Running head: Risk Assessment Repot (RAR) 1
Risk Assessment Report (RAR) 8
Risk Assessment Report (RAR)
CYB 610: Cyberspace and Cybersecurity Foundations
Me
University of Maryland University College
Purpose
The purpose of this risk assessment is to evaluate the adequacy of the Amazon Corporation's security. This risk assessment report provides a structured but qualitative assessment of the operational environment for Amazon corporations. It addresses issues of sensitivity, threats analysis, vulnerabilities analysis, risks analysis and safeguards applied in Amazon Corporation. The report and the assessment recommends use of cost-effective safeguards in order to mitigate threats as well as the associated exploitable vulnerabilities inAmazon Corporation.
The Organization
The Amazon Corporation's system environment is run as a distributed client and server environment consisting of a Microsoft Structured Query Language (SQL) database built with Powerful programming code. The Amazon Corporation contains SQL data files, Python application code, and executable Java and Java scripts. The SQL production data files, documented as consisting of SQL stored procedures and SQL tables, reside on a Cloud storage area network attached to a HP server running on Windows XP and MS SQL 2000 operating systems. The Python application code resides on a different IBM server running on KALI LINUX (NIST, 2014).
The Amazon Corporation's executables reside on a fileserver running Windows 2000 and KALI LINUX or occasionally a local workstation is installed depending upon the loads and jobs Requirements. Their desktop computers are physically connected to a Wide Area Network (WAN). Some users revealed that they usually connect via secured dial-up and DSL connections using a powerful Citrix server. Normally, a user should connect to an active application server in their city that hosts the Amazon Corporation's application and to the shared database server located in Atlanta (NIST, 2014).
Scope
The scope of this risk assessment is to assess the system's use of resources and controls implemented and to report on plans set to eliminate and manage vulnerabilities exploitable by threats identified in this report whether internal and external to Amazon. If not eliminated but exploited, these vulnerabilities could possibly result in:
· Unauthorized disclosure of data as well as unauthorized modification to the system, its data, or both and denial of service, denial of access to data, or both to authorized users.
This Risk Assessment Report project for Amazon Corporation evaluates the confidentiality which means protection from unauthorized disclosure of system and data information, integrity which means protection from improper modification of information, and availability which ...
Penetration Testing is interesting and difficult work.
The main result of this work is Report. It can be used for Customer Presentation, Vulnerabilities Mitigation and Audit Compliance. Report is final proof of completed work and good overall score of Security Status.
Vulnerability Assessment & Penetration Testing (VAPT) identifies system weaknesses through assessments and simulates real-world attacks to bolster cybersecurity measures.
Phi 235 social media security users guide presentationAlan Holyoke
The document provides an overview of various cyber security solutions and concepts. It discusses 13 sections related to cyber security including access control solutions, vulnerability analysis, gap analysis, penetration testing, web application security, log analysis, network traffic analysis, information security policy design, and security products identification. Each section provides 1-3 paragraphs explaining the topic and key considerations.
This document discusses different types of security assessments:
1) Technical security testing assesses security flaws through vulnerability assessments, network penetration testing, web application testing, and source code analysis.
2) Security process assessments evaluate weaknesses in security processes by reviewing frameworks like NIST CSF and COBIT.
3) Security audits involve compliance checks both internally and externally to verify proper security controls are in place.
In this Infographic, we've covered the pivotal stages of penetration testing which will help you in building a more formidable penetration testing strategy.
To learn more about pen testing, visit: https://www.kiwiqa.com/penetration-testing-service.html
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
Penetration Testing is interesting and difficult work.
The main result of this work is Report. It can be used for Customer Presentation, Vulnerabilities Mitigation and Audit Compliance. Report is final proof of completed work and good overall score of Security Status.
Vulnerability Assessment & Penetration Testing (VAPT) identifies system weaknesses through assessments and simulates real-world attacks to bolster cybersecurity measures.
Phi 235 social media security users guide presentationAlan Holyoke
The document provides an overview of various cyber security solutions and concepts. It discusses 13 sections related to cyber security including access control solutions, vulnerability analysis, gap analysis, penetration testing, web application security, log analysis, network traffic analysis, information security policy design, and security products identification. Each section provides 1-3 paragraphs explaining the topic and key considerations.
This document discusses different types of security assessments:
1) Technical security testing assesses security flaws through vulnerability assessments, network penetration testing, web application testing, and source code analysis.
2) Security process assessments evaluate weaknesses in security processes by reviewing frameworks like NIST CSF and COBIT.
3) Security audits involve compliance checks both internally and externally to verify proper security controls are in place.
In this Infographic, we've covered the pivotal stages of penetration testing which will help you in building a more formidable penetration testing strategy.
To learn more about pen testing, visit: https://www.kiwiqa.com/penetration-testing-service.html
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector.
These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self-audits in preparation for actual external IT audits, and compile security assessment reports.
In this project, you will develop a 12-page written
security assessment report
and
executive briefing (slide presentation)
for a company and submit the report to the leadership of that company.
There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1.
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram:
[diagram and report]
Include the following areas in this portion of the SAR:
Security requirements and goals for the preliminary security baseline activity.
Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.
Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you:
What are the security risks and concerns?
What are ways to get real-time understanding of the security posture at any time?
How regularly should the security of the enterprise network be tested, and what type of tests should be used?
What are the processes in play, or to be established to respond to an incident?
Workforce skill is a critical success factor in any.
Getting the Most Value from VM and Compliance Programs white paperTawnia Beckwith
- The document discusses how organizations can get the most value from their vulnerability management and compliance programs. It addresses common obstacles such as incomplete network coverage, lack of stakeholder buy-in, and providing reports tailored to different audiences.
- Key recommendations include revisiting program goals, ensuring comprehensive network scanning, generating automated reports for stakeholders, addressing organizational resistance, and properly supporting security teams. Following these recommendations can help programs more effectively measure and reduce security risks over time.
CYB610 Project Common computing platforms.docxwrite5
The document discusses a security breach at the Office of Personnel Management (OPM) and lessons learned for improving security practices. As an Information Assurance Management Officer, the narrator is asked to analyze the breach and vulnerabilities of OPM's information systems. The document outlines steps to create a Security Assessment Report and Risk Assessment Report, including developing an enterprise network diagram, identifying threats to the network from the OPM breach report, and differentiating internal and external threats.
ClearArmor CSRP - 01.01
SOFTWARE BASED VULNERABILITIES
CyberSecurity is a Business Issue, not a Technology Issue
CyberSecurity is not just about reacting. It includes Risk Management, Audit, Compliance, and training. It also requires continuous attention to Cyber Hygiene. CyberSecurity requires continuous measurement, monitoring, and remediation. Is your organization reactive or proactive? Move to proactive CyberSecurity.
To comply with the intent of the NIST CyberSecurity Framework (CSF), Cyber Hygiene is a requirement. To Comply with NIST 800-53, 800-171, DFARS, NY State DFS Part 500, and a plethora of other frameworks and compliance guidelines requires continuous risk reduction through vulnerability remediation. ClearArmor CyberSecurity Resource Planning (CSRP) enables your organization to meet those requirements.
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
NGOKAN - ATTENTION
PROJECT 3 – ASSESSING INFORMATION SYSTEM VULNERABILITY AND RISK MITIGATION -
I WILL DO THE LAB, JUST NEED HELP WITH THE SAR and RAR (reports)
Intro video on the deliverables is here
https://youtu.be/rStxKMeGXAI
Please select part of your references from this below.
http://resources.sei.cmu.edu/library/
SEE ATTACHED DOCUMENTS FOR READING AND REFERENCE
The deliverables for this project are as follows:
Security Assessment Report (SAR): This should be an
8-page
double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2.
Risk Assessment Report (RAR): This report should be
a 5-page
double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Please select part of your references from this below.
http://resources.sei.cmu.edu/library/
Pick an organization of your choice (pick from any sector, be creative)
1.
Security Assessment Report (SAR) with the following sections: please pay attention to details of the ENTIRE requirements (use figures, tables and diagrams where applicable)
·
Organizational Background
Describe the background of the organization you have picked
Purpose
Describe purpose of the assessment (refer to the incident of OPM below in the transcript)
Organizational structure
o
Describe the organizational structure, the network system description, and a diagram of the organization.
(Please insert this diagram)
Include LAN, WAN, and systems in diagram format (
use the OPM systems model of LAN side networks)
, the intra-network, and WAN side networks, the Internet. Identify the boundaries that separate the inner networks from the outside networks.
o
include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals.
(cite reference)
o
What insider threats are a risk to your organization
o
differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams.
(cite reference)
o
Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your fictitious organization. How likely is it that a similar attack will occur at your organization?
(cite reference)
Scope
Describe the scope of the assessment
Methodology
(cite references)
o
Use a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR.
o
identify the security issues in your fictitious organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords.
o
Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security i ...
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
College of Administrative and Financial Sciences
Assignment 1
Deadline: 19/10/2019 @ 23:59
Course Name: Strategic Management
Student’s Name:
Course Code: MGT 401
Student’s ID Number:
Semester: I
CRN:
Academic Year: 1440/1441 H
For Instructor’s Use only
Instructor’s Name:
Students’ Grade: Marks Obtained/Out of
Level of Marks: High/Middle/Low
Instructions – PLEASE READ THEM CAREFULLY
· The Assignment must be submitted on Blackboard (WORD format only) via allocated folder.
· Assignments submitted through email will not be accepted.
· Students are advised to make their work clear and well presented, marks may be reduced for poor presentation. This includes filling your information on the cover page.
· Students must mention question number clearly in their answer.
· Late submission will NOT be accepted.
· Avoid plagiarism, the work should be in your own words, copying from students or other resources without proper referencing will result in ZERO marks. No exceptions.
· All answered must be typed using Times New Roman (size 12, double-spaced) font. No pictures containing text will be accepted and will be considered plagiarism).
· Submissions without this cover page will NOT be accepted.
Learning outcomes:
1. Understand the basic concepts and terminology used in Strategic Management. (Lo 1.2)
2. Understand the Corporation Social Responsibility (Lo 1.4).
3. Understand issues related to strategic competitive advantage in organizations (Lo 2.2)
Assignment Questions: (5 Marks)
Question 1. (2 marks)
Discuss the relationship between the social responsibility of a corporation and its competitive advantage. Enrich your answer by examples. (Max 700 words).
(Your answers should include outside references (other than the slides and textbook) using a proper referencing style (APA). Using references from SDL will be highly valued.
