyber-security and user access
• outline experience gained, and lessons learnt as part of the project.

Artefacts, resources, and templates required

You need to access to the Cyber-Security Implementation Plan Template

Evidence to be provided

You must submit a Cyber-Security Implementation Plan that meets all the criteria outlined in the task.

Task 2: Present research findings, recommendations and lessons learnt

For this task, you must present your Implementation Plan to a group of stakeholders and train those stakeholders on at least 4 cyber-hygiene practices.

Your presentation must be delivered and recorded to at least one other person, lasting 10-15 minutes. The Data Trust presentation template will be used when presenting the project plan. On completing your presentation, you will prepare an email requesting final project sign-off from a sponsor and key stakeholder/s.

During the presentation, you must:

• distribute your research report (from Part C, Task 1) and summarise the findings
• invite questions and feedback relating to your research findings
• summarise the key recommendations outlined in the Implementation Plan
• outline strategies to mitigate identified risks to Gelos’ cybersecurity systems
• provide training and advice to stakeholders on at least 4 cyber-security hygiene practices which align with Gelos’ organisational cyber security policies.  Your training must:
  • explain each of the 4 cyber-security hygiene practices
  • explain the implications of failing to apply each of the 4 practices
  • provide advice on implementing each practice in one’s day-to-day work
• discuss lessons learnt from the Incident Response Plan Exercise
• obtain verbal sign-off (approval) for the strategies proposed.

Checklist

The following checklist will be used by your Teacher/Assessor to mark your performance against the assessment criteria of your project. Use this checklist to understand what skills and/or knowledge you need to demonstrate during this assessment event. All the criteria described in the checklist must be met.