Assignment - Baseline and Analysis Plan

In this week, the first graded assignment was due, the Baseline and Analysis Plan. In week one, each student chose a website they wanted to be assigned to them, which would have been used throughout the module for various scanning and research activities, eventually used in this and the last (week 6) assignments.

The concept for the assignment was to create a general analysis plan identified potential vulnerabilities, assessing the business risk level and protecting the integrity of business assets. The plan consisted of general timeline for review, tools which will be utilized, vulnerabilities which will be assessed as well as the website’s GDPR and other applicaple compliances. The analysis plan was proposed using the Cyber Kill Chain Model, which is a model developed by Lockheed Martin in 2011 and used fo identification and prevention of cyber intrusion activity. The model consitis of 7 steps:

  1. Reconnaisance - Harvesting and researching information about the target, in order to identify vulnerabilities in the target network
  2. Weaponization - Creating a remore access weapon, such as a virus or worm, tailored to one or more vulnerabilities
  3. Delivery - Transmitting the weapon/payload to the target. For example, via email attachments, websites or USB
  4. Exploitation - Executing the weapon/payload which takes action on target network to exploit vulnerability
  5. Installation - Weapon/payload installs access point, for example a back door for the intruder
  6. Command and Control (C2) - Weapon/Payload enables the intruder to have “hands on the keyboard” access to the target network
  7. Actions on Objectives - Intruded has control of the system/network and has achieved their goal/s. Depending on weapon/payload, this may result in data loss or destruction and/or ransom.

The above steps were applied to the website, in which i created a table outlining possible vulnerabilities, mitigations and the business impact based on risk level.

Although the Cyber Kill Chain has been proven to be a powerful approach in reducing cyber risk, research shows that it is perimiter-based, and malware focused. As echnology is constantly evolving, I proposed a different approach, recommending the Unified Kill Chain, which is a combination of the Cyber Kill Chain Model and the Mitre Att&ck Framework, adding additional steps which can be taken to prevent intrusion.

Reflection: This assignment has been very knowledge beneficial, applying a whole new range of knowledge and application to security surrounding websites, which I was not familiar with before. It has also identified different ways and steps which can be taken to mitigate some of these security risks. The biggest challenge in this assignment was applying all the research and implementing it into a word count limit, especially the table which was the most important application, displaying various stages, business impact and mitigations. I believe the assignment suffered in the end, as a result of having to reduce some of the word count from within the table, making the concept very brief. I found myself in a situation where I had to look at the check list, to ensure the necessary assignment requirements were filled, and not being able to fully expand on my interpretations as I wanted, due to the word limit. This is something to definitely improve on in the future, by looking at various ways it can be implemented.