7-1 Milestone Three: Incident Management Simulation Tabletop Training Exercise (Facilitation Instructions)

June 1, 2023June 1, 2023 Discipline: Internet Technology (IT)

ISE 690 Milestone Three Guidelines and Rubric

Incident Management Simulation Tabletop Training Exercise

Overview

In this milestone, you will prepare facilitation instructions for an incident management simulation tabletop training exercise based on security issues arising from either the development of the Callego Intelligent Virtual Assistant (IVA) or compliance and privacy protection under the General Data Protection Rule (GDPR).

You come to Milestone Three with the experience of working with issues related to IVAs in Milestone One and with the European Union (EU) privacy protection principles in privacy statements in Milestone Two A and technologies in Milestone Two B. In Milestone Three, you will approach one of these content areas from a new perspective as you develop a tabletop training exercise. In developing this exercise, you will also take on another aspect of the consulting role for cybersecurity professionals as you help the organization prepare to manage incidents and identify gaps in its response procedures, information security controls, or mitigation tactics. You may think of this exercise as equal parts rehearsal and test, as it will help the team members to practice their roles while also showing whether the organization’s plans are suitable to meet evolving threats.

To complete this assignment, you must play both sides of the chessboard, white and black, by projecting both the attack and defense. Throughout the Cybersecurity Graduate Program, you have worked with scenarios and cases created or provided by others. Now it is your turn to design a scenario that will read as authentic, as it is drawn from real life, but is also sufficiently logical and clear to allow others to readily follow and engage it. You will also have to imagine the responses to this incident, including key decisions and the consequences that will follow from them. Additionally, you will need to consider the ways in which a threat may evolve to resist or evade mitigation and how a team may contain such a resilient adversary. You will find that this work requires an intriguing mix of analysis and creativity, as you imagine a future state and an incident that may not have occurred at an organization but is within the realm of the possible.

Scenario

Your tabletop simulation exercise requires that you “play both sides of the chessboard,” or in military terms “red team” (attacker) and “blue team” (defender), as you project attack vectors from an adversary and a Callego defense posture and countermeasures.

This attack simulation will be presented in stages defined by decisions made or actions taken by the incident management team, as well as by “injects” that change the business context or present new attack vectors or adversarial tactics.

It is your responsibility to design the adversarial objectives, strategy, and tactics, as well as the defensive measures or protocols you would like to test. However, here are some helpful tips:

  1. Start with the underlying security issues involving your choice of the IVA or GDPR, and design an attack to exploit these issues.
  2. Emulate a known, categorized attack vector or vectors, adapted to security issues of the IVA or GDPR, in your attack. The “Mitre PRE-ATT&CK Matrix” module resource is recommended for identifying vectors.
  3. Recall that while an adversary may be outside the organization, insiders may also present threats through adversarial actions or negligence. An attack may involve multiple parties acting in concert or insiders who are made parties to an attack through means such as social engineering.
  4. Regarding defense, imagine a future state of security that can meet this attack. What would this entail in procedures or control measures? Now consider the operations of a company such as Callego that has a multitude of customer contacts and handles vast quantities of personal data every day at its core operation. What is a minimally viable defensive posture for the company regarding the IVA or GDPR? In your exercise, put this minimum viability to the test and look for gaps.
  5. Keep the attack and defense simple, but through a chain of injects and response team actions, build in more complexity. Keep in mind, however, that you are not required to simulate all possible attack vectors. This exercise is only a start.

Prompt

Develop facilitation instructions for an incident management simulation tabletop exercise for Callego, involving either the IVA or GDPR. These instructions should include sufficient information for a facilitator to lead the simulation and should give any informed reader at Callego a clear awareness of the exercise objectives, rationale, and progression.

You have been allotted five hours: four hours for the exercise and, after a break, about 50 minutes for a group discussion of the exercise and lessons learned. The exercise will occur in a conference room. All participants will have laptop computers or tablets and smartphones equipped with the Callego internal app and the Callego first alert message system, either of which can be used for the exercise. The room is equipped with white boards and a projection system, and you have sufficient easel paper, post-its, sticky dots, and other office supplies.

Your facilitation instructions should include the critical elements listed below:

  • Introduction to security issues the exercise will address. Be sure to connect this discussion to your learning about risk and security in the IVA or GDPR.
  • Objectives of the exercise. What do you hope to discover? While objectives are presented near the beginning of the instructions, they may be written near the end of the process of creating the exercise as you align and refine the elements.
  • Incident management team roles and responsibilities. What roles will participate in the exercise as members of the incident management team? List the core incident management responsibilities for each role. Limit this team to no more than seven roles.
  • Identification of elements to be tested or potentially exploited. Specifically, identify:
    • A security principle such as layering, least astonishment, modularity, least privilege, or another principle, as implemented at Callego
    • A security policy or procedure. This can be a particular provision in a larger policy or procedure.
    • A technical control measure
    • Another incident response tactic or countermeasure
  • A detailed exercise timeline that includes:
    • Initial attack vector
    • Frame for an initial response. How will procedures, principles, or control be tested? What will participants need to decide? For instance, should the facilitator prompt a group discussion or decision on alerts, notifications, or countermeasures?
    • Branching scenarios based on the initial response. What are the consequences of choices that the team may make? How can decisions and consequences prompt further decisions?
    • Up to three injects that shift the attack vector or introduce new information regarding the adversary or the business. For instance, an attack that at first seems aimed at collecting customer information may become an attempt to shut down systems.
    • Frames for responding to these injects
  • A visual representation of the flow or logic of the exercise, such as a countermeasure table or tree diagram illustrating the branches. How may this exercise best be visualized?
  • A projection of lessons learned. To complete this component, imagine that the exercise has been completed. What did it reveal? What lessons can be taken from it? Refer back to exercise objectives and elements for testing. Consider discussing:
    • Technical measures assessments and need for improvement
    • Communication procedure recommendations
    • Areas that should be covered in other training and user awareness campaigns
    • Regulatory and legal compliance concerns
    • Documenting risk/exposure for upper management

What to Submit

Your submission should be 5 to 7 pages in length (plus a cover page and references). Use double spacing, 12-point Times New Roman font, and one-inch margins. Any references should be cited according to APA style. A visual representation of the flow or logic of the exercise is required and should be included within the document. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.

Are you struggling with your paper? Let us handle it - WE ARE EXPERTS!

Whatever paper you need - we will help you write it

Get started

Starts at $9 /page

Login Register Reset

How our paper writing service works

It's very simple!

  • Fill out the order form

    Complete the order form by providing as much information as possible, and then click the submit button.

  • Choose writer

    Select your preferred writer for the project, or let us assign the best writer for you.

  • Add funds

    Allocate funds to your wallet. You can release these funds to the writer incrementally, after each section is completed and meets your expected quality.

  • Ready

    Download the finished work. Review the paper and request free edits if needed. Optionally, rate the writer and leave a review.

Place order now