Authentication and Authorization Methodologies Presentation

profilemrdorsaima
ASecurityVulnerabilityReport-1576131038000.pdf

Running head: SECURITY VULNERABILITY REPORT 1

A Security Vulnerability Report

Student’s Name

Institutional Affiliation

Instructor’s Name

Date

SECURITY VULNERABILITY REPORT 2

A security vulnerability report

The security of the organization’s IT infrastructure is very critical in ensuring the safety of the

information of the organization. From the internal review conducted on the organization’s IT

infrastructure, it is noticeable that several vulnerabilities exist which can be exploited by the

attackers. The vulnerability severity for the IT infrastructure of the organization is high and thus

important to have the countermeasures in place to help in averting the threats on the system. The

privacy and public reputation is very important in this era and thus ensuring the integrity of the IT

system of an organization requires the implementation of techniques that will minimize the impact

of the probable attacks. The vulnerabilities and the countermeasures are as discussed in in this

paper.

To begin with, Light’s On Dance’s(LOD) system has a high severity vulnerability which means

that the cybercriminal can compromise the system’s confidentiality, thus leading to loss of

integrity and availability of data. The use of weak passwords possess a very great danger to the

organization’s system, especially considering that weak passwords make it easy for attackers to

compromise administrative portals. In order to enhance the security of the system, LOD shall

employing multi-factor authentication. This will ensure integrity with password systems, thus

strengthening and minimizing intruders ability to gain unauthorized access to LOD’s system. With

multi-factor authentication users are forced to pass authenticity tests prior to gaining access to the

system so as to ensure only authorized persons access the system (Neves, Nunes, &

Lourenço, 2016 ).

Software configuration management lacks in the organization’s server which has a moderate

vulnerability severity. Therefore, the server may fail to maintain consistency in terms of

1

2

3

4

Steve Powelson @ 2019-12-11T22:06:05-08:00
Paper title is not considered section level one header per APA 2.05; thus, not bold
Steve Powelson @ 2019-12-11T22:08:18-08:00
mostly good introduction including a brief background and preface of contents
Steve Powelson @ 2019-12-11T22:08:47-08:00
Per APA 6th ed. 3.03, please use section level headers to guide your logical flow of ideas and concepts in your papers. A good practice is to us the key elements or major points as section headings. Section level one header Bold, Centered, & Upper-Lower case
Steve Powelson @ 2019-12-11T22:10:38-08:00
good recommendation

SECURITY VULNERABILITY REPORT 3

performance, leading to denial of services.(DOS) Self-inflicted DOS may occur within LOD’s

server, especially from overloading or increased activities. Due to increased production with the

server; Server downtime may result, which consequently affects normal performance. The

installation of software configuration management with the server will help in preventing the

server’s downtime challenges, due to the self-inflicted DOS. This will ultimately lead to Enhancing

performance of LOD’s website. Lastly, installation of software configuration management is

necessary. Software Configuration management has auto-scaling capabilities which helps in

managing the server’s traffic, thus ensuring efficiency with LOD’s server. This will also ensure

that the vulnerabilities at the server level are minimized and thus preventing the self-inflicted

threats (Boulanger, 2017).

LOD lacks an incident response plan(IRP), which possess a high vulnerability sever to the

organization. This is very risky to the organization, especially if the IT infrastructure is infiltrated

by cybercriminals. An IRP’s significance in cases of aftermath post security breach. In incidents

such as this, are indications of major issues that may corrupt LOD’s IT infrastructure. Operating

without an IRP will lead to serious implications to LOD’s, especially when dealing with an

incoming cyber security threats. Therefore, to effectively manage such occurrences, LOD’s

management should strongly consider developing a working IRP, which will ensure there is quality

monitoring. This will make the identification of incidences in an efficient and timely manner, thus

avoiding an instance of the interruption of services.

Conclusion

In conclusion, the organization has high risk vulnerabilities which need to be managed, so as to

enhance the security of LOD’s IT infrastructure. With appropriate measures it is possible to detect

5

6

7

Steve Powelson @ 2019-12-11T22:07:33-08:00
Mostly good conclusion for thesis presented. Conclusion should present a recap of key points and summary of main emphasis/recommendation without repeating verbatim and exclusive of new information
Steve Powelson @ 2019-12-11T22:11:10-08:00
; the consequences of this deficiency was adequately explained
Steve Powelson @ 2019-12-11T22:12:01-08:00
an appropriate recommendation was made but did not include required specificity.

SECURITY VULNERABILITY REPORT 4

high severity vulnerabilities and thus prevent the loss of organizational data and stoppage of

processes. Also, due to the advancement of the level of technology, the organization need to

consequently employ high level technology and techniques to counter the adversaries of the IT

infrastructure. Therefore, appropriate authentication mechanisms such as multifactor

authentication should replace single-factor authentication so as to ensure that gaining access to the

organization’s system is only by authorized persons. Also the organization’s management should

develop an Incidence Response Plan to ensure that the incidences are detected in a timely manner

and hence minimize the risks.

SECURITY VULNERABILITY REPORT 5

References

Boulanger, J. (2017). Configuration Management. Certifiable Software Applications 2, 87-96.

doi:10.1016/b978-1-78548-118-5.50007-7

Neves, P., Nunes, L., & Lourenço, A. (2016). Multi-factor Authentication for Improved

Efficiency in ECG: Based Login. Proceedings of the 3rd International Conference on

Physiological Computing Systems. doi:10.5220/0005936500670074

8

Steve Powelson @ 2019-12-11T22:06:34-08:00
reference header not bold, per APA style
Steve Powelson @ 2019-12-11T22:07:02-08:00
Only capitalize first word of title and subtitle per APA 6th ed. 6.29

Comment Summary Page 2

1. Paper title is not considered section level one header per APA 2.05; thus, not bold 2. mostly good introduction including a brief background and preface of contents 3. Per APA 6th ed. 3.03, please use section level headers to guide your logical flow of ideas and concepts in your

papers. A good practice is to us the key elements or major points as section headings.

Section level one header Bold, Centered, & Upper-Lower case

4. good recommendation Page 3

5. Mostly good conclusion for thesis presented. Conclusion should present a recap of key points and summary of main emphasis/recommendation without repeating verbatim and exclusive of new information

6. ; the consequences of this deficiency was adequately explained 7. an appropriate recommendation was made but did not include required specificity.

Page 5 8. reference header not bold, per APA style

i. Only capitalize first word of title and subtitle per APA 6th ed. 6.29