Running head: THREATS, ATTACKS AND VULNERABILITY ASSESSMENT
THREATS, ATTACKS AND VULNERABILITY ASSESSMENT
8
Threats, Attacks and Vulnerability Assessment
Anthony bahlman
CMGT/400
03/30/2019
Google LLC is a technological company from America which specializes in Internet-related products and services. Some of the products and services which are offered by Google include search engines, cloud computing, hardware, software, and online advertising technologies. It is considered among the Big Four companies which also include Apple, Amazon, and Facebook. The organization was founded by Larry Page and Sergey Brin in 1998. The founders were Ph.D. students at Stanford University in California. All facilities are subject to a certain level of risk which can be associated with different threats. The threats may be as a result of natural events, intentional acts by human beings to cause harm or accidents (Maglaras et al., 2018). The owners of companies have the responsibility of limiting or managing the risks arising from the threats to the maximum extent possible.
Tangible Assets
Google is one of the best technology companies in the world with a high number of tangible assets within its premises, especially in the headquarters located in Mountain View, California. The information systems, critical infrastructure, and cyber-related interests to be tested include the software of the company, hardware, system interfaces with consideration of internal and external connectivity, data and information, and people who use and support IT system. The aspects will be assessed because they are crucial to the day to day operations of the facility, and a breach in any aspect may lead to major disruption of services. The aspects which will not be assessed include IT system functional requirements, system users, current network topology system security policies which guide the use of the IT system and the architecture of security of the system. The aspects will not be assessed because of the minimal threat they pose to the system, and low probability of risk to arise from them. Moreover, the disruption of the items does not lead to significant interference in the operation of the organization.
Asset Descriptions
The following is a diagram of the flow of assessment activities:
The assets descriptions are outlined below:
· Hardware- Physical parts of the computers.
· IT personnel- Individuals operating computer systems.
Threat Agents and Possible Attacks
There are several threat agents and possible attacks that may face the organization. the company may be subject to floods which may be as a result of excessive rainfall or overflowing ocean water. Tornadoes are also a possible threat to the organization, and these are violent and destructive rotating winds. Other possible natural threats to the organization headquarters include earthquakes, electrical storms, and avalanches. Electrical storms involve the violent disturbance of the electr.
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
1. Running head: THREATS, ATTACKS AND VULNERABILITY
ASSESSMENT
THREATS, ATTACKS AND VULNERABILITY ASSESSMENT
8
Threats, Attacks and Vulnerability Assessment
Anthony bahlman
CMGT/400
03/30/2019
Google LLC is a technological company from America
which specializes in Internet-related products and services.
Some of the products and services which are offered by Google
include search engines, cloud computing, hardware, software,
and online advertising technologies. It is considered among the
2. Big Four companies which also include Apple, Amazon, and
Facebook. The organization was founded by Larry Page and
Sergey Brin in 1998. The founders were Ph.D. students at
Stanford University in California. All facilities are subject to a
certain level of risk which can be associated with different
threats. The threats may be as a result of natural events,
intentional acts by human beings to cause harm or accidents
(Maglaras et al., 2018). The owners of companies have the
responsibility of limiting or managing the risks arising from the
threats to the maximum extent possible.
Tangible Assets
Google is one of the best technology companies in the world
with a high number of tangible assets within its premises,
especially in the headquarters located in Mountain View,
California. The information systems, critical infrastructure, and
cyber-related interests to be tested include the software of the
company, hardware, system interfaces with consideration of
internal and external connectivity, data and information, and
people who use and support IT system. The aspects will be
assessed because they are crucial to the day to day operations of
the facility, and a breach in any aspect may lead to major
disruption of services. The aspects which will not be assessed
include IT system functional requirements, system users,
current network topology system security policies which guide
the use of the IT system and the architecture of security of the
system. The aspects will not be assessed because of the minimal
threat they pose to the system, and low probability of risk to
arise from them. Moreover, the disruption of the items does not
lead to significant interference in the operation of the
organization.
Asset Descriptions
The following is a diagram of the flow of assessment activities:
The assets descriptions are outlined below:
· Hardware- Physical parts of the computers.
3. · IT personnel- Individuals operating computer systems.
Threat Agents and Possible Attacks
There are several threat agents and possible attacks that may
face the organization. the company may be subject to floods
which may be as a result of excessive rainfall or overflowing
ocean water. Tornadoes are also a possible threat to the
organization, and these are violent and destructive rotating
winds. Other possible natural threats to the organization
headquarters include earthquakes, electrical storms, and
avalanches. Electrical storms involve the violent disturbance of
the electrical condition of the atmosphere, and such an
occurrence can destroy any electrical system. The company also
faces the human threat of hacking where people may make
attempts to gain unauthorized access to their files. There is also
the threat of unintentional acts of inadvertent data entry taking
place. Another possible threat is the possibility of malicious
software upload by people intending to destroy the reputation of
the company (Esteves, Ramalho & De Haro, 2017). There is
also the treatment of employees of the organization gaining
access to confidential information using their credentials. The
other possible threat of environmental nature to the organization
is a long term power failure, and this may lead adversely affect
them because of the use of technological systems highly
dependent on power. Pollution may also affect the environment
in which the workers perform their duties. The company also
faces the threat of industrial espionage by the competitors.
