nounew

Table of Contents 1.0. Vulnerability Assessment Report 2 1.1. Scope of Work 2 1.2. Work breakdown Structure [represented in a separate file] 3 1.3. Threats and Vulnerability Report 3 1.3.1. Explanations of Threats and Vulnerabilities 3 1.3.2. Classification of threats and vulnerabilities 6 1.3.3. Prioritization of threats and vulnerabilities 6 1.4. Network Analysis Tools 7 1.4.1. Alcatel Lucent’s Motive Network Analyzer – Copper (NA-C) 7 1.4.2. SolarWinds NetFlow Traffic Analyzer, aka Orion NTA 8 1.4.3. Nagios Network Analyzer 8 1.4.4. Caspa free 9 Table1: Vulnerability Assessment Matrix 10 1.5. Lessons Learned Report 11 References 14

1.1. Scope of Work Comment by Hank Williams: This should be the Overview section of the paper. This first paragraph is not relevant to a business report prepared for the CTO. It is a lot of general cyber security fluff. Please stay focused on writing a solid vulnerability assessment as this will not do. While you have titled this section Scope of Work, you have not actually provided any scope of work. Please review the recording of the F2F session to understand expectations for this section.

Every business entity or government institutions experience constant threats from many sources. All business companies are subject to risks, and there is no organization which is 100% safe from an attack. The existence of many threats usually limits the organizational ability to prevent them all. For instance, the leading antivirus company Kaspersky Lab reports that the current malicious files processed by Kaspersky Lab improve 360,000 per day. In other words, there are over 250 new malware threats detected every day. However, malware is not the only threats in organizational systems. There are many other cyber security threats and network vulnerabilities that cybercriminals or malicious actors can exploit to cause harm or steal company’s data. Vulnerability refers to the weakness or a flaw in a network or system that can be utilized to allow an attacker to manipulate the system in some way or cause harm. The company’s most common vulnerability examples include malware, unpatched security vulnerability, hidden backdoor programs, superuser account privileges, automated running of scripts without virus check, unknown programming interfaces, phishing attacks, IoT devices, and employees. The process of mitigating vulnerabilities in an organization is known as vulnerability assessment. Vulnerability assessment involves identifying, classifying and ranking of different vulnerabilities. Vulnerabilities that exist in Ambit Group are due to an anticipated interaction of various software program, underlying weakness in an individual program or system components.

Ambit Group is a company that deals with technological innovations and changes daily. In this company, we are familiar with current trends in technology and incorporating these technological innovations and changes into business solutions for competitive advantage. We supply all cloud-based app solutions to our customers in medium-sized companies in Germany, Switzerland and Austria regions. Our services include End2End processes and implementation of customized solutions in the global and local level. We are part of Microsoft Part Eco System integrating specialized partners such as IoT, BI, DMS, Office 365 and Azure. We are located in Switzerland. Our company is highly sensitive to vulnerability assessment. Vulnerability assessment enables the company to stay ahead of cybercriminals. It also helps us to keep up with compliance requirements for our contracts. We also identify, classify and rank vulnerabilities in our organization to ensure that our employees and partners engage in proper security practices. As the newly appointed chief information officer, my role is going to identify, classify and rank different vulnerabilities that Ambit Group have been experiencing and give suggestions on how we can adequately mitigate these vulnerabilities. Comment by Hank Williams: Do not use 1st person. Remain formal and use 3rd person at all times. Comment by Hank Williams: This is not in keeping with the scenario of a mid-sized company providing support to the federal gov’t. Please make sure you follow the scenario. Your paper will not be considered acceptable if you do not.

Nearly all organization face some level of risk associated with some threats. Much vulnerability is as a result of natural events or accidents while others are intended to cause harm. These factors also produce some of the weaknesses in Ambit Group. In Ambit Group, there are external vulnerabilities, internal, vulnerabilities resulting from existing security measures, and vulnerabilities which come as a result of compliance requirements. Regardless of the nature of the vulnerability, organizational management has the responsibility to limit and manage risks resulting from these threats to the extent possible. Risk management is usually undertaken in relation to the provisions that the federal government has provided. Public security owners through the organizational chief security information develop and implement a security risk management methodology which complies with the interagency security committee standards (Gujar, Ng & Yang, 2018). The risk management methodology aims at supporting the security needs of a facility. Ambit Group regularly assesses the vulnerability of its security system to support the needs of the company.

As the newly appointed chief security information officer of Ambit Group, the first step I will use to assess the organizational vulnerability is to undertake threat assessment. Vulnerability assessment involves identifying various types of vulnerabilities, classifying and then ranking the vulnerabilities. Some of the examples of vulnerabilities of Ambit Group that were identified include malware, unpatched security vulnerability, hidden backdoor programs, superuser account privileges, automated running of scripts without virus check, unknown programming interfaces, phishing attacks, IoT devices, and employees (Hodson, 2019). Vulnerabilities that exist in Ambit Group are due to an anticipated interaction of different software program, underlying weakness in an individual program or system components. My role is to consider all spectrums of threats during a vulnerability assessment. There are both human-made and natural threats the agency is going to expand on. Considering a broader range of threats will ensure that all vulnerabilities in the security system are carefully managed, and the likelihood of the risks occurring will also be reduced.

Internal threats contribute to more than 55% of Ambit Group’s security vulnerabilities. Internal vulnerabilities come from partners, employees and ex-employees (Hodson, 2019). Common internal threats in Ambit Group security system results from opening malicious emails, accessing corporate systems on unknown people, lose of laptop and other electronic devices, taking advantages of database privileges, introducing a corrupt tool to the organizational network, social engineering, and becoming victims of phishing schemes. Internal vulnerable also come to a result of the wrong procedures used in the installation of security systems as well as policies used.

Many organizations experience a big challenge in overcoming employees’ complacency. This is because the insiders usually access much information about the organization and can easily tamper with it, given that they know how the sensitive information about an organization is protected. In most cases, internal threats result from unintended actions as opposed to external threats which usually results from intentional acts such as vandalism, data theft and disruption of services.

Internal and external threats in Ambit Group can be prevented through the following ways: installation of IDSN that can be used to alert any form of suspicious activity in the network—monitoring all database access usage patterns and movement to detect data authorized by SQL, leakage, and significant data transactions. Assessing data vulnerability can also be done by deploying strong user authentication as well as through keeping devices up to date.

Internal and external threats can also be prevented by calculating risk scores. Calculating risk scores helps to capture vulnerabilities and produce a numerical score that reflects its severity. Other ways to avoid manage internal and external threats include training the workforce, removal of excessive privileges, data encryption and embracement of the cloud.

I was also able to find that the most commonly used method to cause system vulnerabilities is the use of social media to hide cyber attacks. Hackers create a link and attach it to a post put up by robot accounts on Facebook or Twitter. This kind of attacks has become very popular in the modern world. The attacks are modified in a way that they relate to posts that we engage with on social media. Many organizations are still struggling to keep up with the changing security landscape.

Threats and vulnerabilities in the Ambit Group security system can be classified based on the severity of the risks. Weaknesses in the Ambit Group mainly results from internal threats caused by employee’s partners and ex-employees. Since the company deals in technological devices and innovation, it is associated with many challenges of cybercrimes. The attack on the company’s security system is related to the sensitive information that is only available with the organization’s employees. For that matter, the internal organizational threats should be classified first, and priority should be given to them. Internal threats are classified first in consideration of the potential impact of loss from the successful attack. An effect of the failure is the degree to which the mission of the company is affected by a successful attack from a given threat. The impact of a risk can be classified as devastating, severe, noticeable, or minor. Successful internal threats are catastrophic, while external threats are severe. Other elements of vulnerabilities such as existing security measures and compliance requirements can be classified as noticeable and minor, respectively. The aspects of vulnerabilities were also classified as ‘very high’, ‘high’, ‘moderate’ and ‘low’.

Threats which were found to be more severe were given priority. Highly rated weaknesses and threats such as threats which result from employees were given priority. The prevention and management of high and most severe risks help to limit the number of vulnerabilities as well as reducing impacts of the equivalent threats (Siddi, 2018). Threats which were found to have less impact and fewer impacts were given low priority because the organization has enough time to prevent them and manage them effectively.

The vulnerability assessment process requires specific network analysis tools that help in identifying, categorizing, and ranking of security flaws called vulnerabilities among network infrastructure, computers, hardware, and software systems. In Ambit Group, vulnerabilities are detected during vulnerability assessment, thus develops the need for vulnerability disclosure. Therefore, my role as the CSIO is to discover all kinds of vulnerabilities for the organization in order to prevent the organization from malicious activities such as cracking the website, LANS, and systems.

The choice of network analysis tools during vulnerability assessment was based on the following criteria. I first recognized and realized the approach of my company how it is managed and structured. I then traced the applications, applications, and systems that are used in the company. The next step entailed examinations of the unobserved data sources, which can allow simple data entry to the protected information. The next step involved classifying both the physical and virtual servers that run the sensitive business applications. The next step involved tracking all the existing security measures which are already in place, and finally, I inspected the organizational network for any possible vulnerability. This process involved the use of specific vulnerability scanners. Vulnerability scanners automate security auditing (Burns & Fry, 2019). Since my role was to undertake a vulnerability assessment for the organization, it was highly essential to scan the vulnerabilities so that I could come up with different security risks. The following tools were used to analyze the security network of the organization: Orion NTA, Alcatel Lucent’s Motive Network Analyzer, Nagios Network Analyzer, and Caspa Free.

