Cybersecurity Vulnerability Assessment Report - Data Science
VerifiedAdded on 2019/09/22
|7
|2478
|153
Report
AI Summary
This report provides a comprehensive vulnerability assessment, examining critical aspects of network security, risk management, business continuity, and access control lists. It emphasizes the importance of regular vulnerability assessments, utilizing both manual and automated methods, and adhering to industry standards like OSSTMM. The report highlights infrastructure requirements for handling network changes and data recovery, proposes solutions using tools like Nessus for vulnerability scanning, and addresses security policy requirements with hierarchical access controls. It further delves into risk management strategies, covering preventable and external risks, and emphasizes the need for business continuity plans to ensure service availability during emergencies. The report also addresses the importance of ACL access control for secure data access.
Table of Contents
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 7
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Introduction
Vulnerability assessment should be a major part of the security system. If a organization
made changes to the existing system or updates the system then possibility of vulnerability more.
It should be often tested by the vulnerability testing team. Vulnerability assessment allows to
identify the spot of the threat in the infrastructure and to prioritize risk. Vulnerability assessment
is done by using both manual and the automated method. To obtain the accurate results, security
professionals follow the industry standard Open Source Security Testing Methodology Manual
(OSSTMM).
Infrastructure Requirements:
The network system holds the infrastructure that it can handle error in change of the network. If
the system is affected by the patch management process then the whole network should be
passed and it should recover the data from the server automatically. The network should be able
to adopt the available network and manage the change if the server has no active request and
response. It can be managed with the backup of data which is available in the server. If the active
user of the servers is active by the more number of users they can make lot of transaction on the
website. The network must able to take snapshot of the database and should enter the log of the
server so that any changes made in the network would be traceable.
Proposed solution:
Some of the vulnerabilities such as missing security pack, Trojan horse, backdoors, denial of
service attack, root kit and default accounts are frequently uncovered. These vulnerabilities
should be found and solved. This process can be done by manually or automatically. For this
assessment best software should be found to obtain the accurate result.
Problem solution:
Nessus is an open source used as a vulnerability scanner where the scanning is done based on
signature based detection. It is used for vulnerability assessment and for creating the security
awareness. Security professionals, Red Hat and White hat use these tools to test the vulnerability.
It is considered to be the best out of all other scanners because it is available for free. So any one
can download and use this software. There are few plugins which can be used for the recent type
of vulnerabilities. The installation and usage of the software is easy for the users.
Security policy Requirements:
If network system is accessible the security policy should be invoked. The system should have
hierarchy of access in the network. Not all the people can fix the fault that occurs in the system
only some of the people are able to do the operation process. The security is needed in the
environment where the security of the physical infrastructure will be low. So the system should
be secured in every region. For example, a bank will have many branches based on their type of
Vulnerability assessment should be a major part of the security system. If a organization
made changes to the existing system or updates the system then possibility of vulnerability more.
It should be often tested by the vulnerability testing team. Vulnerability assessment allows to
identify the spot of the threat in the infrastructure and to prioritize risk. Vulnerability assessment
is done by using both manual and the automated method. To obtain the accurate results, security
professionals follow the industry standard Open Source Security Testing Methodology Manual
(OSSTMM).
Infrastructure Requirements:
The network system holds the infrastructure that it can handle error in change of the network. If
the system is affected by the patch management process then the whole network should be
passed and it should recover the data from the server automatically. The network should be able
to adopt the available network and manage the change if the server has no active request and
response. It can be managed with the backup of data which is available in the server. If the active
user of the servers is active by the more number of users they can make lot of transaction on the
website. The network must able to take snapshot of the database and should enter the log of the
server so that any changes made in the network would be traceable.
Proposed solution:
Some of the vulnerabilities such as missing security pack, Trojan horse, backdoors, denial of
service attack, root kit and default accounts are frequently uncovered. These vulnerabilities
should be found and solved. This process can be done by manually or automatically. For this
assessment best software should be found to obtain the accurate result.
Problem solution:
Nessus is an open source used as a vulnerability scanner where the scanning is done based on
signature based detection. It is used for vulnerability assessment and for creating the security
awareness. Security professionals, Red Hat and White hat use these tools to test the vulnerability.
It is considered to be the best out of all other scanners because it is available for free. So any one
can download and use this software. There are few plugins which can be used for the recent type
of vulnerabilities. The installation and usage of the software is easy for the users.
