SlideShare a Scribd company logo

NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx

Download as DOCX, PDF
T
taitcandie

NGOKAN - ATTENTION PROJECT 3 – ASSESSING INFORMATION SYSTEM VULNERABILITY AND RISK MITIGATION - I WILL DO THE LAB, JUST NEED HELP WITH THE SAR and RAR (reports) Intro video on the deliverables is here https://youtu.be/rStxKMeGXAI Please select part of your references from this below. http://resources.sei.cmu.edu/library/ SEE ATTACHED DOCUMENTS FOR READING AND REFERENCE The deliverables for this project are as follows: Security Assessment Report (SAR): This should be an 8-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. Please select part of your references from this below. http://resources.sei.cmu.edu/library/ Pick an organization of your choice (pick from any sector, be creative) 1. Security Assessment Report (SAR) with the following sections: please pay attention to details of the ENTIRE requirements (use figures, tables and diagrams where applicable) · Organizational Background Describe the background of the organization you have picked Purpose Describe purpose of the assessment (refer to the incident of OPM below in the transcript) Organizational structure o Describe the organizational structure, the network system description, and a diagram of the organization. (Please insert this diagram) Include LAN, WAN, and systems in diagram format ( use the OPM systems model of LAN side networks) , the intra-network, and WAN side networks, the Internet. Identify the boundaries that separate the inner networks from the outside networks. o include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals. (cite reference) o What insider threats are a risk to your organization o differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. (cite reference) o Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your fictitious organization. How likely is it that a similar attack will occur at your organization? (cite reference) Scope Describe the scope of the assessment Methodology (cite references) o Use a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. o identify the security issues in your fictitious organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. o Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security i ...

