You will divide into teams of 6 (4 teams). The teams will compete for a consulting position for a defense contractor. The defense contractor manufacturers fighter helicopters used by the United States Army and Marine Corps. The helicopters are state-of-the-art equipment, and the design and components are highly protected by the military.

Case Problem

Recently, the CEO of the government contracting firm was notified that an auction on the dark web was selling access to its firm's business data, which included access to its military client's database. The CEO rapidly established the data being 'sold' was obsolete, and not tied to any government agency clients or new technology. However, the data breach has caused an uproar in the firm and its military clients about its security measures. The firm identified that a senior employee had downloaded a malicious email attachment, thinking it was from a trusted source. This phishing attack created the security breach.

A phishing attack is where malware is in the attachment of the email. A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware

In response, the company's IT management immediately shut off communications to the affected server and took the system offline to run cybersecurity scans of the network and identify any additional breaches. The United States Secret Service assisted in the forensics investigation.

The investigation revealed that the company's internal cybersecurity infrastructure was outdated and ineffective against advanced attacks in the future. The investigation further revealed that the current software and server capabilities were antiquated. It also showed that policies, procedures, and training were shortchanged and inadequate.

Among the items identified by the forensic investigation were:

1. Failure of the organization to recognize that it was a cyber security risk because of the potential for human error.
2. Failure to identify the most at-risk users internally and empower them with knowledge and awareness to identify scams.
3. Data breaches due to remote work resulted because of working from home and other offsite locations and connections to other networks with non-approved devices.
4. Laxed multifactor authentication protocols resulted in a greater risk for Ransomware attacks.
5. Missing security patches on workstations and laptops put the organization at risk.
6. Failure to adjust to the unique threats caused by COVID-19 as a result of the Bring Your Own Device Threats (BYOD).
7. Failure to see backups as part of their cyber security plan by relying only on systems or servers to keep their data protected.
8. A diminished corporate security program which outlines acceptable use, incident response and physical security.
9. Lack of training on cyber security issues and the failure to treat it as an IT issue rather than a security issue.
10. Failure to dedicate high ranking employees to the management team with an expertise in cybersecurity.

Assignment

Your team will make a pitch to the organization for a proposal to be hired as a long-term consultant to modernize and structure a comprehensive Cybersecurity plan.

Each team will provide the following in its package:

1. Each member of the team will provide a resume of his/her qualifications.
2. The group will develop a 15-minute presentation pitching the proposal it has developed to modernize the company's Cybersecurity program.
3. The written proposal will include the following:
   1. Executive Summary of the proposal
   2. Detailed information about the specific ideas and recommendations your group suggests for improving the company's cybersecurity plan
   3. Guidelines concerning internal training needed for employees of the company on issues of cybersecurity protection
   4. Rational why your firm is best suited to be hired to develop the comprehensive cybersecurity plan.
4. A PowerPoint Presentation to accompany the group presentation.

NOTE: Each member of the group will have to play some role in the presentation.