Question 2. (3 marks)
To prepare for this assignment, review Figure 4.3 entitled ‘forces driving industry competition’ from your textbook (Figure 4.2- Ch4- Slide no 18) and the text relative to Porter’s Five Forces of Competition framework. Consider the role of the following key forces of suppliers, substitutes, buyers, and potential entrants.
Select a Middle Eastern company of your choosing and assess the power of each of five forces on that firm:
a. How powerful are the buyers, suppliers, and substitutes? How formidable are the barriers to entry and how intense is the rivalry among existing firms? (2 marks)
b. Which of the forces has the biggest impact on the firm? Why? (1 mark)
Answers:
Question 1.
Question 2.
a.
b.
Project 3
Transcript: You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting ...
This article discusses approaches to assessing the adequacy of a firm's cybersecurity posture. It proposes that assessments should be conducted in phases focusing on attack vectors, using skilled assessors with a variety of tools. Assessments should take a risk-based approach, ensure patch management is adequate, review defense-in-depth strategies, and use standards like NIST SP 800-53 to test the actual security state. The assessments aim to identify vulnerabilities and ensure perimeter defenses and compliance-based strategies are updated to address evolving cyber risks.
This comprehensive risk report provides a detailed analysis of potential risks and vulnerabilities within a company that conducts self-audits. Offering insights into both operational and financial aspects, the report identifies areas of concern, outlines risk mitigation strategies, and aims to enhance transparency and governance within the organization. By proactively addressing risks, the company demonstrates its commitment to effective self-regulation and sound business practices.
The document discusses an SAP Security Assessment (SSA) that Openware offers to assess security risks in a client's SAP R/3 environment. The SSA includes an analysis of the current security context, vulnerabilities, risks, and recommendations. It examines security across users, authorizations, networks, operating systems, databases, and interfaces. The SSA follows a process of analyzing the context, identifying vulnerabilities and risks, and providing a report with solutions to strengthen security.
Rhys A. Mossom offers network security services including penetration tests, vulnerability assessments, web application security assessments, source code reviews, security training, and research and development. Services are designed to identify security issues, exploit vulnerabilities, and provide mitigation recommendations through comprehensive reporting. Testing can be performed internally, externally, or on web applications and source code. Training courses cover topics like social engineering, web application hacking, and Bluetooth security.
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxjeanettehully
Running head: SECURITY ANALYSIS REPORT 1
SECURITY ANALYSIS REPORT 13
Project 3: Security Analysis Report on Factors that are Likely to Affect Ombank’s Organizational Information Systems Infrastructure
Aisha Tate
UMUC
August 26, 2019
Aisha
2nd Submission – Does not meet requirements – one more submission allowed. Please review the checklist and review both submissions. Read the project requirements and share an action plan before you work and submit the last revision.
Thanks for your continued efforts. Here is what you have done well
· You have focused on an organization and you have tried to apply the knowledge, skills and abilities you have gained
· You have continued to improve your research skills.
· You have done a good job with your APA formatting Skills
I feel that you did not go through this checklist below. Avoid using generic graphics from literature especially if they are not directly pertinent to the discussion. You did a good job with RAR report. You put much effort with your lab. Leverage Project 2 and Project 3 lab information in this SAR report. Please work on the quality of your references – especially in your RAR and SAR report
Dr K
Student Name: Aisha Tate
Date:6-Sep-2019
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 3: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from Lab)
See detailed comments below
2. Risk Assessment Report
Meets Requirements – revise
When you update SAR
3. Lab Experience Report with Screenshots
Continue to improve
Revise and connect with SAR
1. Security Assessment Report
Enterprise Network Diagram
You will propose a local area network (LAN) and
Please research organizations
For network information s
a wide area network (WAN)
define the systems environment,
Meets expectations
incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Needs improvement
Threats
Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.
Please find papers and share
Common organizational challenges
differentiate between the external threats to the system and the insider threats.
?????
entify where these threats can occur in the previously created diagrams.
Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
Good effort
Identifying Security Issues
Provide an analysis of the strength of passwords used by the employees in your organization.
Tie in lab results
Are weak passwords a security issue for your organization?
????
Firewalls and Encryption
Determine the role of firewalls and encryption, and auditing
???
RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the informati ...
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
US AI Safety Institute and Trustworthy AI Details.Bob Marcus
This is a discussion of the possible role of the US AI Safety Institute in regulating Generative AI. It includes External Red Team Testing and an Incident Tracking Database.
The following paper was submitted as my thesis for the RWSP certification. Thought others may find interest in it.
Abstract
Research indicates that current trends in information security threats outpaces the security controls that reduce and or eliminate information security vulnerabilities. This document examines the approach of achieving maximum information security defensibility, by utilizing effective offensive testing. Compared are the differences in the effectiveness of security testing by performing a controlled test – referred to as “vanilla” testing, and a responsibly orchestrated blackhat test. Contrary to popular industry belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house,” contrary to popular belief. Offered, are arguments, costs associated with testing, and counterpoints against organizational decisions that disallow certain types of testing. Blackhat based testing is similar to what a malicious and structured attacker would perform and it is believed that by performing “blackhat” testing, we are taking a “realistic” approach to vulnerability testing. This is the proper route to take to ensure fully scoping the potential vulnerabilities in a given environment in an effort to maintain proper defensibility.
1) The document discusses a proposed Vulnerability Management System (VMS) to identify and manage software vulnerabilities.
2) It provides an overview of vulnerability management and discusses related work that has been done in vulnerability databases and tracking systems.
3) The proposed VMS would use morphological inspection and static analysis to assess vulnerabilities, store information in a database, and rank vulnerabilities based on severity. It would consist of a vulnerability scanner, process control platform, and data storage.
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
This document summarizes a presentation on secure engineering practices for Java given at JavaOne 2013. It discusses the importance of software assurance over just security controls. It emphasizes that achieving a high level of software assurance requires attention to security throughout the development lifecycle, including risk assessment, secure coding practices, security testing, documentation, and incident response. The presentation recommends that development teams understand security risks and threats in order to build secure software.
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
The document outlines Maxistar Medical Supplies Company's new Security and Compliance Plan. It identifies known risks in their current system, including issues with change control, access controls, network architecture, data center location, and lack of data encryption. It proposes implementing the NIST Risk Management Framework to address risks. The new plan includes 5 phases to improve access controls, change management processes, network security, database encryption, and security monitoring. It selects common security standards from NIST 800-53, PCI DSS, and HIPAA to ensure compliance.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
The material for this moduleweek has led us from Europe, through fi.docxSUBHI7
The material for this module/week has led us from Europe, through first contacts, to the establishment of a solid English presence in the Americas. After reading and thinking about the Reading & Study materials for this module/week, what strikes you most about the founding of the American colonies? Did anything surprise you? Did your reading challenge your ideas or visions about colonial America?
.
The media informs many viewers of deviance and crime, victims of cri.docxSUBHI7
The media informs many viewers of deviance and crime, victims of crime, and justice in society. Consider and describe the following:
Where do you get your information about:
Deviant behavior
Crime
Victims of crime
Justice for victims
Describe your perception of
Deviant behavior
What behavior is deviant according to your values?
Crime
What do you believe is the root or cause of crime?
What types of crimes do you believe happen most?
Who do you believe commits crime?
Victims of crime
Who do you believe is likely to be a victim?
Have you ever been fearful of a crime occurring to you or your family?
What do you believe about victims that you hear about?
Justice for victims
How do you see justice handled in our society?
What form of punishment do you see as being effective or ineffective?
Did you learn anything specific from the textbook that has changed your perception? What did you learn and which perception did it change?
Write a 500 or more word paper that addresses the above questions.
.
More Related Content
Similar to Running head Risk Assessment Repot (RAR) .docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector.
These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self-audits in preparation for actual external IT audits, and compile security assessment reports.
In this project, you will develop a 12-page written
security assessment report
and
executive briefing (slide presentation)
for a company and submit the report to the leadership of that company.
There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1.
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram:
[diagram and report]
Include the following areas in this portion of the SAR:
Security requirements and goals for the preliminary security baseline activity.
Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.
Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you:
What are the security risks and concerns?
What are ways to get real-time understanding of the security posture at any time?
How regularly should the security of the enterprise network be tested, and what type of tests should be used?
What are the processes in play, or to be established to respond to an incident?
Workforce skill is a critical success factor in any.
Getting the Most Value from VM and Compliance Programs white paperTawnia Beckwith
- The document discusses how organizations can get the most value from their vulnerability management and compliance programs. It addresses common obstacles such as incomplete network coverage, lack of stakeholder buy-in, and providing reports tailored to different audiences.
- Key recommendations include revisiting program goals, ensuring comprehensive network scanning, generating automated reports for stakeholders, addressing organizational resistance, and properly supporting security teams. Following these recommendations can help programs more effectively measure and reduce security risks over time.
CYB610 Project Common computing platforms.docxwrite5
The document discusses a security breach at the Office of Personnel Management (OPM) and lessons learned for improving security practices. As an Information Assurance Management Officer, the narrator is asked to analyze the breach and vulnerabilities of OPM's information systems. The document outlines steps to create a Security Assessment Report and Risk Assessment Report, including developing an enterprise network diagram, identifying threats to the network from the OPM breach report, and differentiating internal and external threats.
ClearArmor CSRP - 01.01
SOFTWARE BASED VULNERABILITIES
CyberSecurity is a Business Issue, not a Technology Issue
CyberSecurity is not just about reacting. It includes Risk Management, Audit, Compliance, and training. It also requires continuous attention to Cyber Hygiene. CyberSecurity requires continuous measurement, monitoring, and remediation. Is your organization reactive or proactive? Move to proactive CyberSecurity.
To comply with the intent of the NIST CyberSecurity Framework (CSF), Cyber Hygiene is a requirement. To Comply with NIST 800-53, 800-171, DFARS, NY State DFS Part 500, and a plethora of other frameworks and compliance guidelines requires continuous risk reduction through vulnerability remediation. ClearArmor CyberSecurity Resource Planning (CSRP) enables your organization to meet those requirements.
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
NGOKAN - ATTENTION
PROJECT 3 – ASSESSING INFORMATION SYSTEM VULNERABILITY AND RISK MITIGATION -
I WILL DO THE LAB, JUST NEED HELP WITH THE SAR and RAR (reports)
Intro video on the deliverables is here
https://youtu.be/rStxKMeGXAI
Please select part of your references from this below.
http://resources.sei.cmu.edu/library/
SEE ATTACHED DOCUMENTS FOR READING AND REFERENCE
The deliverables for this project are as follows:
Security Assessment Report (SAR): This should be an
8-page
double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2.