Education
1 of 21
NGOKAN - ATTENTION PROJECT 3 – ASSESSING INFORMATION SYSTEM VULNERABILITY AND RISK MITIGATION - I WILL DO THE LAB, JUST NEED HELP WITH THE SAR and RAR (reports) Intro video on the deliverables is here https://youtu.be/rStxKMeGXAI Please select part of your references from this below. http://resources.sei.cmu.edu/library/ SEE ATTACHED DOCUMENTS FOR READING AND REFERENCE The deliverables for this project are as follows: Security Assessment Report (SAR): This should be an 8-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. Please select part of your references from this below. http://resources.sei.cmu.edu/library/ Pick an organization of your choice (pick from any sector, be creative) 1.
Security Assessment Report (SAR) with the following sections: please pay attention to details of the ENTIRE requirements (use figures, tables and diagrams where applicable) · Organizational Background Describe the background of the organization you have picked Purpose Describe purpose of the assessment (refer to the incident of OPM below in the transcript) Organizational structure o Describe the organizational structure, the network system description, and a diagram of the organization. (Please insert this diagram) Include LAN, WAN, and systems in diagram format ( use the OPM systems model of LAN side networks) , the intra-network, and WAN side networks, the Internet. Identify the boundaries that separate the inner networks from the outside networks. o include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals. (cite reference) o What insider threats are a risk to your organization o differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the
previously created diagrams. (cite reference) o Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your fictitious organization. How likely is it that a similar attack will occur at your organization? (cite reference) Scope Describe the scope of the assessment Methodology (cite references) o Use a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. o identify the security issues in your fictitious organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. o Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? o examine security tool resources on firewalls and
auditing–RDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. o Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. o Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. o Which of the following types of threats and attack techniques are a risk to your organization; IP address spoofing/cache poisoning attacks, denial of service attacks (DoS), packet analysis/sniffing, session hijacking attacks, distributed denial of service attacks o In identifying the different threats: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 2.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 3. Also discuss the value of using access control, database transaction and firewall log files. 4. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. 5. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. 6. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the SAR. o Provide possible nmap portscan findings in the SAR deliverable. Provide analyses of the scans and any recommendation for remediation Identify any suspicious activity and formulate the steps in an incidence response that could have been, or should be, enacted. Include the responsible parties that would provide that incidence response and any follow-up activity. Include this in the SAR. Please note that some scanning tools are designed to be
undetectable. While running the scan and observing network activity with Wireshark, attempt to determine the detection of the scan in progress. If you cannot identify the scan as it is occurring, indicate this in your SAR. Data Results Compare results of wireshark and nmap in a general sense o INCLUDE lab report on wireshark and nmap as part of the SAR. o Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), o identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note and mention in your reports. Findings o Describe the findings in the report to include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations
for many systems, and lack of plans of action to remedy the findings of previous audits. o Describe some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report , which can be found in open source searches. o Describe Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of standards o Describe Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology o Describe Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk o Describe Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. o Describe Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as
to handle relevant digital evidence appropriately 2. Risk Assessment Report (RAR) please review requirements and use figures, tables and diagrams where applicable · Identify and include information on the threats, vulnerabilities, risks, likelihood of exploitation of security weaknesses, level of impact it would have on the organization and suggested remediation . (cite reference) · Include impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. (cite reference) · devise and include a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. (cite reference) · Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report. · Include the OPM OIG
Final Audit Report findings as a possible source for potential mitigations or possible methods to remediate vulnerabilities (cite reference) Notes start here: You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. Notes end here:
Prepare a Security Assessment Report (SAR) with the following sections: Purpose Organization Scope Methodology Data Results Findings The final SAR does not have to stay within this framework, and can be designed to fulfill the goal of the security assessment. Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report. 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of
information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of stan 5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology 7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk 8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. VIDEO Transcript You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management.” We don't know how this happened, but we need to make sure it doesn't happen again, says Karen. You'll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk, you open Karen's email. She's given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the
databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation . END OF TRANSCRIPT The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. The data breach at the Office of Personnel Management (OPM) is one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report , which can be found in open source searches. Some of the findings in the report include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations for many systems,
and lack of plans of action to remedy the findings of previous audits. The breach ultimately resulted in removal of OPM's top leadership. The impact of the breach on the livelihoods of millions of people is ongoing and may never be fully known. There is a critical need for security programs that can assess vulnerabilities and provide mitigations. There are 10 steps that will lead you through this project. You should complete Project 3 during Weeks 2-5. After beginning with the workplace scenario, continue to Step 1: "Organizational Background." When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of stan 5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology 7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk
8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. Step 1 Organizational Background Describe the background of your organization, including the purpose, organizational structure, the network system description, and a diagram of the organization. Include LAN, WAN, and systems in diagram format (use the OPM systems model of LAN side networks), the intra-network, and WAN side networks, the inter-net. Identify the boundaries that separate the inner networks from the outside networks. Take time to click on and read about the following computing platforms available for networks, then include a description of how these platforms are implemented in your organization: common computing platforms cloud computing distributed computing centralized computing secure programming fundamentals This information can be fictitious, or modeled from existing organizations. Be sure to cite references. Step 2: Organizational Threats Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link
SEE ATTACHED DOCUMENT : insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization. Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Step 3: Scanning the Network Note: You will utilize the tools in Workspace for this step. Click here to access the Project 3 Workspace Exercise Instructions . Explore the tutorials and user guides to learn more about the tools you will use. You will perform this lab in Step 7. In order to validate the assets and devices on the organization's network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or NESSUS depending on the operating systems of your organization's networks. Live network traffic can also be sampled and scanned using Wireshark (we do this in step 7) on either the Linux or Windows systems. Wireshark allows you to inspect all OSI Layers of traffic information. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities .
INCLUDE the report as part of the SAR. Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), and identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note of this, as it should be mentioned in your reports. Step 4: Identifying Security Issues You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. Now it's time to identify the security issues in your organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? Step 5: Firewalls and Encryption Next, examine these resources on firewalls and auditing–RDBMS
related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. Step 6: Threat Identification You know of the weaknesses in your organization's network and information system. Now you will determine various known threats to the organization's network architecture and IT assets. Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? IP address spoofing/cache poisoning attacks denial of service attacks (DoS) packet analysis/sniffing session hijacking attacks distributed denial of service attacks In identifying the different threats, complete the following tasks: 7. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 8.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 9. Also discuss the value of using access control, database transaction and firewall log files. 10. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. Include these in the SAR. LAB Step 7: Network Analysis Note: You will utilize the tools in Workspace for this step. You will now investigate network traffic, and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Select the following link to enter Workspace and complete the lab activities related to network vulnerabilities. Perform a network analysis on the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. Include this information in the SAR. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the
SAR. LAB Step 8: Suspicious Activity Note: You will utilize the tools in Workspace for this step. Hackers frequently scan the Internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and NMap can be used to self-scan to test the responsiveness of the organization's network to would- be hackers. Select the following link to enter Workspace and conduct the port scanning. Provide your findings in the SAR deliverable. Provide analyses of the scans and any recommendation for remediation, if needed. Identify any suspicious activity and formulate the steps in an incidence response that could have been, or should be, enacted. Include the responsible parties that would provide that incidence response and any follow-up activity. Include this in the SAR. Please note that some scanning tools are designed to be undetectable. While running the scan and observing network activity with Wireshark, attempt to determine the detection of the scan in progress. If you cannot identify the scan as it is occurring, indicate this in your SAR. Step 9: Risk and Remediation What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report
findings and recommendations as a possible source for methods to remediate vulnerabilities. Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this in the risk assessment report (RAR). Your research and Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx

Recommended

Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 

Recommended

Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1Royalzig Luxury Furniture
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Running head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docxRunning head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docxSUBHI7
 
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxjeanettehully
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxwkyra78
 
Below I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docxBelow I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docxtaitcandie
 
Below I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docxBelow I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docxtaitcandie
 

More Related Content

Similar to NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx

CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Running head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docxRunning head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docxSUBHI7
 
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxjeanettehully
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxwkyra78
 

Similar to NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx (20)

CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.com
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Running head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docxRunning head Risk Assessment Repot (RAR) .docx
Running head Risk Assessment Repot (RAR) .docx
 
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docx
 

More from taitcandie

Below I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docxBelow I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docxtaitcandie
 
Below I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docxBelow I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docxtaitcandie
 
Below I copy and pasted my directions and then the actual homework a.docx
Below I copy and pasted my directions and then the actual homework a.docxBelow I copy and pasted my directions and then the actual homework a.docx
Below I copy and pasted my directions and then the actual homework a.docxtaitcandie
 
Below I have attached the Rubic and Grading scale. Please Provide Tu.docx
Below I have attached the Rubic and Grading scale. Please Provide Tu.docxBelow I have attached the Rubic and Grading scale. Please Provide Tu.docx
Below I have attached the Rubic and Grading scale. Please Provide Tu.docxtaitcandie
 
Below attachment is the outline. And already pasted the outline here.docx
Below attachment is the outline. And already pasted the outline here.docxBelow attachment is the outline. And already pasted the outline here.docx
Below attachment is the outline. And already pasted the outline here.docxtaitcandie
 
Below are three papers to be written.  There is no minimum on word c.docx
Below are three papers to be written.  There is no minimum on word c.docxBelow are three papers to be written.  There is no minimum on word c.docx
Below are three papers to be written.  There is no minimum on word c.docxtaitcandie
 
Below are the Rules of Engagement” referenced in the prompt.ü W.docx
Below are the Rules of Engagement” referenced in the prompt.ü W.docxBelow are the Rules of Engagement” referenced in the prompt.ü W.docx
Below are the Rules of Engagement” referenced in the prompt.ü W.docxtaitcandie
 
Below are the steps used in data mining. Please provide why each of .docx
Below are the steps used in data mining. Please provide why each of .docxBelow are the steps used in data mining. Please provide why each of .docx
Below are the steps used in data mining. Please provide why each of .docxtaitcandie
 
Below are the characteristics of Realism--pick one piece of literatu.docx
Below are the characteristics of Realism--pick one piece of literatu.docxBelow are the characteristics of Realism--pick one piece of literatu.docx
Below are the characteristics of Realism--pick one piece of literatu.docxtaitcandie
 
