User Account

All Pages

Develop a vulnerability assessment plan

Assignment Help Management Information Sys
Reference no: EM131153034

Vulnerability Assessment Planning

For this assignment, you will need to develop a vulnerability assessment plan. The concepts needed to complete this assignment are found in your reading assignment and in the unit lesson, but you can draw on all of the lessons thus far in this course.

Choose one of the following businesses:

• e-commerce retailer,
• a retailer with his/her own credit card,
• a money transfer/loan company, or
• a personal prescription/medical supply home delivery service.

Be sure that you address the following in your plan:

1. Provide a list of at least five different hosts pertinent to the business that you chose.

2. For each host chosen, describe how it will be assessed and what threats to the host are being assessed. (Also, describe the circumstances surrounding the threats, such as when and how often).

3. Explain your reasoning for choosing a specific assessment for each host.

4. Describe the format that your vulnerability assessment plan would be delivered in, and describe who will receive and review the results.

Host Hardening

As Boyle and Panko (2015) note, "any device with an IP address is a host" (p. 365). Of course, this means any device with an IP address can be on the network and can be affected by malware. Our vulnerable hosts include workstations, clients, servers, routers, and firewalls. Host hardening refers to the practices IT security takes to protect various hosts. The problem is that how you protect these hosts is different depending on the host. There are some basic rules that apply to almost any device or software though. These rules include the following:

• keep up to date with regards to vendor updates, patches, and service packs;
• back up your server and database hosts;
• follow best practices with regards to access control;
• encrypt sensitive data; and
• keep an eye on your audit logs for suspicious activity.

Another topic that has not been discussed thus far involves the use of security baselines. How will you know that something is amiss on a server if you do not know what was occurring yesterday or last week? Baselines are the norm when dealing with performance issues. Using baselines in this manner will help you diagnose why your database has slowed. In the area of security, baselines can help you make sure you have the correct security settings.

As you can imagine, it is up to IT professionals to determine potential vulnerabilities within organizations. Vulnerabilities tend to be associated with weaknesses in applications or software, but the term can be used to describe any weakness in systems or hosts on the network. The patches that we have read about here on numerous occasions can fix vulnerabilities. Service packs are used as patches for database servers.
Another hardening tactic is to make sure that your users and groups are managed correctly. In Windows servers, there are users and groups. Only appropriate active directory accounts should be added to the administrator group. This also ties in with allowing users only the access they need and assigning appropriate permissions. So, not only are there database permissions, there are also Windows permissions. This applies to other operating systems such as Unix as well. As mentioned previously, organizationshave a strong password policy. This is also part of hardening the hosts.

Title

Periodically, IT professionals need to test for vulnerabilities. This is because it is hard to make sure that you have every protection covered. Testing for vulnerabilities is just another way to protect your systems. For example, there vulnerability testing software is available. When the IT professional installs this software on a server, it will run calculated attacks against the chosen servers and then provide reports of the results. The IT professional can then review the report and correct the vulnerabilities. This is definitely a topic for more advanced understanding.

Beyond vulnerability testing, an IT security manager must deal with other important areas. One example involves the creation of an intrusion response process. The first step is detection. We have discussed intrusion detection systems (IDS) earlier in this course. According to Boyle and Panko (2015), IDS is "software and hardware that captures suspicious network and host activity data in event logs" (p. 548). This means that someone has to be looking at the logs and receiving alerts. If an organization does detect an intrusion, what is the process for handling the incident? The IT security person must analyze the event first. Is it really an intrusion? If so, then the intrusion must be handled.

What exactly does handling an incident mean? It really depends on the intrusion, but the IT manager and professionals should have procedures in place for handling detected intrusions. Is the intruder still poking around or are they long gone with valuable, sensitive data? The remedy depends on many factors. It is important to note that part of incident response involves a list of people to notify. There is also a business continuity consideration. What if the incident involves an attack that could cause the system to grind to a halt? Imagine if your business involves a power company, an oil refinery, or a nuclear plant! Even something that seems odd may be a potential cause for concern.
Business continuity involves planning for potential disruptions in business. Therefore, part of incident response may very well involve notification of a business continuity team for evaluation. Disaster recovery (DR) is part of business continuity. If something happens, regardless of what it is, then we need to be able to recover the data. This could be an attack by hackers, or something as simple as a malfunctioning server. Regardless, we need to be able to "failover" our servers to our DR servers. This is all under the umbrella of business continuity.

It should also be mentioned that one of the benefits of business continuity management (BCM) is the fact that under disaster conditions, people cannot be expected to think clearly. Organizations should have a plan for dealing with emergencies. The first concern is employee safety; but, in an IT emergency, we do not have to worry about employee safety. The next step in our plan is to communicate with the business and to consult with our plan that is designed to ensure that business continues and that there is minimal business loss. It is very important that all of this information is stored in a safe place so that any person who is deemed responsible can get access to the call list.

As you can see, in this course, we start with concepts at a granular level and build on them so that you can see the end result, which involves protecting stakeholders and the business itself. All of these concepts are interrelated and serve to provide for a more secure corporate environment.

Reference

Boyle, R. J., & Panko, R. R. (2015). Corporate computer security (4th ed.). Upper Saddle River, NJ: Pearson.

Reference no: EM131153034

Questions Cloud

What is rapid application development : Describe four things that a development team may still need to do at the end of an iteration - What is the difference between these three types of tests?
Examine the role that family plays in memory development : Explain how theory can influence the choices families make when promoting their child's cognitive development abilities for your chosen age group. Use specific examples from one theory of cognitive development that has been discussed thus far in t..
Which is a valid variable name in visual basic : Which of the following is a valid variable name in Visual Basic? Which of the following statements declares a variable named dblHeight with data type Double in Visual Basic?
Answer the following questions : Answer the following questions-  Your OM experience- . I have prior experience in operations management. Yes/No.
Develop a vulnerability assessment plan : For this assignment, you will need to develop a vulnerability assessment plan. The concepts needed to complete this assignment are found in your reading assignment and in the unit lesson.
What does the relevant literature in the field : Define the research questions for the identified problem or opportunity - Select the appropriate research methodologies and techniques to use for the research project
What is the basic purpose of instruments of trade policy : What is the basic purpose of instruments of trade policy? Identify and define four (4) instruments of trade policy and give an example of each of the four you have chosen to describe
Why did you choose this type of needs assessment : Select a job that is familiar to you (or the position that you currently hold), and conduct a task needs assessment for this job. Reviewing the materials presented in Chapter 4 of your text, which method or methods make the most sense for assessin..
Determine the minimum cycle time : Determine the minimum cycle time the maximum cycle time and the calculated cycle time -  Determine the minimum number of stations needed.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd