Identify a recent incident in cyber(in)security, investigate it in detail and write up a report on it using the following structure. The report should cover a specific, targeted incident and address specific adversary(ies), victim(s), infrastructure(s), capability(ies), and not be a general description of a security vulnerability. Please see below for ineligible incidents.
Guidelines and Standards
Maximum 2000 words. This does not include references. Provide citation of sources using any recognized format. JDF format is preferred and can be accessed here: JDF. The report must be submitted as a word document (*.docx). Please make extensive use of Turnitin prior to your final submission to check the integrity and grammar of your work. Cases of plagiarism will be reported in line with GT policy and receive 0 points.
The paper must contain the following sections:
Incident Description
Describe the incident succinctly with the relevant information to understand the incident and its effects. This provides the basis to apply the Diamond Model in the next section.
Diamond Model
Use the framework of the model to identify Adversary, Victim, Infrastructure and Capability. Pay special attention to what the paper calls the Social-Political meta-feature determining the Adversary-Victim relationship, and the Technology meta-feature enabling both the infrastructure and capabilities.
Policy Assessment and Recommendations
Identify at which level of organization this problem is best addressed. Does this incident, in your judgment, reflect the need for some kind of public policy change at the national (9) or transnational (10) level? Or is it best handled at the organizational (8) or industry level (8.5)? Be sure to clearly indicate the single level at which you are making the recommendation. In making this assessment, consider how common these types of incidents are, what kinds of risks they pose, and what kind of legal, technical or policy tools could combat them.
Submission & AI Writing Detection Capabilities
Please submit your final paper as a Word document (*.docx). By submitting your final paper to Canvas, the student acknowledges that no AI writing tools such as ChatGPT and similar have been used for any parts of the assignment. GT has deployed AI writing detection capabilities through Turnitin. Detection scores are only visible to instructors. The course’s plagiarism policy is applicable as outlined in the syllabus if the use of AI writing tools is detected.
Grading
Grading will be based on the following criteria (see also corresponding rubric below):
Thoroughness of background research
Demonstrated understanding of and correct application of the diamond model
Demonstrated understanding of the different “layers” of governance and the reasoning underlying your policy recommendations
Clarity and organization of the writing
Note: The Diamond Model and Policy sections are equally weighted in the rubric
Ineligible Incidents
The below incidents cannot be used for this assignment. The reason is that some incidents have already been analyzed in class, or there are already too many materials floating around on the web that could be copied. Here is a list of incidents that are not allowed:
Banrisul (Brazilian bank) (2016)
Capital One (2019)
Equifax (2017)
WannaCry (2017)
Marriott (2018)
Solarwinds (2020)
Colonial Pipeline (2021)
Stuxnet (2010)
Target (2013)
TJX (2007)
Ukraine electrical power grid (2015/2016)
US Office of Personnel Management (2014)
Sony (2014)
Yahoo (2014/2016)
Anthem (2015)
Bangladesh Bank (2016)
Petya/NotPetya (2017)
JBS Foods (2021)
Rubric
Final Paper Rubric
Final Paper Rubric
Criteria Ratings Pts
This criterion is linked to a Learning OutcomeBackground research
How thorough is your investigation that informs your analysis and recommendations? Were you able to collect sufficient facts to support your reasoning? Did you find reliable scholarly, journalistic and/or legal sources?
25 pts
Full Marks
0 pts
No Marks
25 pts
This criterion is linked to a Learning OutcomeDiamond model
Demonstrates clear understanding of and correctly applies the diamond model. Uses the model to illuminate the nature of the attack.
30 pts
Full Marks
0 pts
No Marks
30 pts
This criterion is linked to a Learning OutcomeGovernance layers
The paper demonstrates a correct understanding of the different layers of governance and makes a clear case for which layer should be the priority for a policy response in this case.
30 pts
Full Marks
0 pts
No Marks
30 pts
This criterion is linked to a Learning OutcomeWriting
Clear writing. Evidence and reasoning is well organized. Spelling and grammar are correct.
15 pts
Full Marks
0 pts
No Marks
15 pts
Total Points: 100
Reviews
There are no reviews yet.