Project 2Student Name: Aisha TateDate:8-Oct-19This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submissionProject 2: Requires the Following THREE PiecesAreas to Improve1. Security Assessment Report (including relevant findings from Lab)2. Non-Technical Presentation Slides (Narration Not Needed)3. Lab Experience Report with Screenshots1. Security Assessment ReportDefining the OSBrief explanation of operating systems (OS) fundamentals and information systems architectures.1. Explain the user's role in an OS.good2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.good3. Describe the embedded OS.missing4. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture.missingInclude a brief definition of operating systems and information systems in your SAR.Other outstanding informationOS Vulnerabilities1. Explain Windows vulnerabilities and Linux vulnerabilities.good2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.good3. Explain the motives and methods for intrusion of MS and Linux operating systems.missing4. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems.missing5. Describe how and why different corporate and government systems are targets.missing6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injectionsmissingPreparing for the Vulnerability Scan1. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. good2. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.good3. Include a description of the applicable tools to be used, limitations, and analysis.good4. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS.good5. In your report, discuss the strength of passwordsgood5a. any Internet Information Services'good5b. administrative vulnerabilities, missing5c. SQL server administrative vulnerabilities, missing5d. Other security updates and good5e. Management of patches, as they relate to OS vulnerabilities.goodVulnerability Assessment Tools for OS and Applications (Lab)Use the tools' built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA):good1. Determine if Windows administrative vulnerabilities are present.good2. Determine if weak passwords are being used on Windows accounts.good3. Report which security updates are required on each individual system.missing4. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security update ...
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
Project 2Student Name Aisha TateDate8-Oct-19This form provides t.docx
1. Project 2Student Name: Aisha TateDate:8-Oct-19This form
provides the same classroom instructions in a checklist form to
help students and professors quickly evaluate a
submissionProject 2: Requires the Following THREE
PiecesAreas to Improve1. Security Assessment Report
(including relevant findings from Lab)2. Non-Technical
Presentation Slides (Narration Not Needed)3. Lab Experience
Report with Screenshots1. Security Assessment ReportDefining
the OSBrief explanation of operating systems (OS)
fundamentals and information systems architectures.1. Explain
the user's role in an OS.good2. Explain the differences between
kernel applications of the OS and the applications installed by
an organization or user.good3. Describe the embedded
OS.missing4. Describe how operating systems fit in the overall
information systems architecture, of which cloud computing is
an emerging, distributed computing network
architecture.missingInclude a brief definition of operating
systems and information systems in your SAR.Other outstanding
informationOS Vulnerabilities1. Explain Windows
vulnerabilities and Linux vulnerabilities.good2. Explain the
Mac OS vulnerabilities, and vulnerabilities of mobile
devices.good3. Explain the motives and methods for intrusion of
MS and Linux operating systems.missing4. Explain the types of
security management technologies such as intrusion detection
and intrusion prevention systems.missing5. Describe how and
why different corporate and government systems are
targets.missing6. Describe different types of intrusions such as
SQL PL/SQL, XML, and other injectionsmissingPreparing for
the Vulnerability Scan1. Include a description of the
methodology you proposed to assess the vulnerabilities of the
operating systems. good2. Provide an explanation and reasoning
of how the methodology you propose, will determine the
existence of those vulnerabilities in the organization’s
OS.good3. Include a description of the applicable tools to be
2. used, limitations, and analysis.good4. Provide an explanation
and reasoning of how the applicable tools you propose will
determine the existence of those vulnerabilities in the
organization’s OS.good5. In your report, discuss the strength of
passwordsgood5a. any Internet Information Services'good5b.
administrative vulnerabilities, missing5c. SQL server
administrative vulnerabilities, missing5d. Other security
updates and good5e. Management of patches, as they relate to
OS vulnerabilities.goodVulnerability Assessment Tools for OS
and Applications (Lab)Use the tools' built-in checks to complete
the following for Windows OS (e.g., using Microsoft Baseline
Security Analyzer, MBSA):good1. Determine if Windows
administrative vulnerabilities are present.good2. Determine if
weak passwords are being used on Windows accounts.good3.
Report which security updates are required on each individual
system.missing4. You noticed that the tool you used for
Windows OS (i.e., MBSA) provides dynamic assessment of
missing security updates. MBSA provides dynamic assessment
of missing security updates. Scan one or more computers by
domain, IP address range, or other grouping.missing5. Once
complete, provide a detailed report and recommendations on
how to make your system a more secure working environment.