Risk Assessment Report (RAR): This report should be
a 5-page
double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Please select part of your references from this below.
http://resources.sei.cmu.edu/library/
Pick an organization of your choice (pick from any sector, be creative)
1.
Security Assessment Report (SAR) with the following sections: please pay attention to details of the ENTIRE requirements (use figures, tables and diagrams where applicable)
·
Organizational Background
Describe the background of the organization you have picked
Purpose
Describe purpose of the assessment (refer to the incident of OPM below in the transcript)
Organizational structure
o
Describe the organizational structure, the network system description, and a diagram of the organization.
(Please insert this diagram)
Include LAN, WAN, and systems in diagram format (
use the OPM systems model of LAN side networks)
, the intra-network, and WAN side networks, the Internet. Identify the boundaries that separate the inner networks from the outside networks.
o
include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals.
(cite reference)
o
What insider threats are a risk to your organization
o
differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams.
(cite reference)
o
Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your fictitious organization. How likely is it that a similar attack will occur at your organization?
(cite reference)
Scope
Describe the scope of the assessment
Methodology
(cite references)
o
Use a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR.
o
identify the security issues in your fictitious organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords.
o
Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security i ...
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
College of Administrative and Financial Sciences
Assignment 1
Deadline: 19/10/2019 @ 23:59
Course Name: Strategic Management
Student’s Name:
Course Code: MGT 401
Student’s ID Number:
Semester: I
CRN:
Academic Year: 1440/1441 H
For Instructor’s Use only
Instructor’s Name:
Students’ Grade: Marks Obtained/Out of
Level of Marks: High/Middle/Low
Instructions – PLEASE READ THEM CAREFULLY
· The Assignment must be submitted on Blackboard (WORD format only) via allocated folder.
· Assignments submitted through email will not be accepted.
· Students are advised to make their work clear and well presented, marks may be reduced for poor presentation. This includes filling your information on the cover page.
· Students must mention question number clearly in their answer.
· Late submission will NOT be accepted.
· Avoid plagiarism, the work should be in your own words, copying from students or other resources without proper referencing will result in ZERO marks. No exceptions.
· All answered must be typed using Times New Roman (size 12, double-spaced) font. No pictures containing text will be accepted and will be considered plagiarism).
· Submissions without this cover page will NOT be accepted.
Learning outcomes:
1. Understand the basic concepts and terminology used in Strategic Management. (Lo 1.2)
2. Understand the Corporation Social Responsibility (Lo 1.4).
3. Understand issues related to strategic competitive advantage in organizations (Lo 2.2)
Assignment Questions: (5 Marks)
Question 1. (2 marks)
Discuss the relationship between the social responsibility of a corporation and its competitive advantage. Enrich your answer by examples. (Max 700 words).
(Your answers should include outside references (other than the slides and textbook) using a proper referencing style (APA). Using references from SDL will be highly valued.
Question 2. (3 marks)
To prepare for this assignment, review Figure 4.3 entitled ‘forces driving industry competition’ from your textbook (Figure 4.2- Ch4- Slide no 18) and the text relative to Porter’s Five Forces of Competition framework. Consider the role of the following key forces of suppliers, substitutes, buyers, and potential entrants.
Select a Middle Eastern company of your choosing and assess the power of each of five forces on that firm:
a. How powerful are the buyers, suppliers, and substitutes? How formidable are the barriers to entry and how intense is the rivalry among existing firms? (2 marks)
b. Which of the forces has the biggest impact on the firm? Why? (1 mark)
Answers:
Question 1.
Question 2.
a.
b.
Project 3
Transcript: You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting ...
This article discusses approaches to assessing the adequacy of a firm's cybersecurity posture. It proposes that assessments should be conducted in phases focusing on attack vectors, using skilled assessors with a variety of tools. Assessments should take a risk-based approach, ensure patch management is adequate, review defense-in-depth strategies, and use standards like NIST SP 800-53 to test the actual security state. The assessments aim to identify vulnerabilities and ensure perimeter defenses and compliance-based strategies are updated to address evolving cyber risks.
This comprehensive risk report provides a detailed analysis of potential risks and vulnerabilities within a company that conducts self-audits. Offering insights into both operational and financial aspects, the report identifies areas of concern, outlines risk mitigation strategies, and aims to enhance transparency and governance within the organization. By proactively addressing risks, the company demonstrates its commitment to effective self-regulation and sound business practices.
The document discusses an SAP Security Assessment (SSA) that Openware offers to assess security risks in a client's SAP R/3 environment. The SSA includes an analysis of the current security context, vulnerabilities, risks, and recommendations. It examines security across users, authorizations, networks, operating systems, databases, and interfaces. The SSA follows a process of analyzing the context, identifying vulnerabilities and risks, and providing a report with solutions to strengthen security.
Rhys A. Mossom offers network security services including penetration tests, vulnerability assessments, web application security assessments, source code reviews, security training, and research and development. Services are designed to identify security issues, exploit vulnerabilities, and provide mitigation recommendations through comprehensive reporting. Testing can be performed internally, externally, or on web applications and source code. Training courses cover topics like social engineering, web application hacking, and Bluetooth security.
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxjeanettehully
Running head: SECURITY ANALYSIS REPORT 1
SECURITY ANALYSIS REPORT 13
Project 3: Security Analysis Report on Factors that are Likely to Affect Ombank’s Organizational Information Systems Infrastructure
Aisha Tate
UMUC
August 26, 2019
Aisha
2nd Submission – Does not meet requirements – one more submission allowed. Please review the checklist and review both submissions. Read the project requirements and share an action plan before you work and submit the last revision.
Thanks for your continued efforts. Here is what you have done well
· You have focused on an organization and you have tried to apply the knowledge, skills and abilities you have gained
· You have continued to improve your research skills.
· You have done a good job with your APA formatting Skills
I feel that you did not go through this checklist below. Avoid using generic graphics from literature especially if they are not directly pertinent to the discussion. You did a good job with RAR report. You put much effort with your lab. Leverage Project 2 and Project 3 lab information in this SAR report. Please work on the quality of your references – especially in your RAR and SAR report
Dr K
Student Name: Aisha Tate
Date:6-Sep-2019
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 3: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from Lab)
See detailed comments below
2. Risk Assessment Report
Meets Requirements – revise
When you update SAR
3. Lab Experience Report with Screenshots
Continue to improve
Revise and connect with SAR
1. Security Assessment Report
Enterprise Network Diagram
You will propose a local area network (LAN) and
Please research organizations
For network information s
a wide area network (WAN)
define the systems environment,
Meets expectations
incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Needs improvement
Threats
Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.
Please find papers and share
Common organizational challenges
differentiate between the external threats to the system and the insider threats.
?????
entify where these threats can occur in the previously created diagrams.
Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
Good effort
Identifying Security Issues
Provide an analysis of the strength of passwords used by the employees in your organization.
Tie in lab results
Are weak passwords a security issue for your organization?
????
Firewalls and Encryption
Determine the role of firewalls and encryption, and auditing
???
RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the informati ...
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
US AI Safety Institute and Trustworthy AI Details.Bob Marcus
This is a discussion of the possible role of the US AI Safety Institute in regulating Generative AI. It includes External Red Team Testing and an Incident Tracking Database.
The following paper was submitted as my thesis for the RWSP certification. Thought others may find interest in it.
Abstract
Research indicates that current trends in information security threats outpaces the security controls that reduce and or eliminate information security vulnerabilities. This document examines the approach of achieving maximum information security defensibility, by utilizing effective offensive testing. Compared are the differences in the effectiveness of security testing by performing a controlled test – referred to as “vanilla” testing, and a responsibly orchestrated blackhat test. Contrary to popular industry belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house,” contrary to popular belief. Offered, are arguments, costs associated with testing, and counterpoints against organizational decisions that disallow certain types of testing. Blackhat based testing is similar to what a malicious and structured attacker would perform and it is believed that by performing “blackhat” testing, we are taking a “realistic” approach to vulnerability testing. This is the proper route to take to ensure fully scoping the potential vulnerabilities in a given environment in an effort to maintain proper defensibility.
1) The document discusses a proposed Vulnerability Management System (VMS) to identify and manage software vulnerabilities.
2) It provides an overview of vulnerability management and discusses related work that has been done in vulnerability databases and tracking systems.
3) The proposed VMS would use morphological inspection and static analysis to assess vulnerabilities, store information in a database, and rank vulnerabilities based on severity. It would consist of a vulnerability scanner, process control platform, and data storage.
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
This document summarizes a presentation on secure engineering practices for Java given at JavaOne 2013. It discusses the importance of software assurance over just security controls. It emphasizes that achieving a high level of software assurance requires attention to security throughout the development lifecycle, including risk assessment, secure coding practices, security testing, documentation, and incident response. The presentation recommends that development teams understand security risks and threats in order to build secure software.
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
The document outlines Maxistar Medical Supplies Company's new Security and Compliance Plan. It identifies known risks in their current system, including issues with change control, access controls, network architecture, data center location, and lack of data encryption. It proposes implementing the NIST Risk Management Framework to address risks. The new plan includes 5 phases to improve access controls, change management processes, network security, database encryption, and security monitoring. It selects common security standards from NIST 800-53, PCI DSS, and HIPAA to ensure compliance.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
Similar to Running head Risk Assessment Repot (RAR) .docx (20)
The material for this moduleweek has led us from Europe, through fi.docxSUBHI7
The material for this module/week has led us from Europe, through first contacts, to the establishment of a solid English presence in the Americas. After reading and thinking about the Reading & Study materials for this module/week, what strikes you most about the founding of the American colonies? Did anything surprise you? Did your reading challenge your ideas or visions about colonial America?
.
The media informs many viewers of deviance and crime, victims of cri.docxSUBHI7
The media informs many viewers of deviance and crime, victims of crime, and justice in society. Consider and describe the following:
Where do you get your information about:
Deviant behavior
Crime
Victims of crime
Justice for victims
Describe your perception of
Deviant behavior
What behavior is deviant according to your values?
Crime
What do you believe is the root or cause of crime?
What types of crimes do you believe happen most?
Who do you believe commits crime?
Victims of crime
Who do you believe is likely to be a victim?
Have you ever been fearful of a crime occurring to you or your family?
What do you believe about victims that you hear about?
Justice for victims
How do you see justice handled in our society?
What form of punishment do you see as being effective or ineffective?