Security policy Requirements:
If network system is accessible the security policy should be invoked. The system should have
hierarchy of access in the network. Not all the people can fix the fault that occurs in the system
only some of the people are able to do the operation process. The security is needed in the
environment where the security of the physical infrastructure will be low. So the system should
be secured in every region. For example, a bank will have many branches based on their type of
region. In urban are the number of visitors in the bank will be more so that the security in the
bank will be more while in sub urban areas in the same branch the security of the system might
not be tight because of the less people visiting the bank. So like that the threat can be occur. If
there number of access to the system is more, threats may occur. If the hacker exploits these
things the system could be compromised.
Proposed solution:
When the network change happens in the network the system, save the data and won’t let the
server to change the data. Now the local copy of the data is created and it can be compared with
the data saved in the server which is the original data. The changes are measured and the data
can be updated. When the patch management gets updated and the network is running normal
they can update the data with the compared value of the active data with recent transaction of
data. Only some changes might be needed but this will be secured. Because there will not be any
conflict in the data because the pervious data is been locked which is transacted recently. We
will have to wait for the data to get update. There is no threat in conflict error because everything
is checked after the conformation. The changed data in the recent data are changed in the lock
data so no redundancy will come and data will be secured.
Problem Solution:
People who need to access these networks should follow necessary protocol in order to increase
the security in the network. For example person should not take any electronic items to the bank
and the clearance ID card should be checked all the time. Person other than an employee should
not use other system without proper permission. Changes done by the employee should be noted
in the log every time. So that if something happens due to changes in the system could be easily
solved.
Risk management Requirements:
Risk management should have risk bearing capacity in order to prevent the organization from the
material risk. Strategies should be determined based on appropriate process such as identifying,
accessing, communicating and monitoring risk. Organization should take care of selecting the
method for risk bearing capacity. Some of the requirement of the risk is unpredictable because of
the how the preparation is done. For example: consider a liquidity risk, a risk which an
organization cannot meet their short term financial needs. The risk management is very much
necessary because the risk may occur anytime in the system both at the starting of the project or
the ending of the project the system. It may occur anywhere but experts should be able to
respond to the error automatically or it should be controlled by the expert who monitors the
system. There might be a chance for the error to occur in the system.
bank will be more while in sub urban areas in the same branch the security of the system might
not be tight because of the less people visiting the bank. So like that the threat can be occur. If
there number of access to the system is more, threats may occur. If the hacker exploits these
things the system could be compromised.
Proposed solution:
When the network change happens in the network the system, save the data and won’t let the
server to change the data. Now the local copy of the data is created and it can be compared with
the data saved in the server which is the original data. The changes are measured and the data
can be updated. When the patch management gets updated and the network is running normal
they can update the data with the compared value of the active data with recent transaction of
data. Only some changes might be needed but this will be secured. Because there will not be any
conflict in the data because the pervious data is been locked which is transacted recently. We
will have to wait for the data to get update. There is no threat in conflict error because everything
is checked after the conformation. The changed data in the recent data are changed in the lock
data so no redundancy will come and data will be secured.
Problem Solution:
People who need to access these networks should follow necessary protocol in order to increase
the security in the network. For example person should not take any electronic items to the bank
and the clearance ID card should be checked all the time. Person other than an employee should
not use other system without proper permission. Changes done by the employee should be noted
in the log every time. So that if something happens due to changes in the system could be easily
solved.
Risk management Requirements:
Risk management should have risk bearing capacity in order to prevent the organization from the
material risk. Strategies should be determined based on appropriate process such as identifying,
accessing, communicating and monitoring risk. Organization should take care of selecting the
method for risk bearing capacity. Some of the requirement of the risk is unpredictable because of
the how the preparation is done. For example: consider a liquidity risk, a risk which an
organization cannot meet their short term financial needs. The risk management is very much
necessary because the risk may occur anytime in the system both at the starting of the project or
the ending of the project the system. It may occur anywhere but experts should be able to
respond to the error automatically or it should be controlled by the expert who monitors the
system. There might be a chance for the error to occur in the system.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Proposed solution:
The risk may arise in the public side or from the company side. If the worker doesn’t know what
he is doing it might not affect him it might have affected the public or the other department in the
same company. It is like making error in the system without knowing the effect. The error caused
by human is unpredictable. We can figure out the pattern by identifying the error occurrence and
type of error occurring should be noted and where the analysis of the data is collected and the
solution to the problem will be ready before the error occurs. This is how the risk management is
reducing the risk but it can be eliminated. Different types of errors are preventable risk and
external risk.
Preventable risk:
Preventable risks are some risks that are preventable by the analysis. The data obtained from the
past entry are responsible for the preventable risk. They will have the insights of the details and
strategy to solve the risk. It can be handled in facing the real-time problems. Strategy risks are
the risk that may occur when you don’t follow the given protocols. For example if the client
wants to change some procedures in the network deploy any new software in the networks, this
risk will not be tested in the environment. This may lead to the project risk management.