In this case, a tool such as MBSA will create and store
individual XML security reports for each computer scanned and
will display the reports in the graphical user interface in
HTML.missingUtilize the OpenVAS tool to complete the
following:missing1. Determine if Linux vulnerabilities are
present.2. Determine if weak passwords are being used on Linux
systems.missing3. Determine which security updates are
required for the Linux systems.missing4.You noticed that the
tool you used for Linux OS (i.e., OpenVAS) provides dynamic
assessment of missing security updates. MBSA provides
dynamic assessment of missing security updates. Scan one or
more computers by domain, IP address range, or other
grouping.missing5.Once complete, provide a detailed report and
recommendations on how to make your system a more secure
3. working environmentmissing3. Presentation SlidesTitle
SlidegoodUse of Readable Fonts and ColorgoodSummarizes
Findings and Recommendations at High LevelgoodPresentation
Slides Feedback4. Lab Experience ReportSummarizes the Lab
Experience and FindingsgoodResponds to the
QuestionsgoodProvides Screenshots of Key ResultsgoodLab
Experience Report Feedback
10/2/2019 Module 3: Critical Thinking
https://csuglobal.instructure.com/courses/13694/assignments/26
8110 1/3
ITS320 Module 3 Critical Thinking
Option #2: Creating a Program to Calculate Weekly Average
Tax Withholding
Assignment Instructions
Create a program that will calculate the weekly average tax
withholding for a customer, given the
following weekly income guidelines:
Income less than $500: tax rate 10%
Incomes greater than/equal to $500 and less than $1500: tax rate
15%
Incomes greater than/equal to $1500 and less than $2500: tax
rate 20%
Incomes greater than/equal to $2500: tax rate 30%
Store the income brackets and rates in a dictionary.
Write a statement that prompts the user for an income and then
looks up the tax rate from the
dictionary and prints the income, tax rate, and tax.
Develop Python code that implements the program
requirements.
4. Assignment Submission Instructions
Submit a text file containing your Python code into the Module
3 drop box. Name your
file ITS320_CTA3_Option2.py.
10/2/2019 Module 3: Critical Thinking
https://csuglobal.instructure.com/courses/13694/assignments/26
8110 2/3
Criteria Ratings Pts
15.0 pts
10.0 pts
10.0 pts
10.0 pts
Requirements 15.0 to >12.0 pts
Meets Expectation
Includes all of the required
components, as specified in the
assignment, including the
submission of the text file that
contains your Python code in Option
1 OR Option 2.
5. 12.0 to >9.0 pts
Approaches
Expectation
Includes most
of the required
components, as
specified in the
assignment.
9.0 to >6.0 pts
Below
Expectation
Includes some
of the required
components,
as specified in
the
assignment.
6.0 to >0 pts
Limited
Evidence
Includes few
of the
required
components,
as specified
in the
assignment.
Content 10.0 to >8.0 pts
Meets Expectation
Demonstrates strong or adequate
knowledge of creating a Python
program to calculate the value of a
6. Ferrari OR to calculate weekly
average tax withholding; correctly
represents knowledge from the
readings and sources.
8.0 to >6.0 pts
Approaches
Expectation
Some
significant but
not major errors
or omissions in
demonstration
of knowledge.
6.0 to >4.0 pts
Below
Expectation
Major errors or
omissions in
demonstration
of knowledge.
4.0 to >0 pts
Limited
Evidence
Fails to
demonstrate
knowledge
of the
materials.
Problem
Solving
10.0 to >8.0 pts
7. Meets Expectation
Demonstrates strong or
adequate thought and
insight in problem solving.
8.0 to >6.0 pts
Approaches
Expectation
Some significant but not
major errors or omissions
in problem solving.
6.0 to >4.0 pts
Below
Expectation
Major errors or
omissions in
problem
solving.
4.0 to >0 pts
Limited
Evidence
Fails to
demonstrate
problem
solving.
Critical
Thinking
10.0 to >8.0 pts
Meets Expectation
Demonstrates strong or
adequate critical thinking in
working through the coding
8. process.
8.0 to >6.0 pts
Approaches
Expectation
Some significant but
not major errors or
omissions in critical
thinking.
6.0 to >4.0 pts
Below
Expectation
Major errors or
omissions in
critical
thinking.
