Develop a brief (1-2 page) forensics data collection plan to be used during a Red Team exercise. Your plan will be used as part of training exercise for incident response personnel to help them learn to identify and collect evidence.
Your first task is to analyze the Red Team's report to determine what they attacked or what attack vectors were used. Next, analyze the environment to determine what types of forensic evidence should be collected after the attack(s) and where that evidence can be collected from. You should consider both volatile sources such as RAM (memory) and static sources such as disk drives, thumb drives (USB storage devices), etc. After you have identified the types of evidence and the devices from which evidence should be collected, document that in your short paper (the "plan").
At a minimum your plan must document evidence collection for three specific attack vectors or vulnerabilities that were exploited by the Red Team as part of its penetration testing. For each vector or vulnerability, document what type of evidence could be collected and where the evidence should be collected from.
Then
Write a 3 to 5 paragraph briefing paper that identifies and explains the three most important reasons why Sifers-Grayson should invest in an Identity Governance & Administration solution to help combat insider threat.
Your audience is a mixed group of managers from across Sifers-Grayson's operating areas (company HQ's, Engineering, Finance & Accounting, Program Management, Sales & Marketing). Some of these managers are familiar with the importance of separation of duties and least privilege but most are not. One or two of the managers might know the definition for RBAC. Your briefing paper needs to address these information needs as well as discussing why information should be labeled as to its sensitivity ("classification") and ownership.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your article.
Then
Why does Sifers-Grayson need OPSEC -- especially at the test range?
This question is expected to be asked at the morning meeting with the Sifers-Grayson executives. As a Nofsinger consultant, it's your job to have an answer ready. You should focus on identifying critical information & potential sources of threats, e.g. a hacker getting into the RF transmission streams and taking over a test vehicle. (See attached diagram of the test range & communications between it and the Engineering R&D Center.)
Using additional sources found on your own, prepare a 3 to 5 paragraph "talking points" paper that your team leader can use to respond.
Use at least 3 authoritative sources in your response and document those sources using a reference list at the end of your posting.