Project : Risk, Threat, and Vulnerability Management

[ad_1]
1. Security Assessment Report (12 pages)Conduct a Security Analysis Baseline (3 of 12 ages)Security requirements and goals for the preliminary security baseline activity.Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering.Include the impacts these attacks have on an organization.Network infrastructure and diagram, including configuration and connections Describe the security posture with respect to LAN, MAN, WAN, enterprise.Network infrastructure and diagram, including configuration and connections and endpoints. What are the security risks and concerns?What are ways to get real-time understanding of the security posture at any time?How regularly should the security of the enterprise network be tested, and what type of tests should be used?What are the processes in play, or to be established to respond to an incident?Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?Describe the ways to detect these malicious code and what tactics bad actors use for evading detection.In the network diagram: include  the delineation of open and closed networks, where they co-exist.In the open network and closed network portion, show the connections to the InternetPhysical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?Discuss operating systems, servers, network management systems.data in transit vulnerabilitiesendpoint access vulnerabilitiesexternal storage vulnerabilitiesvirtual private network vulnerabilitiesmedia access control vulnerabilitiesethernet vulnerabilitiesPossible applications. Current and future mobile applications and possible future Bring Your Own Device policy. Include:
remediationmitigationcountermeasurerecoveryProvide the methods used to provide the protections and defenses.From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.Determine a Network Defense Strategy 2/12 pagesOutline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation.Explain the different testing types (black box testing, white box testing).Plan the Penetration Testing Engagement 2/12 pagesInclude all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE)Conduct a Network Penetration Test 4/12 pagesAfter finding the security issues within the network, define which control families from the NIST 800-53 are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidenceProvide suggestions on improving the security posture of these violations.Complete a Risk Management Cost Benefit Analysis 1/12 pagesComplete your SAR with a risk management cost benefit analysis. Think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
 
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”
[ad_2]Source link
 
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

What Students Are Saying About Us

"Order a Custom Paper on Similar Assignment! No Plagiarism! Enjoy 20% Discount"