4.0 to >0 pts
Limited
Evidence
Fails to
demonstrate
critical
thinking.
10/2/2019 Module 3: Critical Thinking
https://csuglobal.instructure.com/courses/13694/assignments/26
8110 3/3
Total Points: 65.0
Criteria Ratings Pts
9. 10.0 pts
10.0 pts
Demonstrates
college-level
proficiency in
organization,
grammar and
style.
10.0 to >8.0 pts
Meets Expectation
Project is clearly
organized, well
written, and in
proper format as
outlined in the
assignment. Strong
sentence and
paragraph
structure; few errors
in grammar and
spelling.
8.0 to >6.0 pts
Approaches
Expectation
Project is fairly well
organized and written,
and is in proper format
as outlined in the
10. assignment. Reasonably
good sentence and
paragraph structure;
significant number of
errors in grammar and
spelling.
6.0 to >4.0 pts
Below Expectation
Project is poorly
organized and does
not follow proper
paper format.
Inconsistent to
inadequate sentence
and paragraph
development;
numerous errors in
grammar and
spelling.
4.0 to >0 pts
Limited
Evidence
Project is not
organized or
well written, and
is not in proper
paper format.
Poor quality
work;
unacceptable in
terms of
grammar and
spelling.
11. Demonstrates
proper use of
APA style
10.0 to >8.0 pts
Meets Expectation
Project and/or
questions contain
proper APA formatting,
according to the CSU-
Global Guide to Writing
and APA, with no more
than one significant
error.
8.0 to >6.0 pts
Approaches
Expectation
Few errors in APA
formatting,
according to the
CSU-Global Guide
to Writing and APA,
with no more than
two to three
significant errors.
6.0 to >4.0 pts
Below
Expectation
Significant errors
in APA formatting,
according to the
CSU-Global Guide
to Writing and
APA, with four to
12. five significant
errors.
4.0 to >0 pts
Limited Evidence
Numerous errors in
APA formatting,
according to the
CSU-Global Guide
to Writing and APA,
with more than five
significant errors.
Project 2: OPERATING SYSTEM VULNERABILITY LAB
Microsoft (MS), Baseline Security Analyzer (MBSA), and the
Open Vulnerability Assessment System (OpenVAS) operating
system (OS) vulnerability (OSV) scanning tools were required
to conduct Lab 2. This Lab required the security manager (Sec
Mgr) and system administrator (Sys Admin) to use the MBSA
and OpenVAS tools to scan for OS vulnerabilities across the
company’s network for Windows (Microsoft Office) and
LINUX. Screenshots provided displays the process of using
both of these tools. While using the tools during this lab, the
Security Manager and the System Administrator noted that the
MBSA tools were more simplified to use and provided a more
detailed list of findings and remediation steps for all types of
Microsoft Office (MO) vulnerabilities. It also concluded, that
the OpenVAS tool was much more difficult to use due to it
requiring the user to have a decent knowledge or understanding
of the Linux operating system and commands. Although, the
operation was more challenging, the OpenVAS tool provided a
more comprehensive list of common vulnerabilities and
exposure findings that encompassed all vulnerabilities. This
detailed list also includes hyperlinks that explained remediation
instructions for the system administrator to use. The Microsoft
13. Baseline Security Analyzer (MBSA) scan of the network
granted the Security Manager and the System Administrator
with a list of vulnerabilities. In addition to the notation that the
Windows Firewall was disabled without proper authorization.
This led to incorrect auditing configurations, Sequel (SQL)
Server and Microsoft Server Desktop Engine (MSDE) not being
installed, the Internet Information System (IIS) not running on
the system, and none of the Microsoft Office products on the
system were supported. The OpenVAS scan of the network
allowed for the System Administrator and the Security Manager
to find numerous encryption vulnerabilities, program errors, and
other vulnerabilities. A security scan of the network also
determined that more than half of all of the system
vulnerabilities were classified as High or Medium. This would
mean that these were serious threats to be monitored. The
System Administrator and the Security Manager will need to
work harmoniously in order to correct the vulnerabilities
identified during the OpenVAS and MBSA scans. Both the
System Administrator and the Security Manager will need to
complete of all scans in order to discuss the different
vulnerabilities and discuss remediation procedures. Once this
has taken place, both will require the discussion of and provide
a list of the vulnerabilities by priority (High to Low) in regards
to threat level.
