Secure Videoconferencing Communications

Project 4: Secure Videoconferencing Communications
Start Here

Transcript

Cybersecurity professionals are frequently required to assess the security, risk applications, and systems for business communications before they can be added to an organization’s network. CISOs need to assess risks posed to the organization and develop new security measures or adjust current measures to address these risks appropriately. These evaluations involve comparing competing applications or systems against the organization’s baseline to determine the best balance between business needs and the security and risk appetite of the organization.

Videoconferencing and collaboration systems vary in cost, configuration, functionality, use, and collaboration capability. These systems are trusted to facilitate sensitive and proprietary discussions through their use of encrypted communication channels. Yet these systems have vulnerabilities and are prone to threats and attacks ranging from phishing, credential compromise, and even malware insertion. Therefore, analysis of possible threats, attacks, and vulnerabilities inherent in these systems is critical in developing defense and protection strategies for voice and video data at all endpoints and during transit.

In this project, you will present your proposal in the form of a narrated slide deck. Be sure to refer to Guidelines for Presentation on Secure Videoconferencing. Also, you will complete a lab report on secure videoconferencing. There are six steps to the project, and the project as a whole should take about two weeks to complete. Begin with the workplace scenario above and then continue to Step 1.

Deliverables

• Executive briefing: This is a 10- to 15-slide visual narrated presentation for business executives and board members. Limit of 15 minutes of narration/total length.
• Lab report: Generated from Workspace.

Competencies

Your work will be evaluated using the competencies listed below.

• 1.8: Create clear oral messages.
• 2.2: Locate and access sufficient information to investigate the issue or problem.
• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
• 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology.
• 5.7: Apply proven methods to secure telecommunications media, transmission, and protocol.
• 6.3: Specify security solutions based on knowledge of principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, and data standardization processes.
• 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
• 7.4: Knowledge of policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, and equipment, and to manage mitigation strategies that achieve the security needed at an affordable cost.
• 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
• 9.4: Manages and supports the acquisition life cycle, including planning, determining specifications, selecting, and procuring information and communications technology (ICT) and cybersecurity products used in the organization’s design, development, and maintenance of its infrastructure to minimize potential risks and vulnerabilities.

Step 1: Develop Functional Requirements for Videoconferencing

The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.

In developing those requirements, research three videoconferencing solutions such as Zoom, Skype, GotoMeeting, Polycom, and Cisco WebEx and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.

The functional requirements and the three possible solutions will be a section of your proposal. In the next step, you will review the challenges of implementing those solutions.

Step 2: Discuss Implementation Challenges

In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems.

Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems.

The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your proposal. In the next step, you will take a closer look at each of the potential videoconferencing vendors.

Step 3: Identify Vendor Risks

You’ve finished outlining the pros and cons of three videoconferencing systems. Now, it’s time to take a close look at how they serve their clients. This will take some research. Look at the systems’ known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure.

This step will be a section of your proposal.

In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal.

Step 4: Develop Best Practices for Secure Videoconferencing

The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company’s videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.

This “best practices” section will be part of the overall proposal.

In the next step, you will develop system integrity checks within a virtual lab environment.

Step 5: Develop System Integrity Checks

As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files.

The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain.

Complete This Lab

Resources

• Accessing the Virtual Lab Environment: Navigating UMGC Virtual Labs and Lab Setup
• Self-Help Guide (Workspace): Getting Started and Troubleshooting
• Link to the Virtual Lab Environment: https://vdi.umgc.edu/

Lab Instructions

• Yara Lab Exercise

Getting Help

To obtain lab assistance, fill out the support request form.

Make sure you fill out the fields on the form as shown below:

• Case Type: UMGC Virtual Labs Support
• Customer Type: Student (Note: faculty should choose Staff/Faculty)
• SubType: ELM-Cyber (CST/DFC/CBR/CYB)
• SubType Detail: Pick the category that best fits the issue you are experiencing
• Email: The email that you currently use for classroom communications

In the form’s description box, provide information about the issue. Include details such as steps taken, system responses, and add screenshots or supporting documents.

Remember that your lab report will be submitted along with your proposal and relevent aspects of the lab may be referenced within the proposal.

Now, you are ready for the final step, which will be to put all of the components of the proposal together for management.

Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials

It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. Refer to this guidance on asynchronous presentations and Guidelines for Presentation on Secure Videoconferencing.

The assignments for this project are as follows:

• Executive briefing: This is a 10- to 15-slide visual narrated presentation for business executives and board members. Limit of 15 minutes of narration/total length.
• Lab report: Generated from Workspace.

Submit all components to the assignment folder.

Submission for Project 4: Secure Videoconferencing Communications

Previous submissions

0

Drop files here, or click below.

Add Files

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 1.8: Create clear oral messages.
• 2.2: Locate and access sufficient information to investigate the issue or problem.
• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
• 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology.
• 5.7: Apply proven methods to secure telecommunications media, transmission, and protocol.
• 6.3: Specify security solutions based on knowledge of principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, and data standardization processes.
• 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
• 7.4: Knowledge of policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, and equipment, and to manage mitigation strategies that achieve the security needed at an affordable cost.
• 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
• 9.4: Manages and supports the acquisition life cycle, including planning, determining specifications, selecting, and procuring information and communications technology (ICT) and cybersecurity products used in the organization’s design, development, and maintenance of its infrastructure to minimize potential risks and vulnerabilities.