Note: This assignment will focus on Project 4, Step 7: Vulnerability Assessment,

Note: This assignment will focus on Project 4, Step 7: Vulnerability Assessment, check step 1- 7 for instructions for Project 4, Step 7: Vulnerability Assessment
NOTE
From the results of Steps 4, 5, and 6, develop and submit a spreadsheet that includes the following:
From the results of Steps 4, 5, and 6, develop and submit a spreadsheet that includes the following:
• characterization of current and emerging vulnerabilities and threats
• identification of the attack vector(s) employed against each
• your assessment (high, medium, or low) of the impact the vulnerability could have on your organization
Make sure to address security architectures, including components, specifications, guidelines, standards, technologies, etc. Also consider international threats and attack vectors. This assessment will be included in your final presentation.
characterization of current and emerging vulnerabilities and threats
identification of the attack vector(s) employed against each
your assessment (high, medium, or low) of the impact the vulnerability could have on your organization
Organizations must implement countermeasures to protect information and data that are vulnerable to cyberattacks. As new security threats are introduced, these countermeasures must be evaluated and improved.
This is the final of four sequential projects. In this project, you will investigate common types of cyberattacks and possible solutions, evaluate the costs of implementing identified countermeasures, and communicate the recommended solution to a nontechnical audience.
You will present to management the most likely attack vectors against your organization and suggest solutions ranked by cost and effectiveness. You will also suggest how the mix of identified state and nonstate actors should affect policy-maker decisions and policy development for critical infrastructure protection.
There are 14 steps in this project. Begin by reviewing the project scenario and then proceed to Step 1.
Step 1: Define Vulnerabilities, Threats, and Risks
Vulnerabilities, threats, and risks are important to understand in order to evaluate and ultimately improve security posture by mitigating risks. Your organization’s security posture will determine its cybersecurity policies. Assessing risk is key in this process.
Define vulnerability, threat, and risk. Consider their relationship to one another and how they relate to the security of networks and data.
You will use this information to complete your vulnerability assessment. Review topics as needed from previous projects: creating a program, systems, utilities, and applications software, and interaction of software.
Step 2: Identify Examples of Vulnerabilities, Threats, and Risks
In the previous step, you familiarized yourself with the concepts of vulnerability, threat, and risk. You now understand their relationship to one another and how they relate to security. In this step, you are going to identify at least two examples of a vulnerability, two examples of a threat, and two examples of a risk in each of the following categories:
• technology
• people (human factors)
• policy
Identify a minimum of 18 examples. This will assist you in conducting the vulnerability assessment and developing the educational brochure. Review topics such as basic elements of communication and computer networks.
In the next step, you will look more closely at current vulnerabilities and threats.
Step 3: Identify Current Vulnerabilities and Threats
After defining and identifying examples of vulnerabilities, threats, and risks in the first two steps, you should understand the basic concepts of vulnerabilities and threats as they apply to general cybersecurity. However, vulnerabilities and threats are dynamic: They can evolve with changes in technologies, changes in adversary capabilities or intentions, or changes in human behaviors and organizational policies.
It is important to understand current vulnerabilities and threats and their applicability to the larger community as well as to your organization (e.g., critical infrastructure protection), so that you can make informed recommendations on how/whether to mitigate them. Identify current known vulnerabilities and threats that could affect your organization. The vulnerabilities and threats that you identify will be necessary for your final presentation.
List a minimum of two current known vulnerabilities and threats involving the following:
• people (human factors)
• technology
• policy
When complete, move to the next step, where you will take part in a simulation.
Step 4: Vulnerability Assessment and Operational Security eLearning Module
To prepare for the upcoming vulnerability assessment, you will practice in a simulated environment with the Vulnerability Assessment and Operational Security eLearning Module. You will learn how to maintain effective audit, risk analysis, and vulnerability assessment practices in a fictional scenario. You will also review risk and vulnerability analysis tools. You may want to review some topics from earlier projects: network devices and cables and network protocols.
Take notes during the simulation as the information will be helpful during your own vulnerability assessment in Step 7. Specifically note the major components of cybersecurity architecture, architectural methodologies for the physical structure of a system’s internal operations and interactions with other systems, and architectural methodology standards that are compliant with established standards or guidelines.
When you have completed the simulation, move to the next step, when you will consider attack vectors.
Vulnerability Assessment and Operational Security eLearning Module. -https://coursecontent.umgc.edu/umgc/cit/cmp/cmp610/vulnerability-assessment-and-operational-security/index.html
Step 5: Identify Attack Vectors
Attack vectorsare the means by which vulnerabilities are exploited and threats realized. As a result, understanding attack vectors is critical to developing impactful mitigations. Identify applicable attack vectors, the weaknesses exploited, and the means used to gain access based on the vulnerabilities and threats identified in Step 2. Also note the common types of cyberattacks.
The attack vectors and weaknesses that you identify will be necessary for your vulnerability assessment and final presentation. You may want to review some topics from earlier projects: a closer look at the World Wide Web web markup languages, and web and internet services.
Identify attack vectors and weaknesses exploited via the following:
• hardware
• software
• operating systems
• telecommunications
• human factors
In the next step, you will take a closer look at the importance of attribution.
Step 6: Examine and Identify Known Attributes
Attribution is often difficult, if not impossible, to identify. One reason is the anonymity afforded by the internet. Another reason is the potential sophistication of malicious state actors and nonstate actors who are able to disguise themselves and/or exploit an innocent and often unknowing computer user to achieve their goals.
Attribution is desired because knowing who is behind an exploit can provide insight into the motivations, intentions, and capabilities of threat actors. Understanding attack vectors used by threat actors provides key insights that help to build stronger defenses and construct better policy management.
To complete your vulnerability assessment, you will need to first do the following:
• From the attack vectors identified in the previous step, determine if attribution is known for the threat actor (e.g., name of nation state, nonstate and/or hackers and threat actors) most likely involved in exploiting each weakness.
• Categorize the threat actor(s) based on attribution for previous exploits, likely targets, and rationale(s) for targeting/exploitation (e.g., profit, political statements, extortion, etc.).
In the next step, you will compile your findings from the past few steps on a spreadsheet.
Step 7: Submit a Vulnerability Assessment Spreadsheet
From the results of Steps 4, 5, and 6, develop and submit a spreadsheet that includes the following:
• characterization of current and emerging vulnerabilities and threats
• identification of the attack vector(s) employed against each
• your assessment (high, medium, or low) of the impact the vulnerability could have on your organization
Make sure to address security architectures, including components, specifications, guidelines, standards, technologies, etc. Also consider international threats and attack vectors. This assessment will be included in your final presentation.
Competencies
Your work will be evaluated using the competencies listed below.
• 5.2: Examine architectural methodologies and components used in the design and development of information systems.
• 6.2: Create an information security program and strategy, and maintain alignment of the two.
• 7.2: Evaluate international cybersecurity policy.
• 7.3: Evaluate enterprise cybersecurity policy.
• 8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can address them.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
• 5.2: Examine architectural methodologies and components used in the design and development of information systems.
• 6.2: Create an information security program and strategy, and maintain alignment of the two.
• 7.2: Evaluate international cybersecurity policy.
• 7.3: Evaluate enterprise cybersecurity policy.
• 8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can address them.

Leave a Reply

Your email address will not be published. Required fields are marked *