External risks:
External risks are caused by the internal team where they allow other factors in the system. This
will affect the system. Risk requirement depends on the client need. If the client is budget
concerned, the risk assessment can be done effectively. Then it might have to spend more on the
project or rework on the project where he has to invest again.
Problem Solution:
In this problem the backup server should be ready and the data should not be delayed and get the
data after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be duplication in the
data. These data must be sorted out from the system because they cause the system to respond
late.
Business Continuity plan Requirements:
If a organization has a business continuity plan then it ensures the offer level of service to the
customers during the emergency. The basic requirement for this plan is to understand the
organization goal and identify the business activity of the organization that includes payroll
processing or purchasing. The next is to identify the business impact analysis that gives an access
time for each activity which should expire after the time out. Some of the activity such as
reputation, internal, external and financial cannot be performed within the given time so these
factors should be considered.
The risk may arise in the public side or from the company side. If the worker doesn’t know what
he is doing it might not affect him it might have affected the public or the other department in the
same company. It is like making error in the system without knowing the effect. The error caused
by human is unpredictable. We can figure out the pattern by identifying the error occurrence and
type of error occurring should be noted and where the analysis of the data is collected and the
solution to the problem will be ready before the error occurs. This is how the risk management is
reducing the risk but it can be eliminated. Different types of errors are preventable risk and
external risk.
Preventable risk:
Preventable risks are some risks that are preventable by the analysis. The data obtained from the
past entry are responsible for the preventable risk. They will have the insights of the details and
strategy to solve the risk. It can be handled in facing the real-time problems. Strategy risks are
the risk that may occur when you don’t follow the given protocols. For example if the client
wants to change some procedures in the network deploy any new software in the networks, this
risk will not be tested in the environment. This may lead to the project risk management.
External risks:
External risks are caused by the internal team where they allow other factors in the system. This
will affect the system. Risk requirement depends on the client need. If the client is budget
concerned, the risk assessment can be done effectively. Then it might have to spend more on the
project or rework on the project where he has to invest again.
Problem Solution:
In this problem the backup server should be ready and the data should not be delayed and get the
data after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be duplication in the
data. These data must be sorted out from the system because they cause the system to respond
late.
Business Continuity plan Requirements:
If a organization has a business continuity plan then it ensures the offer level of service to the
customers during the emergency. The basic requirement for this plan is to understand the
organization goal and identify the business activity of the organization that includes payroll
processing or purchasing. The next is to identify the business impact analysis that gives an access
time for each activity which should expire after the time out. Some of the activity such as
reputation, internal, external and financial cannot be performed within the given time so these
factors should be considered.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Problem with business continuity
To obtain a best business continuity plan it should do the following process. To develop the
business impact analysis by developing questionnaires, conducting workshop on business plan,
conducting interview to know brief information and fill the information gaps. To develop the
Recovery strategies to identify and create document resources based on BIA’s(Business Impact
Analysis), conducting gap analysis to analyze the gap between the requirements and the
recovery, selecting the management strategies and implementing them. To develop a plan
framework, organizing team, writing business continuity procedures and gain management
approval. To develop the testing and management requirements in order to produce results.
In order to give the service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world, many companies are trying to give the same service with
minimum price with excellent services. The client might tend to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent. The problem with service based company is that
maintaining the quality of the product. It seems that the company is doing well but the same
person will not be in the company for a very long time. So the knowledge of the person changes
and then the new employee might not know how to approach the issues and how to solve the
error in the solution.
Problem Solution
The problem is sorted by understanding the client thought and needs from the analysis of BIA
and how the company has generated a continuity plan. The service methodology should be well
structured. For example, when an employee is going to the new company, he must be able to
adapt the nature of the organization and should understand the service requirement of the
company to the client and the policy of the company employee must not breach the company
policy in order to safe guard his job. The company must maintain the policy in order to run
properly in the business continuity plan and the operation cost like labor resources and the
technology they are using should not cost more than the revenue that is being generated in the
company.
The ACL access control list (ACL) Requirement
The information in the directory should be securely accessed without replication and duplication.
The requirements are semantics, policy and groups to access the directory securely. A set of
control attributes is used to access the document. Access control policies can be used to secure
the data. Access control can be used based on the user requirements. Syntax and semantics are
set by the administrator which is given only to the authorized user for the access. Unauthorized
person cannot access the information which is protected using the encrypted key.