Did you learn anything specific from the textbook that has changed your perception? What did you learn and which perception did it change?
Write a 500 or more word paper that addresses the above questions.
.
The midterm is already late. I would like to submit ASAP.Illust.docxSUBHI7
The midterm is already late. I would like to submit ASAP.
Illustrate common and unique features of localization vs standardization using a Venn Diagram or similar chart, be sure that the chart or graph shows specific examples.
Compare the human resources philosophy of two companies from the same industry. Comparison should include their similarities, differences and at least one item that gives that company a competitive advantage.
Relate how behavioral norms, attitudes and values define a country’s culture.
Culture can be defined as accepted norms, attitude, value, or traditional behavior within an organization or group.
Examine and provide a detailed example of norm of reciprocity in a multinational company.
Elaborate on the impact of communication in a MNC. Create a detailed example of good communication and a detailed example of a time that communication was not good.
Good communication is vital in any business and more prevalent in a MNC.
There are a few generations that are currently in workplace.
In order to effective
Without effective communication
.
The major assignment for this week is to compose a 900-word essay co.docxSUBHI7
This week's major assignment is a 900-word essay comparing The Odyssey with either The Song of Roland or Dante's Inferno. Students must write an in-depth analysis using their own ideas, quotes, paraphrases or summaries from the epic poems. Although The Odyssey and Dante's Inferno were written nearly 2,000 years apart, both works are epic poems that explore humanity's relationship with the divine, use journey as a metaphor for maturation, and reveal cultural values about leadership and the appeal of temptation. The paper must compare and contrast how one of these topics is developed in The Odyssey and Dante's Inferno, while contextualizing the examination in each work's cultural values, philosophies, and
The minimum length for this assignment is 1,200 wordsMust use APA .docxSUBHI7
The minimum length for this assignment is 1,200 words
Must use APA format
Eukaryotic cells are the most structurally advanced of the major cell types. Describe the structure and function of each of the eukaryotic organelles. Distinguish between those that are and are not membranous. Most are membranous. Explain the importance of membrane structure and function in the organization of living processes within cells.
.
The Military•Select three characteristics of the early America.docxSUBHI7
The Military
•Select three characteristics of the early American militias.
•Compare these with three characteristics of the current American military.
•How are they similar?
How are they different?
The initial post should be 75 to 150 words, but may go longer depending on the topic. If you use any source outside of your own thoughts, you should reference that source. Include solid grammar, punctuation, sentence structure, and spelling.
.
The minimum length for this assignment is 2,000 wordsDiscoveries.docxSUBHI7
The minimum length for this assignment is 2,000 words
Discoveries in DNA, cell biology, evolution, biotechnology have been among the major achievements in biology over the past 200 years with accelerated discoveries and insights over the last 50 years. Consider the progress we have made in these areas of human knowledge. Present at least three of the discoveries you find to be most important and describe their significance to society, health, and the culture of modern life.
.
The Mini Project Task Instructions Read about validity and reliab.docxSUBHI7
The Mini Project Task
Instructions: Read about validity and reliability starting on page 324 of the textbook.
Your assignment is to create a 5-page paper addressing the following questions:
a. What is the difference between reliability and validity? Which is more important? Why?
b. What are the different ways of assessing reliability?
c. What are the different ways of assessing validity?
d. What are the different ways of obtaining validity evidence?
The analysis requires the additional components:
APA formatted paper including:
o Font: Times New Roman, 12 point, and double spaced.
o Margins: One inch margins, all around.
o Indents: One-half inch indent as to begin a paragraph.
o Proper APA citations and references.
o Proper use of Level 1 headings as to label the
introduction, main body,
and
conclusions
segments.
o Proper use of Level 2 headings as to label the sections within the
main body
and
conclusions
.
o A proper title page.
o A reference page utilizing hanging indents and alphabetized by the last name of the first author.
Free of spelling errors and minimal use of passive voice.
Page 324
In general, reliabilities less than 0.60 are considered to be poor, those in the 0.70 range, acceptable, and those over 0.80 good. Thus, the internal consistency reliability of the measures used in this study can be considered to be acceptable for the job enrichment measure and good for the other measures.
It is important to note that all the negatively worded items in the questionnaire should first be reversed before the items are submitted for reliability tests. Unless all the items measuring a variable are in the same direction, the reliabilities obtained will be incorrect.
A sample of the result obtained for the Cronbach’s alpha test for job enrichment, together with instructions on how it is obtained, is shown in Output 11.3.
The reliability of the job enrichment measure is presented in the first table in Output 11.3. The second table provides an overview of the alphas if we take one of the items out of the measure. For instance, it is shown that if the first item (Jobchar1) is taken out, Cronbach’s alpha of the new three-item measure will be 0.577. This means that the alpha will go down if we take item 1 out of our measure. On the other hand, if we take out item 3, our alpha will go up and become 0.851. Note that, in this case, we would not take out item 3 for two reasons. First, our alpha is above 0.7 so we do not have to take any remedial actions. Second, if we took item 3 out, the validity of our measure would probably decrease. We did not include item 3 for nothing in the original measure!
If, however, our Cronbach’s alpha was too low (under 0.60) then we could use this table to find out which of the items would have to be removed from our measure to increase the interitem consistency. Note that, usually, taking out an item, although improving the reliability of our measure, affects the validity of our measure .
The Mexican ceramics folk-art firm signs a contract for the Mexican .docxSUBHI7
The Mexican ceramics folk-art firm signs a contract for the Mexican firm to deliver 1500 pieces of artwork to an Italian firm within the next 120 days. The contract is denominated in pesos. During this time the Mexican peso strengthens against the euro. What is the net profitability effect on the Mexican firm? What international market concept is demonstrated in this example? Discuss the risks associated with changing exchange rates and international commerce and provide a scenario demonstrating these risks.
.
The maximum size of the Layer 2 frame has become a source of ineffic.docxSUBHI7
The maximum size of the Layer 2 frame has become a source of inefficiency in terms of modern wide area network (WAN) speeds, which have increased some 400 times over those prevailing when Transmission Control Protocol/Internet Protocol (TCP/IP) was first introduced as a protocol. One solution to this problem is known as
WAN acceleration
, which uses oversized frames at Layer 2 to increase network throughput.
Discuss available WAN acceleration solutions, and provide a short description of how such solutions are implemented through alteration of the Layer 2 frame format.
.
The menu structure for Holiday Travel Vehicles existing character-b.docxSUBHI7
The menu structure for Holiday Travel Vehicle"s existing character-based system is shown here....
Interface x 904
Function x 9541
user interface x 297
Functions x 1487
The menu structure for Holiday Travel Vehicle’s existing character-based system is shown here. Develop and prototype a new interface design for the system’s functions, using a graphical user interface. Assume that the new system will need to include the same functions as those shown in the menus provided. Include any messages that will be produced as a user interacts with your interface (error, confirmation, status, etc.). Also, prepare a written summary that describes how your interface implements the principles of good interface design as presented in the textbook.
.
The marks are the actual grades which I got in the exam. So, if .docxSUBHI7
The marks are the actual grades which I got in the exam.
So, if any body wants me to do this work for him, kindly message me. Thanks
Question 1
10 out of 10 points
A business that selects a differentiation strategy would ________.
Question 2
10 out of 10 points
________ information is information that directly pertains both to the context and to the subject.
Question 3
10 out of 10 points
In a database, a table, which is a group of similar rows, is also called a ________.
Question 4
10 out of 10 points
The ________ group's purpose is to protect information assets by establishing standards and management practices and policies.
Question 5
10 out of 10 points
________ is a suite of software applications that consolidates existing systems by providing layers of software that connect applications together.
Question 6
10 out of 10 points
Normal processing procedures for system users are ________.
Question 7
10 out of 10 points
Which of the following is an open-source operating system?
Question 8
10 out of 10 points
Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?
Question 9
10 out of 10 points
________ is the dynamic social media process of employing users to participate in product design or product redesign.
Question 10
10 out of 10 points
Each stage of the value chain not only adds value to the product but also ________.
Question 11
10 out of 10 points
One of the important functions of a DBMS is to provide the necessary tools for ________.
Question 12
10 out of 10 points
Which of the following is true of a VPN (virtual private network)?
Question 13
10 out of 10 points
Which of the following departments in an organization is supported by information systems applications such as recruitment and compensation?
Question 14
10 out of 10 points
Which of the following statements is true about cloud services?
Question 15
10 out of 10 points
The first phase in the customer life cycle involves ________.
Question 16
10 out of 10 points
Which of the following is a technical safeguard against security threats?
Question 17
10 out of 10 points
An internal information system built using Web services ________.
Question 18
10 out of 10 points
The two strength factors that relate to all three competitive forces are ________ and customer loyalty.
Question 19
10 out of 10 points
Which of the following is true of Web services?
Question 20
10 out of 10 points
With HTTPS, data are encrypted using a protocol called the ________.
Question 21
10 out of 10 points
Why is it important for business professionals to take an active role in developing and managing information systems?
Question 22
0 out of 10 points
Which of the following is a major problem posed by multi-user processing of a database?
Question 23
10 out of 10 points
Which of the following elements of a datab.
the main discussion will be Schwarzenegger and fitness,talk about ho.docxSUBHI7
the main discussion will be Schwarzenegger and fitness,talk about how does he affect the fitness area. Why is he so famous, add some person views and create you own title. Mainly discuss about fitness
topic
the main discussion will be Schwarzenegger and fitness,talk about how does he affect the fitness area. Why is he so famous, add some person views and create you own title. Mainly discuss about fitness
Formal Essay #3: Reporting Information/The Expository Essay
Expository writing is a staple of academic writing. Throughout your academic and professional career, you will be called on to write hundreds of expository articles, reports and essays. A thorough knowledge of this writing form will hold you in good stead all through your career.
What is Expository Writing?
‘Expository’ is a synonym of ‘explanatory’. An expository essay is a piece of writing that explains or informs. It should be based on fact and free of the writer’s prejudices. Opinion is often expressed, but only if it is backed by fact. For example, if someone asked you to write an essay on the causes of World War II, you would write about Germany’s losses in World War I, the Treaty of Versailles, the fall of the Weimar Republic, and the rise of Hitler led Nazism. In other words, everything would be based on verifiable fact.
The expository writing process centers on four activities:
Generate a rough idea or hypothesis.
Find evidence to back up this idea.
Expound on the idea.
Present an argument to back up the idea.