Below are the different level of analysis of data mining. Provid.docx
Below are the different level of analysis of data mining. Provid.docxBelow are the different level of analysis of data mining. Provid.docx
Below are the different level of analysis of data mining. Provid.docxtaitcandie
 
Below are questions based on the links provided. These are the only .docx
Below are questions based on the links provided. These are the only .docxBelow are questions based on the links provided. These are the only .docx
Below are questions based on the links provided. These are the only .docxtaitcandie
 
Below are discussion questions that my fellow classmates wrote..docx
Below are discussion questions that my fellow classmates wrote..docxBelow are discussion questions that my fellow classmates wrote..docx
Below are discussion questions that my fellow classmates wrote..docxtaitcandie
 
Bellevue Hospital Marketing and Communication PlanVe.docx
Bellevue Hospital Marketing and Communication PlanVe.docxBellevue Hospital Marketing and Communication PlanVe.docx
Bellevue Hospital Marketing and Communication PlanVe.docxtaitcandie
 
Bellevue College Chemistry 162 1 Empirical Gas La.docx
Bellevue College Chemistry 162 1 Empirical Gas La.docxBellevue College Chemistry 162 1 Empirical Gas La.docx
Bellevue College Chemistry 162 1 Empirical Gas La.docxtaitcandie
 
Being able to use research and apply findings to programming is the .docx
Being able to use research and apply findings to programming is the .docxBeing able to use research and apply findings to programming is the .docx
Being able to use research and apply findings to programming is the .docxtaitcandie
 
Being competitive is very different than achieving sustainable com.docx
Being competitive is very different than achieving sustainable com.docxBeing competitive is very different than achieving sustainable com.docx
Being competitive is very different than achieving sustainable com.docxtaitcandie
 
Being enrolled in the MS in Child and Adolescent Developmental Psych.docx
Being enrolled in the MS in Child and Adolescent Developmental Psych.docxBeing enrolled in the MS in Child and Adolescent Developmental Psych.docx
Being enrolled in the MS in Child and Adolescent Developmental Psych.docxtaitcandie
 
Being of a particular ethnicity or gender had a great impact on you.docx
Being of a particular ethnicity or gender had a great impact on you.docxBeing of a particular ethnicity or gender had a great impact on you.docx
Being of a particular ethnicity or gender had a great impact on you.docxtaitcandie
 
Being culturally sensitive by respecting your clients spiritual.docx
Being culturally sensitive by respecting your clients spiritual.docxBeing culturally sensitive by respecting your clients spiritual.docx
Being culturally sensitive by respecting your clients spiritual.docxtaitcandie
 
Being an Effective Agile Project LeaderYou have been asked b.docx
Being an Effective Agile Project LeaderYou have been asked b.docxBeing an Effective Agile Project LeaderYou have been asked b.docx
Being an Effective Agile Project LeaderYou have been asked b.docxtaitcandie
 

More from taitcandie (20)

Below I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docxBelow I have uploaded the example of the unad as well as a rough dr.docx
Below I have uploaded the example of the unad as well as a rough dr.docx
 
Below I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docxBelow I have written the answer but I need someone to please help me.docx
Below I have written the answer but I need someone to please help me.docx
 
Below I copy and pasted my directions and then the actual homework a.docx
Below I copy and pasted my directions and then the actual homework a.docxBelow I copy and pasted my directions and then the actual homework a.docx
Below I copy and pasted my directions and then the actual homework a.docx
 
Below I have attached the Rubic and Grading scale. Please Provide Tu.docx
Below I have attached the Rubic and Grading scale. Please Provide Tu.docxBelow I have attached the Rubic and Grading scale. Please Provide Tu.docx
Below I have attached the Rubic and Grading scale. Please Provide Tu.docx
 