Project 2: Operating Systems Vulnerabilities (Windows and
Linux)
Transcript:
Congratulations, you are the newly appointed lead cybersecurity
engineer with your company in the oil and natural gas sector.T
14. his is a senior-level position. You were hired two months ago ba
sed on your successful cybersecurity experience with a previous
employer. Your technical knowledge of cybersecurity is solid.
However, you have a lot to learn about this company’s culture,
processes, and IT funding decisions, which are made by higher
management. You have recently come across numerous anomali
es and incidents leading to security breaches. The incidents took
place separately, and it has not been determined if they were ca
used by a single source or multiple related sources. First, a mon
th ago, a set of three corporate database servers crashed suddenl
y. Then, a week ago, anomalies were found in the configuration
of certain server and router systems of your company.You imme
diately recognized that something with your IT resources was n
ot right. You suspect that someone, or some group, has been reg
ularly accessing your user account and conducting unauthorized
configuration changes. You meet with your leadership to discus
s the vulnerabilities. They would like you to provide a security
assessment report, or SAR, on the state of the operating systems
within the organization. You're also tasked with creating a non-
technical narrated presentation summarizing your thoughts.
The organization uses multiple operating systems that are Micro
soft-based and Linux-based.
You will have to understand these technologies for vulnerability
scanning using the tools that work best for the systems in the c
orporate network.You know that identity management will incre
ase the security of the overall information systems infrastructur
e for the company. You also know that with a good identity man
agement system, the security and productivity benefits will out
weigh costs incurred. This is the argument you must make to the
stakeholders.
The operating system (OS) of an information system contains
the software that executes the critical functions of the
information system. The OS manages the computer's memory,
processes, and all of its software and hardware. It allows
different programs to run simultaneously and access the
computer's memory, central processing unit, and storage. The
15. OS coordinates all these activities and ensures that sufficient
resources are applied. These are the fundamental processes of
the information system and if they are violated by a security
breach or exploited vulnerability it has the potential to have the
biggest impact on your organization.
Security for operating systems consists of protecting the OS
components from attacks that could cause deletion,
modification, or destruction of the operating system. Threats to
an OS could consist of a breach of confidential information,
unauthorized modification of data, or unauthorized destruction
of data. It is the job of the cybersecurity engineer to understand
the operations and vulnerabilities of the OS (whether it is a
Microsoft, Linux, or another type of OS), and to provide
mitigation, remediation, and defense against threats that would
expose those vulnerabilities or attack the OS.
Step 1: Defining the OS
The audience for your security assessment report (SAR) is the
leadership of your organization, which is made up of technical
and nontechnical staff. Some of your audience will be
unfamiliar with operating systems (OS). As such, you will begin
your report with a brief explanation of operating systems
fundamentals and the types of information systems.
Click on and read the following resources that provide essential
information you need to know before creating a thorough and
accurate OS explanation:
operating systems fundamentals
the applications of the OS
The Embedded OS
information system architecture
cloud computing
web architecture
After reviewing the resources, begin drafting the OS overview
to incorporate the following:
Explain the user's role in an OS.
Explain the differences between kernel applications of the OS
and the applications installed by an organization or user.
16. Describe the embedded OS.
Describe how the systems fit in the overall information system
architecture, of which cloud computing is an emerging,
distributed computing network architecture.
Include a brief definition of operating systems and information
systems in your SAR.
Step 2: OS Vulnerabilities
You just summarized operating systems and information
systems for leadership. In your mind, you can already hear
leadership saying "So what?" The organization's leaders are not
well versed in operating systems and the threats and
vulnerabilities in operating systems, so in your SAR, you decide
to include an explanation of advantages and disadvantages of
the different operating systems and their known vulnerabilities.
Prepare by first reviewing the different types of vulnerabilities
and intrusions explained in these resources:
Windows vulnerabilities
Linux vulnerabilities
Mac OS vulnerabilities
SQL PL/SQL, XML and other injections
Based on what you gathered from the resources, compose the
OS vulnerability section of the SAR. Be sure to:
Explain Windows vulnerabilities and Linux vulnerabilities.
Explain the Mac OS vulnerabilities, and vulnerabilities of
mobile devices.
Explain the motives and methods for intrusion of the MS and
Linux operating systems;
Explain the types of security awareness technologies such as
intrusion detection and intrusion prevention systems.