Thus, if you were to say that the Treaty of Versailles was the chief cause of World War II, you would first talk about the conditions of the Treaty of Versailles, the financial condition of Germany after WWI, the ineffectiveness of the Weimar Republic, and how they all led to the rise of Nazism.
Structurally, a piece of expository writing has the following components:
An
introduction
that introduces the central idea you will discuss in the essay.
The
main body
that presents evidence to back up the idea. This is the meat of the essay.
A
conclusion
that presents your idea again in the light of the evidence.
Thus, the central thrust of expository writing should be to build towards proving an argument, fact by fact, piece of evidence by piece of evidence. You will use expository writing a lot throughout your academic life. Most essays that you write in college will be expository in nature. Most writing that you will do in your professional life will involve a lot of expository content as well. In other words, sharpening up this skill will serve you well throughout your life.
Required Essay Format:
All response papers must be typed, double-spaced, and stapled. Font size should be 12 point Times New Roman font.
***AT MINIMUM, YOUR WORKS CITED PAGE WILL CONTAIN 3-4 SOURCES!!!!
Essays should demonstrate the following kinds of understanding. Essays should meet assignment requirements of page length and number of sources, quotes, and summaries/paraphrases. The w.
The minimum length for this assignment is 1,500 words. Cellular .docxSUBHI7
The minimum length for this assignment is 1,500 words.
Cellular respiration and photosynthesis form a critical cycle of energy and matter that supports the continued existence of life on earth. Describe the stages of cellular respiration and photosynthesis and their interaction and interdependence including raw materials, products, and amount of ATP or glucose produced during each phase. How is each linked to specific organelles within the eukaryotic cell. What has been the importance and significance of these processes and their cyclic interaction to the evolution and diversity of life?
.
The Main Post needs to be 3-5 Paragraphs At a minimum, each stud.docxSUBHI7
The Main Post needs to be 3-5 Paragraphs
At a minimum, each student will be expected to post an original and thoughtful response to the DB question and contribute to the weekly dialogue by responding to at least two other posts from students. The first contribution must be posted before midnight (Central Time) on Wednesday of each week. Two additional responses are required after Wednesday of each week. Students are highly encouraged to engage on the Discussion Board early and often, as that is the primary way the university tracks class attendance and participation.
The purpose of the Discussion Board is to allow students to learn through sharing ideas and experiences as they relate to course content and the DB question. Because it is not possible to engage in two-way dialogue after a conversation has ended, no posts to the DB will be accepted after the end of each unit.
Many organizations have established policies to remedy discrimination when hiring women and minorities. Discuss whether you feel that affirmative action programs, reverse discrimination, and criteria of comparable worth are appropriate forms of remedy.
You should conduct research on this topic before making your posts.
Using the textbook, course materials, and Web resources, research affirmative action, reverse discrimination, and comparable worth and answer the following questions:
Do you feel that these concepts are appropriate forms of remedy in the workplace? Explain.
What else do you think could be done to eliminate discrimination in the workplace?
You must use at least one credible source from either the Library's full-text database or the Web. Include your reference(s) that you used in APA format with your Discussion Board post. Post a new topic to the Discussion Board that contains your answers to the questions, and respond to 2 other students' posts on the Discussion Board. Be sure to explain to them why you agree or disagree with their arguments.
Your submitted assignment (
60 points
) should include the following:
40 Points Your Discussion Board topic containing your responses to the questions and your listed reference(s) in APA format
20 Points Your responses to two other students' Discussion Board posts
In your own words, please post a response to the Discussion Board and comment on other postings. You will be graded on the quality of your postings.
Response to Classmates posts:
Classmate #1 post:
Attempt at Eliminating Discrimination
After the civil war, the African American, Hispanics and minorities suffered great discrimination in the workplace in particular and life generally. Precisely during the 1960s these groups went through denial of employment or appropriate wages irrespective of their standard of education being higher than that of their majority counterparts. There was a great debate about discrimination on the basis of color, race, gender or religion. Over the years, some programs have been developed in order to handle or to try and e.
The main characters in Tay Garnetts film The Postman Always Rings.docxSUBHI7
The main characters in Tay Garnett's film
The Postman Always Rings Twice
and the Coen Brothers'
The Man Who
Wasn't There
follow a pattern of behavior that is inane and ultimately self-destructive, as can be seen in how they end up -- either dead, wrongly accused and imprisoned for a crime they didn't commit, or ironically not convicted for a crime they did commit. What do you think these films are saying about the pattern of behavior they followed to get them where they wound up in the end, as well as why they followed these patterns of behavior in the first place? In other words, what is the way of thinking or belief system that lead to these characters' behaviors, and what does the film tell us about this way of thinking or belief system? And finally, does the film propose an alternative way of thinking or life narrative that might have proven more salutory for these characters in the end?
.
The minimum length for this assignment is 2,000 words and MUST inclu.docxSUBHI7
The minimum length for this assignment is 2,000 words and MUST include in-text citation and references.
Discoveries in DNA, cell biology, evolution, biotechnology have been among the major achievements in biology over the past 200 years with accelerated discoveries and insights over the last 50 years. Consider the progress we have made in these areas of human knowledge. Present at least three of the discoveries you find to be most important and describe their significance to society, health, and the culture of modern life.
.
The mafia is a well organized enterprise that deals with drugs, pros.docxSUBHI7
The mafia is a well-organized criminal enterprise that deals in illegal activities like drugs, prostitution, and loan sharking. They also operate legal cash businesses to launder money from illegal operations. Ponzi schemes are another type of organized criminal racket. Members caught participating in these activities can be charged under the RICO Act.
The minimum length for this assignment is 1,500 words. Be sure to ch.docxSUBHI7
The minimum length for this assignment is 1,500 words. Be sure to check your Turnitin report for your post and to make corrections before the deadline of 11:59 pm Mountain Time of the due date to avoid lack of originality problems in your work.
Describe the historical pattern of growth of the worldwide human population since our origin. Include in this historic overview the changes that have happened technologically, medically, culturally and nutritionally to result in major population changes over time. Relate the growth of the human population to our ecological footprint and explain the idea of limits to population growth known as the carrying capacity. Relative to carrying capacity, what may result from unbridled continued growth of our population? How does the size of the human population contribute to environmental degradation? Why must we take the human population size into account when we attempt to develop environmental restoration projects?
Assignment 2 Grading Criteria
Maximum Points
Quality of initial posting:
Initial posting should reveal a solid understanding of all aspects of the task; use factual and relevant information;
and
demonstratefull development of concepts.
80
Connections and higher order thinking:
Multiple connections should be demonstrated showing a clear understanding of the material with clear and correct examples.
40
Reference to supporting readings:
Refer to and properly cite (i.e., APA) either course and/or outside readings.
40
Language and Grammar:
There should be no spelling, structure, or grammatical errors in any posting. Writing should be clear and organized.
40
Total:
200
.
The madrigal was a very popular musical genre in the Renaissance. Ex.docxSUBHI7
The madrigal was a very popular musical genre in the Renaissance. Explain in detail the madrigal, and include the instrumentation, (the number and type of voices used), and the musical elements that the composers used to make the text in the pieces come alive. Choose one of the musical examples of the madrigal in this unit: Arcadelt�s
II bianco e dolce cigno
, or John Farmer�s
Fair Phyllis
, and explain how the composer unites the poetry and music.
Your response should be at least 200 words in length. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.
.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Communicating effectively and consistently with students can help them feel at ease during their learning experience and provide the instructor with a communication trail to track the course's progress. This workshop will take you through constructing an engaging course container to facilitate effective communication.
1. Running head: Risk Assessment Repot (RAR)
1
Risk Assessment Report (RAR)
8
Risk Assessment Report (RAR)
CYB 610: Cyberspace and Cybersecurity Foundations
Me
University of Maryland University College
Purpose
The purpose of this risk assessment is to evaluate the adequacy
of the Amazon Corporation's security. This risk assessment
report provides a structured but qualitative assessment of the
operational environment for Amazon corporations. It addresses
2. issues of sensitivity, threats analysis, vulnerabilities analysis,
risks analysis and safeguards applied in Amazon Corporation.
The report and the assessment recommends use of cost-effective
safeguards in order to mitigate threats as well as the associated
exploitable vulnerabilities inAmazon Corporation.
The Organization
The Amazon Corporation's system environment is run as a
distributed client and server environment consisting of a
Microsoft Structured Query Language (SQL) database built with
Powerful programming code. The Amazon Corporation contains
SQL data files, Python application code, and executable Java
and Java scripts. The SQL production data files, documented as
consisting of SQL stored procedures and SQL tables, reside on a
Cloud storage area network attached to a HP server running on
Windows XP and MS SQL 2000 operating systems. The Python
application code resides on a different IBM server running on
KALI LINUX (NIST, 2014).
The Amazon Corporation's executables reside on a
fileserver running Windows 2000 and KALI LINUX or
occasionally a local workstation is installed depending upon the
loads and jobs Requirements. Their desktop computers are
physically connected to a Wide Area Network (WAN). Some
users revealed that they usually connect via secured dial-up and
DSL connections using a powerful Citrix server. Normally, a
user should connect to an active application server in their city
that hosts the Amazon Corporation's application and to the
shared database server located in Atlanta (NIST, 2014).
Scope
The scope of this risk assessment is to assess the system's use of
resources and controls implemented and to report on plans set to
eliminate and manage vulnerabilities exploitable by threats
identified in this report whether internal and external to
Amazon. If not eliminated but exploited, these vulnerabilities
could possibly result in:
· Unauthorized disclosure of data as well as unauthorized
modification to the system, its data, or both and denial of
3. service, denial of access to data, or both to authorized users.
This Risk Assessment Report project for Amazon Corporation
evaluates the confidentiality which means protection from
unauthorized disclosure of system and data information,
integrity which means protection from improper modification of
information, and availability which means loss of system access
of the system.
Intrusion detection tools used in the methodology are MBSA
security analyzer in Cyber 610 Lab, OpenVAS security analyzer
in Cyber 610 Lab, and Wireshark security analyzer. In
conducting the analysis the screenshots taken using each of the
tools has been looked at with a view to arriving at relevant
conclusions. Recommended security safeguards are meant to
allow management to make proper decisions about security-
related initiatives in Amazon.
Methodology Comment by Hank Williams: You are not really
describing the methodology. You should be explaining how to
determine risk levels along with the tables such as impact
levels, likelihood levels and the risk matrix that shows how
final risk for each vulnerability is determined.
