1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee. Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med) 3 (High) (5) Prep ...