User Account

All Pages

Vulnerability assessment matrix

Assignment Help Basic Computer Science
Reference no: EM13820255

This assignment is based upon a vulnerability assessment and mitigation methodology developed by the RAND Corporation. Before you begin, make sure that you have read Chapters 2, 3, and 4, of Finding and fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology by Philip Anton (RAND MR1601).

The objective of this assignment is to perform a threats and vulnerabilities analysis based upon the process methodology presented in RAND MR1601. The purpose of the analysis process is to help you determine the requirements for an Infrastructure Protection Policy. The results of your analysis will be used in the second part of this assignment to develop policy recommendations which you will then use to write a policy recommendations memorandum for the senior leadership of the organization (see Scenario).

To document your analysis, you will complete the assessment matrix shown in Table 4.1 Matrix of Vulnerability Attributes and System Object Types found in Chapter 4 of the RAND document. For each type of threat or vulnerability listed in the assessment matrix, you are required to provide a brief, concise description (a few words or a key phrase) and a recommendation for one or more actions (including implementation of specific security controls) which should be taken to correct or remediate the problem. A sample of a completed matrix, documenting portions of a threats and vulnerabilities assessment, is found in table 4.2 (RAND MR1601).

After completing your assessment matrix, you will write a policy recommendation memo which includes 10 to 15 policy statements that can be used to implement your recommendations (as documented in your table). Your memorandum should begin with a brief introduction to the policy issue being addressed (see Scenario). Your recommendations should cover the broad spectrum of actions which will address the threats and vulnerabilities discussed in your analysis. From your recommendations, it should be clear that you performed the following actions:

· Identified threats and vulnerabilities (risk identification)

· Assigned security controls to protect the enterprise infrastructure (risk management)

· Incorporated capabilities for future detection of threats, vulnerabilities, and attacks

· Formalized incident response as a business process (policies, plans, procedures)

· Formalized disaster recovery and business continuity policies, plans, procedures


Each policy statement should be phrased in the form of a shall statement which specifies the actions that must be taken to implement your recommendations. For example, DoDI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks
(TSN), includes the following shallstatements:

· Risk to the trust in applicable systems shall be managed throughout the entire system lifecycle.

· The identification of mission critical functions and critical components as well as TSN planning and implementation activities, including risk acceptance as appropriate, shall be documented in ...

· Risk management shall include TSN process, tools, and techniques to ... Reduce vulnerabilities in the system design through system security engineering ...

Deliverables

1. Completed Assessment Matrix

2. Recommendation Memo (no more than 5 pages)

Submit each deliverable in a separate file. Attach both files to your Project 5 assignment folder entry.

Scenario

In the organization, there is an insider threat. The employee who is the insider threat was overheard discussing a perceived vulnerability in the enterprise infrastructure. Several members of the IT Operations and Support staff believed that this report (of the alleged vulnerability as perceived / reported by the insider threat employee) represents an actual vulnerability in a key IT system and are attempting to create a patch.

Meanwhile, the insider threat employee has released malware into an enterprise IT system which is separate from the alleged vulnerability. While the technical team is searching for the alleged vulnerability, the malware has escaped from the compromised enterprise IT system and is traveling through the enterprise infrastructure disrupting all network traffic.

What are the issues that need to be addressed in your analysis of the threats and vulnerabilities present in this scenario?

Instructions

Complete the matrix from table 4.1 of RAND MR1601 using information provided in the scenario below. A blank copy of the table is provided at the end of this file for your convenience.

Required Template

You must use the table template as provided in this assignment. Copy the table on the next page into a separate MS Word document file. You may wish to format your document for landscape presentation (to give you more width in each column). Do not modify the column or row headings. Do not delete unused rows or columns (leave them blank).

Grading

For a "C" on this assignment, you must complete at least one entry in the matrix (table) for 10 or more characteristics (rows) spread across two or more categories (columns). This is a total of 10 points of analysis or 10 cells. (You must have at least one cell filled in for two of the four columns.)