Then you list each vulnerability from the SAR and apply the
methodology to it to determine the risk level. Once that is
done, you can then determine or recommend how to handle each
vulnerability (mitigate, transfer, accept, etc),
This risk assessment methodology for and approach Amazon
Corporation was conducted using the guidelines in NIST SP
800-37, Risk Management Guide for Information Technology
Systems and OPM OIG Final Audit Report findings and
recommendations (NIST, 2012). The assessment is very broad
in its scope and evaluates Amazon Corporation's security
vulnerabilities affecting confidentiality, integrity, and
availability. The assessment also recommends a handful of
appropriate security safeguards, allowing the management to
make knowledge-based decisions on security-related initiative
in Amazon Corporation.
This initial risk assessment report provides an independent
4. review to help management at Amazon to determine what's the
appropriate level of security required to support the
development of a stringent system security plan. The
accompanying review also provides the information required by
the Chief Information Security Officer (CISO) and Designated
Approving Authority (DAA) also known as the Authorizing
Official (AO) to assist in to making informed decision about
authorizing the system to operate (NIST, 2014). Intrusion
detection tools are used in the methodology and includes the
MBSA security analyzer, the OpenVAS security analyzer, and
Wireshark security analyzer.
Data
The data collected using the MBSA and other tools reveals that
the following internal routines were done by MBSA and other
tools in the Labs 2 and 3 given together with the question. The
MBSA security analyzer, the OpenVAS security analyzer
converted the raw scan data and particularly succeeded in
outputting the following vulnerabilities into risks based on the
following methodology in Cyber 610 lab.
The MBSA security analyzer and the OpenVAS security also
had routines which communicated with green bone security
assessment center especially to provide the automated
recommendation as evident in the Labs 2 and 3. The green bone
security assessment center particularly succeeded in doing the
following as evident in output file. Management has the option
of doing the following in the corporation:
· Accepting the risks and chosen recommended controls or
negotiating an alternative mitigation, while reserving the right
to override the green bone security assessment center and
incorporate the proposed recommended control into the
Amazons Plan of Action and Milestones.
Results Comment by Hank Williams:
The following operational as well as managerial vulnerabilities
were identified in Amazon while using the project methodology:
inadequate adherence and advocacy for existing security
controls. Inadequate adherence to management of changes to
5. the information systems infrastructure. Weak authentication
protocols; inadequate adherence for life-cycle management of
the information systems; inadequate adherence and advocacy for
configuration management and change management plan;
inadequate adherence for and advocacy for implementing a
robust inventory of systems, for servers, for databases, and for
network devices; inadequate adherence to and advocacy for
mature vulnerability scanning tools.
Thefollowing attacks were identified in Amazon while using the
above project methodology. IP address spoofing/cache
poisoning attacks; denial of service attacks (DoS) packet
analysis/sniffing; session hijacking attacks and distributed
denial of service attacks
NIST SP 800-63 describes the classification of potential harm
and impact as follow as well as OPM OIG Final Audit Report
findings and recommendations (NIST, 2006):
· Inconvenience, distress, or damage to standing or reputation;
financial loss or agency liability and harm to agency programs
or public interests;
Potential impact of inconvenience, distress, or damage to
standing or reputation:
· Low - limited, short-term inconvenience, consisting of distress
or embarrassment to any party within Amazon.
· Moderate - serious short term or limited long-term
inconvenience, consisting distress or damage to the standing or
reputation of any party within Amazon.
· High - severe or serious long-term inconvenience, consisting
of distress or damage to the standing or reputation of any party
within Amazon.
Potential impact of financial loss:
· Low - insignificant or inconsequential unrecoverable financial
loss to any party consisting of an insignificant or
inconsequential agency liability within Amazon.
· Moderate - a serious unrecoverable financial loss to any party,
consisting of a serious agency liability within Amazon.
· High - severe or catastrophic unrecoverable financial loss to
6. any party; consisting of catastrophic agency liability within
Amazon.
Potential impact of harm to agency programs or public interests
· Low - a limited adverse effect on organizational operations or
assets, or public interests within Amazon.
· Moderate - a serious adverse effect on organizational
operations or assets, or public interests within Amazon.
· High - a severe or catastrophic adverse effect on
organizational operations or assets, or public interests within
Amazon.
Conclusion and Recommendation
In the risk assessment, two issues came out that were striking
and which are resolved below. An employee was terminated
and his user ID was not removed from the system. This is
dependency failure kind of vulnerability and risk pair and has
an overall risk that is moderate.
The recommended safeguard is to remove userID from the
system upon notification of termination. Secondly, a
VPN/Keyfob access does not meet certification and
accreditation level stipulated in NIST SP 800-63. This is a kind
of vulnerability that touches on inconvenience, standing and
reputation and has an overall risk that is moderate. Also, to
migrate all remote authentication roles to CDC or any other
approved authority.
This risk assessment report for the organization identifies risks
of the operations especially in those domains which fails to
meet the minimum requirements and for which appropriate
countermeasures have yet to be implemented. The RAR also
determines the probability of occurrence and issues
countermeasures aimed at mitigating the identified risks in an
endeavor to provide an appropriate level-of-protection and to
satisfy all the minimum requirements imposed on the
organization's policy document (NIST, 2010).
The system security policy requirements are satisfied now with
the exception of those specific areas identified in this report.
The countermeasure recommended in this report adds to the
7. additional security controls needed to meet policies and to
effectively manage the security risk to the organization and its
operating environment. Finally, the Certification Official (CO)
and the AO's must determine whether the totality of the
protection mechanisms approximate a sufficient level of
security, are adequate for the protection of this system and its
resources and information.
References
1. Bradley, T. (October 17, 2016). Critical Vulnerability in
Apple Mac OS. Retrieved from
https://www.lifewire.com/critical-vulnerability-in-apple-mac-
os-x-2487643
2. National Institute of Standards and Technology (NIST).
(2010). Guide for applying the risk
management framework to federal information systems. NIST
Special Publication 800-37 Revision 1.Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
3. National Institute of Standards and Technology (NIST).
(2012). Guide for Conducting Risk
Assessments. NIST Special Publication 800-30 Revision 1.
Retrieved from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicatio
n800-30r1.pdf
4. National Institute of Standards and Technology (NIST).
(2014). Assessing security and
privacy controls in federal information systems and
organizations. NIST Special Publication 800-53A Revision 4.
Retrieved from http://nvlpubs.nist.gov/nistpubs/
SpecialPublications/NIST.SP.800-53Ar4.pdf
5. National Institute of Standards and Technology (NIST).
8. (2006). Electronic Authentication
Guideline. NIST Special Publication 800-63 Revision 1.0.2.
Retrieved from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicatio
n800-63ver1.0.2.pdf
6. Rouse, M. (2017). Definition: buffer overflow. Retrieved
from
http://searchsecurity.
techtarget.com/definition/buffer-overflow
Running Head: Security Assessment Repot (SAR)
1
Risk Assessment Report (SAR)
9
Security Assessment Report (SAR)
CYB 610: Cyberspace and Cybersecurity Foundations
Me
University of Maryland University College
9. OS Overview Comment by Hank Williams: Where is the
description of the system being assessed? You have it in the
RAR, it should be here as well. The two documents are each
half of the whole so should compliment each other.
Operating System (OS)
This is an interface that sits between a user and hardware
resources. Basically it is a software that has among others the
following modules: file management modules, memory
management module, process management modules, input and
output and control module and peripheral device control
modules.
User’s Role in OS.
In order to appreciate the role of users it must be recognized
that an operating system provides users the services to execute
the programs in a convenient way. So, the operating system
interacts by users when the users play the roles of asking the
operating system to do each of the following:
· Role of direct program execution using threads and parallel
programming routines.
· Role of I/O operation request by writing to external devices
and reading from the same.
· Role of file system manipulation by creating directories.
· Role of requesting communication by stopping some running
processes or issuing interrupts and signals.
· Role of requesting program verification by getting error
detection and flagging of errors especially by parsers and
debuggers and compilers which are part of the operating
systems.
10. Kernel and OS Applications.
OS Types.
Batch operating system. This is a lack of direct interaction
between the user and the computer so the user prepares his job
on punch cards and gives it to computer operator much like
calling customer care center nowadays. To increase processing
batches of jobs are prepared meaning they have similar
processing cycle and runt at one time. It was the initial
generation of computing system.
Time-sharing operating systems. Thissecond generation OS
mostly in Unix/Linux allows many people located at various
terminals to use a particular computer at the same time.
Processors time is shared among multiple users simultaneously
so the use of the term timesharing is allowed. In distributed
computing environments, processors are connected and they use
message passing systems to communicate and because of
conditions such as global starvation and global deadlocks,
additional layer of software called middleware is used and use
of cohorts and elect ions algorithms justified.
OS Vulnerabilities
Windows Vulnerabilities
A threat is a force that is adversarial that directly can cause
harm to availability, integrity or confidentiality of a computer
information system including all the subsystems. A threat agent
is an element that provides delivery mechanisms for a threat
while an entity that initiates the launch of a threat is referred to
as a threat actor (NIST, 2010). Threat actors are normally made
more active through forces of too much curiosity or huge
monetary gain without work or a big political leverage or any
form of social activism and lastly by revenge (NIST, 2014).
Intrusion Methods.
Stealth port scans is an advanced technique in intrusion
when port scanning can’t be detected by auditing tools.
Normally, by observing frequent attempts to connect, in which
no data is available, detecting intrusion is easy. In stealth port
scans, ports scan are done at a very low rate such that it is hard
11. for auditing tools to identify connections requests or malicious
attempt to intrude into computer systems (NIST, 2010).
Common gateway interface is an interface between client
side computing and server side computing. Cyber criminals
who are good programmers can break into computer systems
even without the usual login capabilities.
A server message block (SMB) works as an application
layer protocol that functions by providing permissions to files,
ports, processes and so on. A probe into SMB can check for
shared entities that are available on the systems. If a
cybercriminal uses an SMB probe, they can detect which files or
ports are shared on the system.
Linux Vulnerabilities
A threat actor might purposefully launch a threat using an
agent. A threat actor could be for instance be a trusted
employee who commits an unintentional human error like a
trusted employee who clicks on an email designed to be a
phishing email then the email downloads a malware (NIST,
2010).
Intrusion Methods.
In OS fingerprinting attacks, the OS details of a target computer
are looked after and the attacker goes for the same. Information
looked after includes the vendor name, underlying OS, device
type and such.
In buffer overflow attacks, the inputs provided to a program
overruns the buffer’s capacity and spills over to overwrite data
stored at neighboring memory locations. The attacker usually
sets the new values to point to a location where the exploit
payload has been positioned (Rouse, 2017). This alters the
execution path of the process and effectively transfers control to
the attacker's malicious code.