Below attachment is the outline. And already pasted the outline here.docx
Below attachment is the outline. And already pasted the outline here.docxBelow attachment is the outline. And already pasted the outline here.docx
Below attachment is the outline. And already pasted the outline here.docx
 
Below are three papers to be written.  There is no minimum on word c.docx
Below are three papers to be written.  There is no minimum on word c.docxBelow are three papers to be written.  There is no minimum on word c.docx
Below are three papers to be written.  There is no minimum on word c.docx
 
Below are the Rules of Engagement” referenced in the prompt.ü W.docx
Below are the Rules of Engagement” referenced in the prompt.ü W.docxBelow are the Rules of Engagement” referenced in the prompt.ü W.docx
Below are the Rules of Engagement” referenced in the prompt.ü W.docx
 
Below are the steps used in data mining. Please provide why each of .docx
Below are the steps used in data mining. Please provide why each of .docxBelow are the steps used in data mining. Please provide why each of .docx
Below are the steps used in data mining. Please provide why each of .docx
 
Below are the characteristics of Realism--pick one piece of literatu.docx
Below are the characteristics of Realism--pick one piece of literatu.docxBelow are the characteristics of Realism--pick one piece of literatu.docx
Below are the characteristics of Realism--pick one piece of literatu.docx
 
Below are the different level of analysis of data mining. Provid.docx
Below are the different level of analysis of data mining. Provid.docxBelow are the different level of analysis of data mining. Provid.docx
Below are the different level of analysis of data mining. Provid.docx
 
Below are questions based on the links provided. These are the only .docx
Below are questions based on the links provided. These are the only .docxBelow are questions based on the links provided. These are the only .docx
Below are questions based on the links provided. These are the only .docx
 
Below are discussion questions that my fellow classmates wrote..docx
Below are discussion questions that my fellow classmates wrote..docxBelow are discussion questions that my fellow classmates wrote..docx
Below are discussion questions that my fellow classmates wrote..docx
 
Bellevue Hospital Marketing and Communication PlanVe.docx
Bellevue Hospital Marketing and Communication PlanVe.docxBellevue Hospital Marketing and Communication PlanVe.docx
Bellevue Hospital Marketing and Communication PlanVe.docx
 
Bellevue College Chemistry 162 1 Empirical Gas La.docx
Bellevue College Chemistry 162 1 Empirical Gas La.docxBellevue College Chemistry 162 1 Empirical Gas La.docx
Bellevue College Chemistry 162 1 Empirical Gas La.docx
 
Being able to use research and apply findings to programming is the .docx
Being able to use research and apply findings to programming is the .docxBeing able to use research and apply findings to programming is the .docx
Being able to use research and apply findings to programming is the .docx
 
Being competitive is very different than achieving sustainable com.docx
Being competitive is very different than achieving sustainable com.docxBeing competitive is very different than achieving sustainable com.docx
Being competitive is very different than achieving sustainable com.docx
 
Being enrolled in the MS in Child and Adolescent Developmental Psych.docx
Being enrolled in the MS in Child and Adolescent Developmental Psych.docxBeing enrolled in the MS in Child and Adolescent Developmental Psych.docx
Being enrolled in the MS in Child and Adolescent Developmental Psych.docx
 
Being of a particular ethnicity or gender had a great impact on you.docx
Being of a particular ethnicity or gender had a great impact on you.docxBeing of a particular ethnicity or gender had a great impact on you.docx
Being of a particular ethnicity or gender had a great impact on you.docx
 
Being culturally sensitive by respecting your clients spiritual.docx
Being culturally sensitive by respecting your clients spiritual.docxBeing culturally sensitive by respecting your clients spiritual.docx
Being culturally sensitive by respecting your clients spiritual.docx
 
Being an Effective Agile Project LeaderYou have been asked b.docx
Being an Effective Agile Project LeaderYou have been asked b.docxBeing an Effective Agile Project LeaderYou have been asked b.docx
Being an Effective Agile Project LeaderYou have been asked b.docx
 

Recently uploaded

Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 

Recently uploaded (20)

Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 

NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx

  • 1. NGOKAN - ATTENTION PROJECT 3 – ASSESSING INFORMATION SYSTEM VULNERABILITY AND RISK MITIGATION - I WILL DO THE LAB, JUST NEED HELP WITH THE SAR and RAR (reports) Intro video on the deliverables is here https://youtu.be/rStxKMeGXAI Please select part of your references from this below. http://resources.sei.cmu.edu/library/ SEE ATTACHED DOCUMENTS FOR READING AND REFERENCE The deliverables for this project are as follows: Security Assessment Report (SAR): This should be an 8-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. Please select part of your references from this below. http://resources.sei.cmu.edu/library/ Pick an organization of your choice (pick from any sector, be creative) 1.
  • 2. Security Assessment Report (SAR) with the following sections: please pay attention to details of the ENTIRE requirements (use figures, tables and diagrams where applicable) · Organizational Background Describe the background of the organization you have picked Purpose Describe purpose of the assessment (refer to the incident of OPM below in the transcript) Organizational structure o Describe the organizational structure, the network system description, and a diagram of the organization. (Please insert this diagram) Include LAN, WAN, and systems in diagram format ( use the OPM systems model of LAN side networks) , the intra-network, and WAN side networks, the Internet. Identify the boundaries that separate the inner networks from the outside networks. o include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals. (cite reference) o What insider threats are a risk to your organization o differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the
  • 3. previously created diagrams. (cite reference) o Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your fictitious organization. How likely is it that a similar attack will occur at your organization? (cite reference) Scope Describe the scope of the assessment Methodology (cite references) o Use a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. o identify the security issues in your fictitious organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. o Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? o examine security tool resources on firewalls and
  • 4. auditing–RDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. o Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. o Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. o Which of the following types of threats and attack techniques are a risk to your organization; IP address spoofing/cache poisoning attacks, denial of service attacks (DoS), packet analysis/sniffing, session hijacking attacks, distributed denial of service attacks o In identifying the different threats: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 2.
  • 5. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 3. Also discuss the value of using access control, database transaction and firewall log files. 4. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. 5. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. 6. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the SAR. o Provide possible nmap portscan findings in the SAR deliverable. Provide analyses of the scans and any recommendation for remediation Identify any suspicious activity and formulate the steps in an incidence response that could have been, or should be, enacted. Include the responsible parties that would provide that incidence response and any follow-up activity. Include this in the SAR. Please note that some scanning tools are designed to be
  • 6. undetectable. While running the scan and observing network activity with Wireshark, attempt to determine the detection of the scan in progress. If you cannot identify the scan as it is occurring, indicate this in your SAR. Data Results Compare results of wireshark and nmap in a general sense o INCLUDE lab report on wireshark and nmap as part of the SAR. o Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), o identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note and mention in your reports. Findings o Describe the findings in the report to include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations
  • 7. for many systems, and lack of plans of action to remedy the findings of previous audits. o Describe some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report , which can be found in open source searches. o Describe Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of standards o Describe Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology o Describe Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk o Describe Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. o Describe Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as
  • 8. to handle relevant digital evidence appropriately 2. Risk Assessment Report (RAR) please review requirements and use figures, tables and diagrams where applicable · Identify and include information on the threats, vulnerabilities, risks, likelihood of exploitation of security weaknesses, level of impact it would have on the organization and suggested remediation . (cite reference) · Include impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. (cite reference) · devise and include a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. (cite reference) · Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report. · Include the OPM OIG
  • 9. Final Audit Report findings as a possible source for potential mitigations or possible methods to remediate vulnerabilities (cite reference) Notes start here: You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. Notes end here:
  • 10. Prepare a Security Assessment Report (SAR) with the following sections: Purpose Organization Scope Methodology Data Results Findings The final SAR does not have to stay within this framework, and can be designed to fulfill the goal of the security assessment. Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report. 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of
  • 11. information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of stan 5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology 7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk 8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. VIDEO Transcript You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management.” We don't know how this happened, but we need to make sure it doesn't happen again, says Karen. You'll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk, you open Karen's email. She's given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the