For a "B" on this assignment, you must complete at least one entry in the matrix for 12 or more characteristics (rows) spread across three or more categories (columns). This is a total of 12 points of analysis or 12 cells. BUT, for the "B" you must perform your analysis against at least three of the categories (columns). (You must have at least one cell filled in for three of the four columns.)

For an "A" on this assignment, you must complete at least one entry in the matrix for 16 or more characteristics (rows) and those entries must be spread across all four categories (columns). This is a total of 16 points of analysis. BUT, for the "A" you must perform your analysis against all four categories. (You must have at least one cell filled in for each of the four columns.)

Reference no: EM13820255

Questions Cloud

What is happening during the stage from a developmental : Explain what is happening during this stage from a developmental perspective. e.g. what are the cognitive, physical changes they are experiencing and why are they experiencing these changes.
Microeconomics and two macroeconomics principles : Identify two microeconomics and two macroeconomics principles or concepts from the simulation. Explain why you have categorized these selected principles or concepts as microeconomics or macroeconomics.
Elastic and inelastic : Elastic and Inelastic
Explain management for quality and performance excellence : Explain Management for quality and performance excellence. The quality methodologies or practices that the company uses or plans to use to align performance excellence with its business objectives.
Vulnerability assessment matrix : Vulnerability Assessment Matrix
Based on the value of land and buildings : What tax is based on the value of land and buildings; and, is a major source of revenue for local governments?
Summarize your observations from toddler observation video : Summarize your observations from the Toddler Observation video. explain the stages and domains of development, including physical and motor development and social-emotional development.
What would be some challenges in using business analytics : Many organizations today do not utilize business analytics to help them with their decision-making processes. Why should you have an understanding of statistics in order to utilize and implement business analytics? What would be some challenges in us..
Potential discretionary financing needs : Discuss and interpret the financials in relation to the initiative. Make recommendations on potential discretionary financing needs. Write a 350 - 700 word analysis of the company's short term and long term financing needs and determine strategies ..

Reviews

Write a Review

Basic Computer Science Questions & Answers

  How consultant choose optimal location of main pipeline

Given x & y coordinates of wells, how must professor consultant choose the optimal location of main pipeline (the one which minimizes total length of spurs).

  Write the code for invoking a method

Write the code for invoking a method named sendSignal . There are no arguments for this method. Assume that sendSignal is defined in the same class that calls it.

  Function whose job is to input

Write a function whose job is to input #'s, non-# to quit, recover from the input failure by calling recover(), and tell main some statistics about the numbers read. A. unsigned readA();

  The three common security goals

1. Confidentiality, integrity, and availability are the three common security goals. Select at least three security vulnerabilities that could jeopardize and compromise a database. Classify each vulnerability with being technical, managerial,..

  Calculate population increase

The output then would be that count. You will want to use 2 variables, one for the index of the for loop ( and the counter in the do loop) and the other variable to keep track of your "current" population.

  Standardize programming between many processor platforms

Do you think the java virtual machine is a good way to standardize programming between many processor platforms? Explain your view with details.

  Discuss the issues that managing and implementing

Discuss the issues that managing and implementing the technology architecture you would have and how you would overcome these challenges. Be sure to discuss at least three challenges.

  Capabilities of wimax

Using any source of your choosing, research ADO.NET and in your own words, in about one paragraph, describe your understanding of it. Also, list your sources by providing links and/or printed book/article names.

  Paper about the inheritance structures of galaga.

Identify the parent and child classes and describe what each class has for events and data. If you are unfamiliar with Galaga, do a web search on the topic to find some resources.

  Many different concepts associated with oop

1. (1) There are many different concepts associated with OOP (Object-oriented programming) like:· Class· Object· Inheritance· Polymorphism

  Write a method that accepts a reference to a string object

Write a method that accepts a reference to a String object as an argument and returns true if the argument ends with the substring ".com". Otherwise, the method should return false.

  Write a method named maxelement

Write a method named maxElement, which returns the largest value in an array that is passed as an argument. The method should use recursion to find the largest element. Demonstrate the method in a program.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd