Module 7: Risk Assessments

Module 7 Hands-on Activity

"hands" by geralt via Pixabay. CC0Overview

Students download the Department of Homeland Security (DHS) CSET tool, install it, and use it to perform a Cybersecurity Framework Critical Infrastructure Risk Assessment.

 

Hands-on Activity  Objectives

  • Download, install, and run the CSET tool.
  • Demonstrate an understanding of the CSET tool risk assessment functions.
  • Apply the CSET tool to an IT general risk assessment
  • Develop a report using CSET.
  • Apply the standard available in the CSET tool to an IT general risk assessment.

 

Preparation

Watch some of the video tutorials available to help you better understand how to use the CSET tool. The videos are designed to play within YouTube, so you must have an active Internet connection to view them. You can access these videos by navigating to the CSET YouTube channel, https://www.youtube.com/c/CSETCyberSecurityEvaluationTool (link is external). To use close captioning in YouTube, click on the “cc” icon on the video window.

 

Downloading CSET onto a PC

System Requirements

In order to execute CSET, the following minimum system hardware and software is required:

  • Pentium dual core 2.2 GHz processor (Intel x86 compatible)
  • CD-ROM drive if creating a physical CD
  • 5 GB free disk space
  • 3 GB of RAM
  • Microsoft Windows 7* or higher
  • A Microsoft Office compatible (.docx) document reader is required to view reports in .docx format
  • A Portable Document Format (PDF) reader such as Adobe Reader is required to view supporting documentation. The latest free version of Adobe Reader may be downloaded from http://get.adobe.com/reader/ (link is external).
  • Microsoft .NET Framework 4.6 Runtime (included in CSET installation)
  • SQL Server 2012 Express LocalDB (included in CSET installation)

NOTE: For all platforms, we recommend that you upgrade to the latest Windows Service Pack and install critical updates available from the Windows Update website to ensure the best compatibility and security.

 

Downloading CSET

Download CSET using the following link: http://ics-cert.us-cert.gov/Downloading-and-Installing-CSET.

After clicking the link, you will be asked to identify yourself and will then be given the opportunity to download the file CSET_x.x.iso (where x.x represents the download version).

The CSET download is in a file format known as “ISO.” This file is an “image” of the equivalent installation files included on the CSET CD. Because of this format, it is necessary to process the download using one of the following methods:

  1. Decompressing the File — Open the file using any one of the newer compression utility software programs.
  2. Mounting the File — This method loads the ISO file using utility software to make the file appear like a virtual drive with the original CD loaded.
  3. Burning the file to CD — This method uses CD-burn software and the ISO file to burn the files onto your own CD to create a physical disk identical to the CSET original.

These methods require separate software utilities. A variety of both free and purchased utility programs available through the Internet will work with the ISO file format. As DHS does not recommend any specific application or vendor, it will be necessary for you to find a product that provides the necessary functionality. Step-by-step instructions for each method are provided below.

Decompressing the File

  1. Click the “Download CSET” link above and complete the requested information to download the ISO file.
  2. Save the file to your hard drive of choice (i.e., your computer hard drive or USB drive), maintaining the file name and extension (.iso).
  3. Open the ISO file with a compression utility program and save the files to your hard drive of choice, maintaining the original names and file extensions.
  4. Complete the “Installing the CSET Program” instructions below.

Mounting the File

  1. Click the “Download CSET” link above and complete the requested information to download the ISO file.
  2. Save the file to your hard drive of choice (i.e., your computer hard drive or USB drive), maintaining the file name and extension (.iso).
  3. Run your ISO-specific utility program that is capable of mounting the file. Complete the instructions within the utility software to create a virtual drive using the ISO file. If you do not have an ISO utility application, you will need to find and install one before continuing with these instructions.
  4. Complete the “Installing the CSET Program” instructions below.

Burning the file to CD

  1. Click the “Download CSET” link at the bottom of this page and complete the requested information to download the ISO file.
  2. Save the file to the hard drive on your computer, maintaining the filename and extension (.iso).
  3. Insert a blank, writable CD into the computer’s CD drive.
  4. Run your CD-burn utility program. Complete the instructions on your utility program to burn the ISO image to your DVD. (If you do not have an application that can do this, you will need to find and install one before continuing with these instructions.)
  5. Complete the “Installing CSET Program” instructions below.

 

Installing the CSET Program

  1. Fing the CSET_Setup.exe file in the folder, virtual drive, or CD containing the CSET files.
  2. Double-click the CSET_Setup.exe file to execute. This will initiate the installer program.
  3. Complete the instructions in the installation wizard to install the CSET program.
  4. Read the material within the ReadMe document for a summary explanation of how to use the tool. Help is also available through the User Guide, screen guidance text, and video tutorials.

 

Using CSET on a Mac

If you are using a Mac, you will need to download Oracle’s VM VirtualBox and set up a virtual PC. Then you can download and install CSET on the virtual PC per the above instructions. Here is the download link for VM VirtualBox: http://www.oracle.com/technetwork/server-storage/virtualbox/downloads/index.html.

About Oracle VM VirtualBox

VirtualBox is powerful Cross-platform Virtualization Software for x86-based systems. “Cross-platform” means that it installs on Windows, Linux, Mac OS X, and Solaris x86 computers. “Virtualization Software” means that you can create and run multiple virtual machines, running different operating systems, on the same computer at the same time. For example, you can run Windows and Linux on your Mac, run Linux and Solaris on your Windows PC, or run Windows on your Linux systems.

Oracle VM VirtualBox is available as Open Source or pre-built Binaries for Windows, Linux, Mac OS X, and Solaris.

 

Requesting a copy of CSET

If you are unable to download or install CSET from the link, you may request that a copy be shipped to you. To request a copy, please send an email to cset@hq.dhs.gov (link sends e-mail). Please insert “CSET” in the subject line and include the following in your email request:

  • Your name
  • Organization name
  • Complete street address (no P.O. boxes)
  • Telephone number
  • The error or installation issue you encountered when attempting the download

 

Assignment

Once you have installed CSET, perform a “Screen Print” of your desktop to show that the icon for CSET has been installed. Open a Microsoft Word document and paste the screen print into the document. Save the document and submit it to the instructor.

 

Grading Criteria Rubric

  1. Proof that the CSET Tool has been downloaded and installed.

Grade points: 100

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book