Describe how and why different corporate and government
systems are targets.
Describe different types of intrusions such as SQL PL/SQL,
XML, and other injections
You will provide leadership with a brief overview of
vulnerabilities in your SAR.
Step 3: Preparing for the Vulnerability Scan
17. You have just finished defining the vulnerabilities an OS can
have. Soon you will perform vulnerability scanning and
vulnerability assessments on the security posture of the
organization's operating systems. But first, consider your plan
of action. Read these two resources to be sure you fully grasp
the purpose, goals, objectives, and execution of vulnerability
assessments and security updates:
Vulnerability assessments
Patches
Then provide the leadership with the following:
Include a description of the methodology you proposed to assess
the vulnerabilities of the operating systems. Provide an
explanation and reasoning of how the methodology you propose,
will determine the existence of those vulnerabilities in the
organization’s OS.
Include a description of the applicable tools to be used, and the
limitations of the tools and analyses, if any. Provide an
explanation and reasoning of how the applicable tools to be
used, you propose, will determine the existence of those
vulnerabilities in the organization’s OS.
Include the projected findings from using these vulnerability
assessment tools.
In your report, discuss the strength of passwords, any Internet
Information Services' administrative vulnerabilities, SQL server
administrative vulnerabilities, and other security updates and
management of patches, as they relate to OS vulnerabilities.
Step 4: LAB (I will conduct the lab)
Step 5: The Security Assessment Report
By utilizing security vulnerability assessment tools, such as
MBSA and OpenVAS, you now have a better understanding of
your system's security status. Based on the results provided by
these tools, as well as your learning from the previous steps,
you will create the Security Assessment Report (SAR).
In your report to the leadership, emphasize the benefits of using
a free security tool such as MBSA. Then make a
recommendation for using these types of tools (i.e., MBSA and
18. OpenVAS), including the results you found for both.
Remember to include these analyses and conclusions in the SAR
deliverable:
After you provide a description of the methodology you used to
make your security assessment, you will provide the actual data
from the tools, the status of security and patch updates, security
recommendations, and offer specific remediation guidance, to
your senior leadership.
You will include any risk assessments associated with the
security recommendations, and propose ways to address the risk
either by accepting the risk, transferring the risk, mitigating the
risk, or eliminating the risk.
Include your SAR in your final deliverable to leadership.
Step 6: The Presentation
Based on what you have learned in the previous steps and your
SAR, you will also develop a presentation for your company's
leadership.
Your upper-level management team is not interested in the
technical report you generated from your Workspace exercise.
They are more interested in the bottom line. You must help
these non-technical leaders understand the very technical
vulnerabilities you have discovered. They need to clearly see
what actions they must either take or approve. The following
are a few questions to consider when creating your
non-technical presentation:
How do you present your technical findings succinctly to a
non-technical audience? Your Workspace exercise report will
span many pages, but you will probably not have more than 30
minutes for your presentation and follow-up discussion.
How do you describe the most serious risks factually but
without sounding too temperamental? No one likes to hear that
their entire network has been hacked, data has been stolen, and
the attackers have won. You will need to describe the
seriousness of your findings while also assuring upper-level
management that these are not uncommon occurrences today.
How do your Workspace exercise results affect business
19. operations? Make sure you are presenting these very technical
results in business terms that upper-level management will
understand.
Be very clear on what you propose or recommend. Upper-level
management will want to not only understand what you
discovered; they will want to know what you propose as a
solution. They will want to know what decisions they need to
make based on your findings.
Requirements:
Your goal for the presentation is to convince the leadership that
adopting a security vulnerability assessment tool (such as
MBSA) and providing an extra security layer is a must for the
company.
The deliverables for this project are as follows:
Security Assessment Report (SAR): This report should be a 7-8
page double-spaced Word document with citations in APA
format. The page count does not include figures, diagrams,
tables, or citations.
Nontechnical presentation: This is a set of 8-10 PowerPoint
slides for upper management that summarizes your thoughts
regarding the findings in your SAR.
In a Word document, share your lab experience and provide
screen prints to demonstrate that you performed the lab.
Graded competencies:
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them in your work.
1.1: Organize document or presentation clearly in a manner that
promotes understanding and meets the requirements of the
assignment.
2.3: Evaluate the information in a logical and organized manner
to determine its value and relevance to the problem.
10.1: Identify potential threats to operating systems and the
security features necessary to guard against them.