Your task is to create a report on the threat scope against a specific target. There are three profiles for these threats, of which you choose one.
The three profiles are:
1) Policy Profile: You are the Chief Information Security Officer (CISO) for a large multinational enterprise with a very large collection of intellectual property that represents a major portion of your business' holdings. What are the threats against your corporate network, where do they come from and what do you need to mitigate against them? Keep in mind that, as a CISO, you are more interested in developing Policy and Procedure than day to day threat management.
2) Response Profile: You are a threat researcher for a Computer Emergency Response Team (CERT) that is responsible for protecting Government networks. The Government will be releasing an unpopular policy in the near future and is expecting attacks from "hacktivists". What are the sorts of cyber-attacks that can be expected? How can the agency organise itself now to help reduce the impact of those cyber-threats? Remember that Government agencies often have lots of partners and social media accounts.
3) Technical Level:You are a penetration tester providing services to a client (i.e. not the company you work for), who is a major national accounting firm. Identify the risks to your company in performing the penetration test, identify the standard framework for conducting a penetration test and the methods that you would employ to conduct the test.
Your assignment is to choose one of those profiles, and write a report that is at least 3000 words or 15 pages (whichever is longer). Your assignment should cover the above brief for your profile, and to also cover the following aspects:
- What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework?
- How does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist?
- Is your problem of international scope and, if so, how?