logo

Introduction to Risk and Due Diligence

This assignment requires students to conduct a vulnerability assessment and develop precautionary recommendations for an organization, project, or site of their choice.

12 Pages3152 Words385 Views
   

Added on  2022-11-01

About This Document

This document provides an introduction to vulnerability assessment and precautionary analysis for Tech Enterprise Company. It identifies critical vulnerabilities and recommends measures to protect assets from possible risks. The document also provides expert guidance on Desklib.

Introduction to Risk and Due Diligence

This assignment requires students to conduct a vulnerability assessment and develop precautionary recommendations for an organization, project, or site of their choice.

   Added on 2022-11-01

ShareRelated Documents
1
INTRODUCTION TO RISK AND DUE DILIGENCE
By
Name
Professor’s Name
Course Number
University/College
City
Date
Introduction to Risk and Due Diligence_1
2
Part 1: Vulnerability Assessment
Introduction
One of the business interests of Tech Enterprise is dealing in application software which it sells
to other companies for commercial use. As a member of the business, one needs to be concerned
with the possible threats to which the company is exposed to. Identification of the possible
threats as well as a better understanding of such risks requires one to carry out vulnerability
assessment alongside other techniques to detect the vulnerabilities(Krisher et al., 2015). Through
the vulnerability assessment (VA), the Tech Enterprise Company will enhance awareness of its
environment thereby facilitating quick response and mitigation of threats. Similarly, a
comprehensive VA technique will enhance knowledge within the organization as well as the
awareness of the risk background to create a deeper understanding of the threats within the
environment
Assets relevant for the Tech Enterprise Company
The major assets that are useful to the company include computer software which is regarded as
a long-term asset and a fixed asset, hardware and software assets, property, plant and equipment
assets. These assets would be important for these organization and they have been selected
because they have been acquired and intended to be sold for ordinary course of operations.
Besides, the use of the assets are projected for a span of 2 years and more, and they have been
acquired and constructed with an aim of being used by the organization(Kotleret al., 2016).
Nevertheless, the Tech Enterprise Company is projected to capitalize on the cost of the software
especially when such software meets the standards and criteria for general plant, property, and
equipment. Within the company, general PP and E are considered as assets used in provision of
Introduction to Risk and Due Diligence_2
3
goods and services since the company deals in application software sold to other companies for
commercial use (Krisher et al., 2015).
Notably, for the VA to be effective for the company, four steps are key after the identification of
the assets which have consisted of hardware and software assets as provided by the nature of the
business. Subsequently the second step would employ the ascertaining of the quantifiable value
of the assets while the third step will be identification of the security techniques to the
vulnerabilities influencing the assets (Williams, Dabirsiaghi& Contrast Security, 2016).
Moreover, determination of the quantifiable risks and threats scores for eachvulnerability is
another important step in the VA. Finally, the mitigations for the risk vulnerability from the
assets provide an opportunity for putting in place mechanisms for dealing with the
risks(Krisheret al., 2015).
One of the most effective methods for the selection of the threats is the information gathering
and discovery (Ali &Awad, 2018). In this phase, the organization will conduct information
gathering and discovery approaches with an objective of establishing a better understanding of
the hardware and software assets present within the organization as well as the surrounding
environment. This phase incorporates techniques such as port scanning which is essential in the
discovery of services and protocols that are prone to vulnerability and network scanning, key in
discovering the hosts. Also the phase involves a review of the directory service and DNS
information to facilitate understanding of the hosts which might be targeted by the
attackers(Kotleret al., 2016).
In the events the assessment process has achieved a full discovery effort to understand the hosts
within the business environment, a subsequent thorough analysis and enumeration of the
operating systems, ports, services offered by the organization, protocols, applications and
Introduction to Risk and Due Diligence_3
4
operating systems is conducted. This analysis is essential in determining the extent of the
possible attack environment that the company is vulnerable to in terms of risks and threats.
Furthermore, this phase is important in the determination of the version of details and
information that assets within the organization meet since subsequent versions tend to patch old
vulnerabilities hence prompting introduction of new ones. The final phase of VA is the detection
and reporting. This phase incorporates actual detection of the vulnerabilities, use of the detection
tool and vulnerability storehouse like National Vulnerability Database(Wysopal, et al 2019). The
storehouse is important in identification of the vulnerabilities on the assets present within the
organization and through this process, reports are established which are complete with scores as
well as risk information. Consequently, a remediation or mitigation tools are used to reinforce
and configure the assets and this is necessary to eliminate the security risks existing as a result of
the vulnerabilities identified.
The Critical Vulnerabilities
With a successful VA process, the major critical vulnerabilities that the Tech Enterprise
Company is mostly exposed to include download of codes without adequate integrity checks, use
of broken algorithms, bugs, use of software that is infected with a virus, buffer overflow, missing
authentications for key functions within the organization, unrestricted and uncontrolled upload of
unsafe files, and missing data encryption. Other vulnerabilities also include over-dependence on
entrusted and unverified inputs in security measures, weak passwords, missing authorization,
path traversal, and SQL injection, URL redirection on unverified sites, cross-site scripting and
forgery (Wysopalet al., 2019).
SQL likely to be used by the company to store website data is prone to a lot of network security
threats. This is because most of the threats associated with the system have advanced resulting to
Introduction to Risk and Due Diligence_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
IT Security: Enterprise Technical Infrastructure Security Plan and Risk Assessment for Uber
|5
|764
|99

Cyber Security Assessment 20222
|9
|1846
|19

Cyber Security Applied Research 2022
|8
|2211
|24

Network Security Assessment: Part 1 - Vulnerabilities Assessment
|9
|1577
|381

Network Security Assessment: Part 1 - Vulnerabilities Assessment
|9
|1749
|483

Network Security & Its Vulnerabilities | Document
|9
|1749
|130