MAC Vulnerabilities
· Hardware tampering: reported in MAC Tablets. Internal
design procedures were not followed in manufacturing the apple
devices.
· Malicious software: discovered at the Payroll system using
12. MAC system by programmers in department of labor.
· Phishing attacks: occurred on a hacked distributed National
Data Services system and reported to company.
Mobile Device Vulnerabilities
· Date entry error: reported in windows 7 devices in which
Microsoft mobile databases reported complaints about illegal
login for Department of social welfare.
· Denial of service: reported in Windows 8 phones. Internal
routines overloaded in MIT’S Mobile Lab.
· Earthquake: hurricanes and earthquakes in China and Japan
destroy tablets at home and in office.
· Espionage: Occurred on a hacked facial recognition system for
FBI and reported to Android databases.
· Floods: Reported in parts of South America and Central Asia
flooding homes and destroying mobile devices.
Risk Comment by Hank Williams: Since you are also
developing a RAR, then Risk should be addressed there, not in
the SAR.
When the risks have all been identified and risk levels
determined, recommendations or countermeasures are drawn to
mitigate or eliminate the risks. The goal is to reduce the risk to
an acceptable level as considered by management just before
system accreditation can be granted. The countermeasures draw
their arguments from the following authoritative sources:
· The effectiveness of the recommended options like system
compatibility.
· Legislation and regulations in place.
· The strength of organization policy.
· Overall Operational impact.
· Safety and reliability of the system in consideration.
Accepting Risk
According to this risk assessment, 11 vulnerabilities were
regarded as having low risk ratings, 15 as having moderate risk
rating and 7 as having a high risk rating. These observations
lead us to comment that the overall level of risk for the
organization as Moderate.
13. Transferring Risk
Among the 33 total number of vulnerabilities identified, 49%
are considered unacceptable because serious harm could result
with the consequence of affecting the operations of the
organization.
Mitigating Risk
Therefore, immediate mandatory countermeasures needs to be
implemented so as to mitigate the risk brought about by these
threats and resources should be made available so as to reduce
the risk level to acceptable level.
Eliminating Risk
Of the identified vulnerabilities 51% are considered acceptable
to the system because only minor problems may result from
these risks and recommended countermeasures have also been
provided to be implemented so as to reduce or eliminate risks.
Vulnerability Assessment Methodology Comment by Hank
Williams: The methodology should be early on in the paper,
then followed by the actual vulnerabilities found. You didn’t
really use the vuls found by MBSA and Open VAS. That would
have been much more effective.
Microsoft Baseline Security Analyzer (MBSA) and OpenVAS
The MBSA security analyzer and the OpenVAS security also
had routines which communicated with green bone security
assessment center especially to provide the automated
recommendation as evident in the Labs 2 and 3. The green bone
security assessment center particularly succeeded in doing the
following as evident in output file. Management has the option
of doing the following in the corporation:
· Accepting the risks and chosen recommended controls or
negotiating an alternative mitigation, while reserving the right
to override the green bone security assessment center and
incorporate the proposed recommended control into the
Amazons Plan of Action and Milestones.
Conclusion
This Risk Assessment Report (RAR) for the organization
identifies risks of the operations especially in those domains
14. which fails to meet the minimum requirements and for which
appropriate countermeasures have yet to be implemented. The
RAR also determines the Probability of occurrence and issues
countermeasures aimed at mitigating the identified risks in an
endeavor to provide an appropriate level of protection and to
satisfy all the minimum requirements imposed on the
organization’s policy document.
The system security policy requirements are satisfied now with
the exception of those specific areas identified in this report.
The countermeasure recommended in this report adds to the
additional security controls needed to meet policies and to
effectively manage the security risk to the organization and its
operating environment. Finally, the Certification Official and
the Authorizing Officials (AO) must determine whether the
totality of the protection mechanisms approximate a sufficient
level of security, are adequate for the protection of this system
and its resources and information. The Risk Assessment Report
supplies critical information and should be carefully reviewed
by the AO prior to making a final accreditation decision.
15. References
1. Bradley, T. (October 17, 2016). Critical Vulnerability in
Apple Mac OS. Retrieved from
https://www.lifewire.com/critical-vulnerability-in-apple-mac-
os-x-2487643
2. National Institute of Standards and Technology (NIST).
(2010). Guide for applying the risk
management framework to federal information systems. NIST
Special Publication 800-37 Revision 1.Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-
rev1-final.pdf
3. National Institute of Standards and Technology (NIST).
(2012). Guide for Conducting Risk
Assessments. NIST Special Publication 800-30 Revision 1.
Retrieved from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicatio
n800-30r1.pdf
4. National Institute of Standards and Technology (NIST).
(2014). Assessing security and
privacy controls in federal information systems and
organizations. NIST Special Publication 800-53A Revision 4.
Retrieved from http://nvlpubs.nist.gov/nistpubs/
SpecialPublications/NIST.SP.800-53Ar4.pdf
5. National Institute of Standards and Technology (NIST).
(2006). Electronic Authentication
Guideline. NIST Special Publication 800-63 Revision 1.0.2.
Retrieved from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublicatio
n800-63ver1.0.2.pdf
6. Rouse, M. (2017). Definition: buffer overflow. Retrieved
from
http://searchsecurity.
16. techtarget.com/definition/buffer-overflow
Risk Management Guide for Information Technology Systems:
Recommendations of the National
Institute of Standards and Technology by Gary Stoneburner,
Alice Goguen, and Alexis Feringa
comprises public domain material from the National Institute of
Standards and Technology,
Technology Administration, U.S. Department of Commerce.
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
17. APPENDIX B: SAMPLE RISK ASSESSMENT REPORT
OUTLINE
EXECUTIVE SUMMARY
I. Introduction
• Purpose
• Scope of this risk assessment
Describe the system components, elements, users, field site
locations (if any), and any other
details about the system to be considered in the assessment.
II. Risk Assessment Approach
Briefly describe the approach used to conduct the risk
assessment, such as—
• The participants (e.g., risk assessment team members)
• The technique used to gather information (e.g., the use of
tools, questionnaires)
• The development and description of risk scale (e.g., a 3 x 3, 4
x 4 , or 5 x 5 risk-level
matrix).
III. System Characterization
Characterize the system, including hardware (server, router,
switch), software (e.g., application,
operating system, protocol), system interfaces (e.g.,
communication link), data, and users.
Provide connectivity diagram or system input and output
flowchart to delineate the scope of this
risk assessment effort.
18. IV. Threat Statement
Compile and list the potential threat-sources and associated
threat actions applicable to the
system assessed.
V. Risk Assessment Results
List the observations (vulnerability/threat pairs). Each
observation must include—
• Observation number and brief description of observation (e.g.,
Observation 1: User
system passwords can be guessed or cracked)
• A discussion of the threat-source and vulnerability pair
• Identification of existing mitigating security controls
• Likelihood discussion and evaluation (e.g., High, Medium, or
Low likelihood)
• Impact analysis discussion and evaluation (e.g., High,
Medium, or Low impact)
• Risk rating based on the risk-level matrix (e.g., High,
Medium, or Low risk level)
• Recommended controls or alternative options for reducing the
risk.
VI. Summary
Total the number of observations. Summarize the observations,
the associated risk levels, the
SP 800-30 Page B-1
19. recommendations, and any comments in a table format to
facilitate the implementation of
recommended controls during the risk mitigation process.
SP 800-30 Page B-2
(1)
Risk
(Vulnerability/
Threat Pair)
(2)
Risk
Level
(3)
Recommended
Controls
(4)
Action
Priority
(5)
Selected
Planned
Controls
21. APPENDIX C: SAMPLE SAFEGUARD IMPLEMENTATION
PLAN SUMMARY TABLE
(9)
Maintenance
Requirement/
Comments
Unauthorized users can
telnet to XYZ server
and browse sensitive
company files with the
guest ID.
High
• Disallow inbound
telnet
• Disallow “world”
access to sensitive
company files
• Disable the guest
ID or assign
difficult-to-guess
password to the
guest ID
High
10 hours to
reconfigure
and test the
22. system
John Doe, XYZ
server system
administrator;
Jim Smith,
company firewall
administrator
9-1-2001 to
9-2-2001
• Perform
periodic
system
security review
and testing to
ensure
adequate
security is
provided for
the XYZ
server
(1) The risks (vulnerability/threat pairs) are output from the risk
assessment process
(2) The associated risk level of each identified risk
(vulnerability/threat pair) is the output from the risk assessment
process
(3) Recommended controls are output from the risk assessment
process
(4) Action priority is determined based on the risk levels and
available resources (e.g., funds, people, technology)
(5) Planned controls selected from the recommended controls
for implementation
(6) Resources required for implementing the selected planned
23. controls
(7) List of team(s) and persons who will be responsible for
implementing the new or enhanced controls
(8) Start date and projected end date for implementing the new
or enhanced controls
(9) Maintenance requirement for the new or enhanced controls
after implementation.
SP 800-30 Page C-1
MBSA
OpenVAS
Wireshark
24. Nmap
Project 3 Start Here
Transcript
The security posture of the information systems infrastructure
of an organization should be regularly monitored and assessed
(including software, hardware, firmware components,
governance policies, and implementation of security controls).
The monitoring and assessment of the infrastructure and its
components, policies, and processes should also account for
changes and new procurements that are sure to follow in order
to stay in step with ever-changing information system
technologies.
The data breach at the Office of Personnel Management (OPM)
is one of the largest in US government history. It provides a
series of lessons learned for other organizations in industry and
the public sector. Some critical security practices, such as lack
of diligence to security controls and management of changes to
the information systems infrastructure were cited as
contributors to the massive data breach in the OPM Office of
the Inspector General's (OIG) Final Audit Report, which can be
found in open source searches. Some of the findings in the
report include: weak authentication mechanisms; lack of a plan
for life-cycle management of the information systems; lack of a
configuration management and change management plan; lack
of inventory of systems, servers, databases, and network
devices; lack of mature vulnerability scanning tools; lack of
valid authorizations for many systems, and lack of plans of
action to remedy the findings of previous audits.
The breach ultimately resulted in removal of OPM's top
leadership. The impact of the breach on the livelihoods of
millions of people is ongoing and may never be fully known.
There is a critical need for security programs that can assess
25. vulnerabilities and provide mitigations.
There are 10 steps that will lead you through this project. You
should complete Project 3 during Weeks 2-5. After beginning
with the workplace scenario, continue to Step 1:
"Organizational Background."
When you submit your project, your work will be evaluated
using the competencies listed below. You can use the list below
to self-check your work before submission.
· 1.1: Organize document or presentation in a manner that
promotes understanding and meets the requirements of the
assignment.
· 1.2: Develop coherent paragraphs or points to be internally
unified and function as part of the whole document or
presentation.
· 1.3: Provide sufficient, correctly cited support that
substantiates the writer’s ideas.
· 1.4: Tailor communications to the audience.
· 1.5: Use sentence structure appropriate to the task, message
and audience.
· 1.6: Follow conventions of Standard Written English.
· 5.2 Enterprise Architecture: Knowledge of architectural
methodologies used in the design and development of
information systems, including the physical structure of a
system's internal operations and interactions with other systems
and knowledge of stan
· 5.6: Technology Awareness: Explore and address
cybersecurity concerns, promote awareness, best practice, and
emerging technology
· 7.3: Risk Management : Knowledge of methods and tools used
for risk management and mitigation of risk
· 8.1: Incident Detection: Demonstrate the abilities to detect,
identify, and resolve host and network intrusion incidents.
· 8.2: Incident Classification: Possess knowledge and skills to
categorize, characterize, and prioritize an incident as well as to
handle relevant digital evidence appropriately.
Step 1: Organizational Background
26. Perform quick independent research on organizational structure
in your industry sector. Describe the background of your
organization, including the purpose, organizational structure,
the network system description, and a diagram of the
organization. Include LAN, WAN, and systems in diagram
format, the intra-network, and WAN side networks, and the
internet. Identify the boundaries that separate the inner
networks from the outside networks. Take time to click on and
read about the following computing platforms available for
networks, then include a description of how these platforms are
implemented in your organization:
· common computing platforms
· cloud computing
· distributed computing
· centralized computing
· secure programming fundamentals
This information can be fictitious, or modeled from existing
organizations. Be sure to cite references. Step 2: Organizational
Threats
You just provided detailed background information on your
organization. Next, you’ll describe threats to your
organization’s system. Before you get started, select and
explore the contents of the following link: insider threats (also
known as internal threats). As you’re reading, take note of
which insider threats are a risk to your organization.
Now, differentiate between the external threats to the system
and the insider threats. Identify where these threats can occur in
the previously created diagrams. Define threat intelligence, and
explain what kind of threat intelligence is known about the
OPM breach. Relate the OPM threat intelligence to your
organization. How likely is it that a similar attack will occur at
your organization? Step 3: Scanning the Network
Note: You will utilize the tools in Workspace for this step. If
you need help outside the classroom to complete this project,
you must register for CLAB 699 Cyber Computing Lab
Assistance (go to the Discussions List for registration
27. information). Primary lab assistance is available from a team of
lab assistants. Lab assistants are professionals and are trained to
help you.
Click here to access the Project 3 Workspace Exercise
Instructions. Explore the tutorials and user guides to learn more
about the tools you will use. You will perform this lab in Step
7.
In order to validate the assets and devices on the organization's
network, run scans using security and vulnerability assessment
analysis tools such as MBSA, OpenVAS, Nmap, or NESSUS
depending on the operating systems of your organization's
networks. Live network traffic can also be sampled and scanned
using Wireshark (we do this in step 7) on either the Linux or
Windows systems. Wireshark allows you to inspect all OSI
Layers of traffic information. Click the following link to read
more about these network monitoring tools: Tools to Monitor
and Analyze Network Activities.
Provide the report as part of the SAR.
Review the information captured in these two links message and
protocols and Transmission Control Protocol/Internet Protocol
(TCP/IP), and identify any security communication, message
and protocols, or security data transport methods used such as
(TCP/IP), SSL, and others. Make note of this, as it should be
mentioned in your reports.Step 4: Identifying Security Issues
You have a suite of security tools, techniques, and procedures
that can be used to assess the security posture of your
organization's network in a SAR.
Now it's time to identify the security issues in your
organization's networks. You have already used password
cracking tools to crack weak and vulnerable passwords. Provide
an analysis of the strength of passwords used by the employees
in your organization. Are weak passwords a security issue for
your organization?Step 5: Firewalls and Encryption
Next, examine these resources on firewalls and auditing–
RDBMS related to the use of the Relational Database
Management System (i.e., the database system and data)
28. RDBMS. Also review these resources related to access control.
Determine the role of firewalls and encryption, and auditing –
RDBMS that could assist in protecting information and
monitoring the confidentiality, integrity, and availability of the
information in the information systems.
Reflect any weaknesses found in the network and information
system diagrams previously created, as well as in the
developing SAR.
Step 6: Threat Identification
You know of the weaknesses in your organization's network and
information system. Now you will determine various known
threats to the organization's network architecture and IT assets.
Get acquainted with the following types of threats and attack
techniques. Which are a risk to your organization?
· IP address spoofing/cache poisoning attacks
· denial of service attacks (DoS)
· packet analysis/sniffing
· session hijacking attacks
· distributed denial of service attacks
In identifying the different threats, complete the following
tasks:
1. Identify the potential hacking actors of these threat attacks
on vulnerabilities in networks and information systems and the
types of remediation and mitigation techniques available in your
industry, and for your organization.
2. Identify the purpose and function of firewalls for
organization network systems, and how they address the threats
and vulnerabilities you have identified.
3. Also discuss the value of using access control, database
transaction and firewall log files.
4. Identify the purpose and function of encryption, as it relates
to files and databases and other information assets on the
organization's networks.
Include these in the SAR. Step 7: Network Analysis
Note: You will utilize the tools in Workspace for this step.
You will now investigate network traffic, and the security of the
29. network and information system infrastructure overall. Past
network data has been logged and stored, as collected by a
network analyzer tool such as Wireshark.
Select the following link to enter Workspace and complete the
lab activities related to network vulnerabilities.
Perform a network analysis on the Wireshark files provided to
you in Workspace and assess the network posture and any
vulnerability or suspicious information you are able to obtain.
Include this information in the SAR. Further analyze the packet
capture for network performance, behavior, and any suspicious
source and destination addresses on the networks.
In the previously created Wireshark files, identify if any
databases had been accessed. What are the IP addresses
associated with that activity? Include this information in the
SAR. Step 8: Suspicious Activity
Note: You will utilize the tools in Workspace for this step.
Hackers frequently scan the Internet for computers or networks
to exploit. An effective firewall can prevent hackers from
detecting the existence of networks. Hackers continue to scan
ports, but if the hacker finds there is no response from the port
and no connection, the hacker will move on. The firewall can
block unwanted traffic and NMap can be used to self-scan to
test the responsiveness of the organization's network to would-
be hackers.
Select the following link to enter Workspace and conduct the
port scanning. Provide your findings in the SAR deliverable.
Provide analyses of the scans and any recommendation for
remediation, if needed. Identify any suspicious activity and
formulate the steps in an incidence response that could have
been, or should be, enacted. Include the responsible parties that
would provide that incidence response and any follow-up
activity. Include this in the SAR. Please note that some
scanning tools are designed to be undetectable. While running
the scan and observing network activity with Wireshark, attempt
to determine the detection of the scan in progress. If you cannot
identify the scan as it is occurring, indicate this in your
30. SAR.Step 9: Risk and Remediation
What is the risk and what is the remediation? What is the
security exploitation? You can use the OPM OIG Final Audit
Report findings and recommendations as a possible source for
methods to remediate vulnerabilities.
Read this risk assessment resource to get familiar with the
process, then prepare the risk assessment. Be sure to first list
the threats, then the vulnerabilities, and then pairwise
comparisons for each threat and vulnerability, and determine the
likelihood of that event occurring, and the level of impact it
would have on the organization. Use the OPM OIG Final Audit
Report findings as a possible source for potential mitigations.
Include this in the risk assessment report (RAR).
Step 10: Creating the SAR and RAR
Your research and Workspace exercise have led you to this
moment: creating your SAR and RAR. Consider what you have
learned in the previous steps as you create your reports for
leadership.
Prepare a Security Assessment Report (SAR) with the following
sections:
1. Purpose
2. Organization
3. Scope
4. Methodology
5. Data
6. Results
7. Findings
The final SAR does not have to stay within this framework, and
can be designed to fulfill the goal of the security assessment.
Prepare a Risk Assessment Report (RAR) with information on
the threats, vulnerabilities, likelihood of exploitation of security
weaknesses, impact assessments for exploitation of security
weaknesses, remediation, and cost/benefit analyses of
remediation. Devise a high-level plan of action with interim
milestones (POAM), in a system methodology, to remedy your
findings. Include this high-level plan in the RAR. Summarize
31. the results you obtained from the vulnerability assessment tools
(i.e., MBSA and OpenVas) in your report.
The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This should be an 8-10
page double-spaced Word document with citations in APA
format. The page count does not include figures, diagrams,
tables, or citations.
2. Risk Assessment Report (RAR): This report should be a 5-6
page double-spaced Word document with citations in APA
format. The page count does not include figures, diagrams,
tables, or citations.
3. In a Word document, share your lab experience and provide
screen prints to demonstrate that you performed the lab.
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them in your work.
· 1.1: Organize document or presentation in a manner that
promotes understanding and meets the requirements of the
assignment.
· 1.2: Develop coherent paragraphs or points to be internally
unified and function as part of the whole document or
presentation.
· 1.3: Provide sufficient, correctly cited support that
substantiates the writer’s ideas.
· 1.4: Tailor communications to the audience.
· 1.5: Use sentence structure appropriate to the task, message
and audience.
· 1.6: Follow conventions of Standard Written English.
· 5.2 Enterprise Architecture: Knowledge of architectural
methodologies used in the design and development of
information systems, including the physical structure of a
system's internal operations and interactions with other systems
and knowledge of stan
32. · 5.6: Technology Awareness: Explore and address
cybersecurity concerns, promote awareness, best practice, and
emerging technology
· 7.3: Risk Management : Knowledge of methods and tools used
for risk management and mitigation of risk
· 8.1: Incident Detection: Demonstrate the abilities to detect,
identify, and resolve host and network intrusion incidents.
· 8.2: Incident Classification: Possess knowledge and skills to
categorize, characterize, and prioritize an incident as well as to
handle relevant digital evidence appropriately.
Basically, you are going to have a network diagram that shows
the different levels of the network (backend, intranet, DMZ,
frontend applications, etc) all the way through to the internet.
Show how you are separating the logical portions (firewalls,
switches, VLANs, etc).