Finally, the spillage of dangerous liquids or chemicals from
factories can affect the working environment.
Exploitable Vulnerabilities
The following is the list of exploitable vulnerabilities:
· Failure of removal of identifiers of terminated employees
· Buffer overflows
· The firewall of the company allows for inbound tenet, and the
4. identification of guest is allowed on XYZ server
· The failure of application of new patches to one of the systems
with an identified flaw
· The server room uses sprinklers for fire protection but there is
no hardware to protect from water damage.
· The possibility of code injection in the system.
· Presence of dangling pointers
Existing Countermeasures
The organization has several existing countermeasures to threats
and vulnerabilities. The data and crucial information files are
backed up in an offsite location. The backup schedule is also
accurate to ensure they do not miss out on any information.
There are also arrangements for another location in the event
that the primary site is rendered to be inoperable. There are also
several procedures which protect against the unauthorized
access or use of the computer systems. System monitoring is
done on a regular basis for detection of any unusual aspects.
The company also has a risk analysis plan and security strategy
developed from the risk analysis.
Evaluation of Threats or Impacts on the Business
Threat History Events
Duration
Business Impact
Threat Resolution
Hacking
1 day
None
Change of hardware at customer sites
Hacking
Hours
None
Software upgrades.
Prioritized List of Identified Risks
Risk
Probability
5. Priority
Owner
Countermeasures/Contingencies/Mitigation Approach
Hacking
High
High
IT personnel
Regular software and hardware updates.
Use of two-factor authentications.
Long term power failure
Low
High
Emergency department
Establishment of power back up systems
Natural events such as flooding and earthquakes
Medium
Medium
Emergency Department
Establishment of evacuation protocols for personnel and data
back up systems in offsite location
Malicious software uploads
Low
Medium
IT personnel
System restoration protocols.
6. References
Maglaras, L. A., Kim, K. H., Janicke, H., Ferrag, M. A., Rallis,
S., Fragkou, P., ... & Cruz, T. J. (2018). Cybersecurity of
critical infrastructures. ICT Express, 4(1), 42-45.
Esteves, J., Ramalho, E., & De Haro, G. (2017). To improve
cybersecurity, think like a hacker. MIT Sloan Management
Review, 58(3), 71.
Topic is The increases number in hacking and potential counter-
measures.
So far The progress is good but there is a lot of room for
improvement and expansion. The literature review section is a
small section followed by a new section called "Trends of
increase and growth in hacking". I think it is better to make
literature review a major section which includes the rest
following sections as subsections.
- Make sure your conclusion section be expanded.
More so, You should discuss all deliverable items proposed in
your case study proposal and explain the findings
According to the proposal,below is the deliverable items
7. Research deliverables are
? Understanding computer vulnerabilities
? Computer vulnerability and user negligence
? Saving of confidential information in a computer system
? Protecting a computer network from possible threat
Research questions are follows
What are computer vulnerabilities and how are they exploited?
1. Why computer vulnerabilities can be associated with
negligence of the users?
2. How is confidential information used or saved by
organizations?
3. What measures are taken by organization to safeguard their
respective computer system from being vulnerable? etc, more
can be added
.
CMGT/400 v7
Penetration Testing Plan Template
CMGT/400 v7
Page 5 of 5Penetration Testing Plan Template
Instructions: Replace the information in brackets [ ] with
8. information relevant to your penetration testing project. Fill out
each of the sections below with information relevant to your
project.
A Penetration Tester evaluates the security of an information
infrastructure by intentionally, and safely, exploiting
vulnerabilities. Take on the role of Penetration Tester for the
approved organization you chose in Week 1. Research the
following information about the organization you chose. Use
this template to create a Penetration Testing Plan.[Organization
Name]
Criteria
Response
Project Title:
[Response]
Project Sponsor(s):
[Response]
Business Context for the Penetration Test:
[Response]
Project Scope Description:
[Response]
Date Prepared:
[Response]
Prepared By:
[Response]
Penetration Testing Scope Statement
Penetration Test Pre-Planning
Team Location(s)
Organization Location(s)
Client Personnel Aware of Testing
Resources Provided to Pentest Team
Pentest Technologies Used
[Response]
[Response]