To obtain a best business continuity plan it should do the following process. To develop the
business impact analysis by developing questionnaires, conducting workshop on business plan,
conducting interview to know brief information and fill the information gaps. To develop the
Recovery strategies to identify and create document resources based on BIA’s(Business Impact
Analysis), conducting gap analysis to analyze the gap between the requirements and the
recovery, selecting the management strategies and implementing them. To develop a plan
framework, organizing team, writing business continuity procedures and gain management
approval. To develop the testing and management requirements in order to produce results.
In order to give the service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world, many companies are trying to give the same service with
minimum price with excellent services. The client might tend to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent. The problem with service based company is that
maintaining the quality of the product. It seems that the company is doing well but the same
person will not be in the company for a very long time. So the knowledge of the person changes
and then the new employee might not know how to approach the issues and how to solve the
error in the solution.
Problem Solution
The problem is sorted by understanding the client thought and needs from the analysis of BIA
and how the company has generated a continuity plan. The service methodology should be well
structured. For example, when an employee is going to the new company, he must be able to
adapt the nature of the organization and should understand the service requirement of the
company to the client and the policy of the company employee must not breach the company
policy in order to safe guard his job. The company must maintain the policy in order to run
properly in the business continuity plan and the operation cost like labor resources and the
technology they are using should not cost more than the revenue that is being generated in the
company.
The ACL access control list (ACL) Requirement
The information in the directory should be securely accessed without replication and duplication.
The requirements are semantics, policy and groups to access the directory securely. A set of
control attributes is used to access the document. Access control policies can be used to secure
the data. Access control can be used based on the user requirements. Syntax and semantics are
set by the administrator which is given only to the authorized user for the access. Unauthorized
person cannot access the information which is protected using the encrypted key.
Proposed solution:
Access control list is used based on the user requirements for securing the data. There are
mandatory access controls, Role based access control and attribute based access control. Every
access control mechanism has a unique method to provide an access control. For example, The
RABC system fails when someone tries to login with the user name and password. There is no
second layer security so we can use attribute based control list where this is added as the second
layer of security for people who are trying to access the information which they don’t have
permission. In order to access the information to add security, parameters are given to access the
information for login. The attribute may depend on the user information what he might give as
attribute to access the information.
Problem solution:
Access control mechanism is used to secure the data without any duplication. To secure the data,
it must be accessed with the access control policies. If this access is allowed using the access
control list then the data access will be secured. So these access control mechanism is used for
securing the data with integrity.
Conclusion:
In order to save the information shared between the clients sharing, the vulnerabilities should be
avoided. If there is any weakness in the system then the security for the information shared is
questionable. So these vulnerabilities should be detected by the infrastructure requirements. Risk
management should be analyzed and measures to be taken. To increase the security level Access
control mechanism should be followed.
Access control list is used based on the user requirements for securing the data. There are
mandatory access controls, Role based access control and attribute based access control. Every
access control mechanism has a unique method to provide an access control. For example, The
RABC system fails when someone tries to login with the user name and password. There is no
second layer security so we can use attribute based control list where this is added as the second
layer of security for people who are trying to access the information which they don’t have
permission. In order to access the information to add security, parameters are given to access the
information for login. The attribute may depend on the user information what he might give as
attribute to access the information.
Problem solution:
Access control mechanism is used to secure the data without any duplication. To secure the data,
it must be accessed with the access control policies. If this access is allowed using the access
control list then the data access will be secured. So these access control mechanism is used for
securing the data with integrity.
Conclusion:
In order to save the information shared between the clients sharing, the vulnerabilities should be
avoided. If there is any weakness in the system then the security for the information shared is
questionable. So these vulnerabilities should be detected by the infrastructure requirements. Risk
management should be analyzed and measures to be taken. To increase the security level Access
control mechanism should be followed.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Bibliography
Chen yanli, Song lingling, Yang geng (2016), “Attribute-Based Access Control for Multi-
Authority systems with constant cipher text in cloud Computing”
Karandeep Kaur, Usvir Kaur (2016), “Various Techniques for Role Based Access Model”
Ben Hal (2016), “Project Infrastructure Requirements”
Jason Chan (2004), “Essentials of Patch Management Policy and Practice”
Business continuity trends and challenges (2017)
Chen yanli, Song lingling, Yang geng (2016), “Attribute-Based Access Control for Multi-
Authority systems with constant cipher text in cloud Computing”
Karandeep Kaur, Usvir Kaur (2016), “Various Techniques for Role Based Access Model”
Ben Hal (2016), “Project Infrastructure Requirements”
Jason Chan (2004), “Essentials of Patch Management Policy and Practice”
Business continuity trends and challenges (2017)
1 out of 7