  • 12. databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation . END OF TRANSCRIPT The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. The data breach at the Office of Personnel Management (OPM) is one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report , which can be found in open source searches. Some of the findings in the report include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations for many systems,
  • 13. and lack of plans of action to remedy the findings of previous audits. The breach ultimately resulted in removal of OPM's top leadership. The impact of the breach on the livelihoods of millions of people is ongoing and may never be fully known. There is a critical need for security programs that can assess vulnerabilities and provide mitigations. There are 10 steps that will lead you through this project. You should complete Project 3 during Weeks 2-5. After beginning with the workplace scenario, continue to Step 1: "Organizational Background." When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system's internal operations and interactions with other systems and knowledge of stan 5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology 7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk
  • 14. 8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. Step 1 Organizational Background Describe the background of your organization, including the purpose, organizational structure, the network system description, and a diagram of the organization. Include LAN, WAN, and systems in diagram format (use the OPM systems model of LAN side networks), the intra-network, and WAN side networks, the inter-net. Identify the boundaries that separate the inner networks from the outside networks. Take time to click on and read about the following computing platforms available for networks, then include a description of how these platforms are implemented in your organization: common computing platforms cloud computing distributed computing centralized computing secure programming fundamentals This information can be fictitious, or modeled from existing organizations. Be sure to cite references. Step 2: Organizational Threats Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link
  • 15. SEE ATTACHED DOCUMENT : insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization. Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Step 3: Scanning the Network Note: You will utilize the tools in Workspace for this step. Click here to access the Project 3 Workspace Exercise Instructions . Explore the tutorials and user guides to learn more about the tools you will use. You will perform this lab in Step 7. In order to validate the assets and devices on the organization's network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or NESSUS depending on the operating systems of your organization's networks. Live network traffic can also be sampled and scanned using Wireshark (we do this in step 7) on either the Linux or Windows systems. Wireshark allows you to inspect all OSI Layers of traffic information. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities .
  • 16. INCLUDE the report as part of the SAR. Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), and identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note of this, as it should be mentioned in your reports. Step 4: Identifying Security Issues You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. Now it's time to identify the security issues in your organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? Step 5: Firewalls and Encryption Next, examine these resources on firewalls and auditing–RDBMS
  • 17. related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. Step 6: Threat Identification You know of the weaknesses in your organization's network and information system. Now you will determine various known threats to the organization's network architecture and IT assets. Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? IP address spoofing/cache poisoning attacks denial of service attacks (DoS) packet analysis/sniffing session hijacking attacks distributed denial of service attacks In identifying the different threats, complete the following tasks: 7. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 8.
  • 18. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 9. Also discuss the value of using access control, database transaction and firewall log files. 10. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. Include these in the SAR. LAB Step 7: Network Analysis Note: You will utilize the tools in Workspace for this step. You will now investigate network traffic, and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Select the following link to enter Workspace and complete the lab activities related to network vulnerabilities. Perform a network analysis on the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. Include this information in the SAR. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the
  • 19. SAR. LAB Step 8: Suspicious Activity Note: You will utilize the tools in Workspace for this step. Hackers frequently scan the Internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and NMap can be used to self-scan to test the responsiveness of the organization's network to would- be hackers. Select the following link to enter Workspace and conduct the port scanning. Provide your findings in the SAR deliverable. Provide analyses of the scans and any recommendation for remediation, if needed. Identify any suspicious activity and formulate the steps in an incidence response that could have been, or should be, enacted. Include the responsible parties that would provide that incidence response and any follow-up activity. Include this in the SAR. Please note that some scanning tools are designed to be undetectable. While running the scan and observing network activity with Wireshark, attempt to determine the detection of the scan in progress. If you cannot identify the scan as it is occurring, indicate this in your SAR. Step 9: Risk and Remediation What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report
  • 20. findings and recommendations as a possible source for methods to remediate vulnerabilities. Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this in the risk assessment report (RAR). Your research and Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.