Motive Network Analyzer-Copper (NA-C) provides detailed inspection to networks with quick troubleshooting and fault localization experience through its smart carrier data diagnosis, data collection, and repair capabilities (Lang & Schreiner, 2017). The use of this tool was also significant because it enabled the carrier’s network to maximize daily DSL stability to match the requirements of high bandwidth services. It also helped in easy upgrading to VDSL2 and ADSL2+. Another advantage of using motive NA-C is that it offers multivendor DSLAM support, and it provides on-command line quality inspections. The disadvantage of using purpose NA-C was that it has sophisticated features that are not easily understood, and it is a domain-specific analysis.

Orion NTA is a widely used Netflow analysis tool. Orion NTA is highly preferred because it helps in exploring traffic flow activities over the network (Lang & Schreiner, 2017). It also examines the device behavior for excessive traffic flow, so it enabled me to regulate excess bandwidth utilization without updating networking resources. This utility administrator also helped me to customize different chart elements; therefore, I was able to simplify the chart view by removing unnecessary information. It has the following advantages: it offers different chart customization, and it allows for full SNMP protection. One disadvantage of using Orion NTA is that NPM is mandatory for maximum functionalities.

Nagios Network Analyzer offers a comprehensive analysis of network services such as HTTP, ICMP, and POP3. This network utility was used because it generates easy and quick interpreted charts. Its advantages include: it has a comprehensive dashboard, it gives easily understandable graphs, it also provides automated system alerts, and advanced user protection. The only disadvantage is that sometimes it fails to respond with sflow capture.

Caspa free is a freeware. It is a freeware tool for troubleshooting, Ethernet monitoring, and analysis. This utility was used to analyze LAN and WLAN, and to capture and automate diagnosis. Caspa free can recognize and analyze several network protocols with its e-mail monitoring, TCP monitoring sequence charts, and smart custom reporting (Silva, Nguyen, Correia, Clemente & Martins, 2019). This tool is recommended for vulnerability assessment because it provides in-depth LAN analysis; it is easy and quick to understand. However, it offers very few options for customization and is limited to Ethernet packets analysis.

For further analysis and assessment of vulnerabilities in Ambit Group, the above tools are highly recommended for they address and give compressive reports concerning the organization’s security systems. The organization should consider combining the use of these tools for proper management and prevention of malicious activities into its system.

Table1: Vulnerability Assessment Matrix Comment by Hank Williams: The chart you have does not make sense. Please use what I have provided in the templates. All graphical aids (charts, tables, graphs, etc.) must have text explaining the graphic. Otherwise the reader does not know the context for your graphic.

The vulnerability assessment process is a fundamental process that all organizations should consider undertaking or regular basis. As have been indicated in the finding, organizations experience many risks in their information system from malicious activities which are created by internal employees, partners or ex-employees. A practical and most outstanding way to ensure that unintended people are kept away from accessing the organizational systems, every company must consider undertaking precautionary measures that aim at preventing and managing their network from malicious attacks. The study indicates that internal threats are the most common types of threats in many organizations. Internal threats are threats that are caused by internal employees. Internal employees have access to lots of organizational information. Many employees are also exposed to sensitive information of the company. Enabling an employee to have the security codes of the information system of an organization can result in interference or tampering with confidential information of the company. To prevent employees from causing internal threats to the organizations, many ways have been suggested in this study.

Internal and external threats in Ambit Group can be prevented through the following ways: installation of IDSN that can be used to alert any form of suspicious activity in the network—monitoring all database access usage patterns and movement to detect data authorized by SQL, leakage, and significant data transactions. Assessing data vulnerability can also be done by deploying strong user authentication as well as through keeping devices up to date.

Internal and external threats can also be prevented by calculating risk scores. Calculating risk scores helps to capture vulnerabilities and produce a numerical score that reflects its severity. Other ways to manage internal and external threats include training the workforce, removal of excessive privileges, data encryption and embracement of the cloud.

The study also identifies that threats and vulnerabilities in the Ambit Group security system can be classified based on the severity of the risks. Weaknesses in the Ambit Group mainly results from internal threats caused by employee’s partners and ex-employees. Since the company deals in technological devices and innovation, it is associated with many challenges of cybercrimes. The attack on the company’s security system is related to the sensitive information that is only available with the organization’s employees. For that matter, the internal organizational threats should be classified first, and priority should be given to them. Internal threats are classified first in consideration of the potential impact of loss from the successful attack. An effect of the failure is the degree to which the mission of the company is affected by a successful attack from a given threat. The impact of a risk can be classified as devastating, severe, noticeable, or minor. Successful internal threats are catastrophic, while external threats are severe. Other elements of vulnerabilities such as existing security measures and compliance requirements can be classified as noticeable and minor, respectively. The aspects of vulnerabilities were also classified as ‘very high’, ‘high’, ‘moderate’ and ‘low’.

Tools that were used to analyze the security network of the organization include Orion NTA, Alcatel Lucent’s Motive Network Analyzer, Nagios Network Analyzer, and Caspa Free. Every tool that was used had the advantage over the other. The choice of these tools was based on their ability to provide a good breakdown of the risks which can be easily interpreted to the organizational management so that actions should be taken upon most severe threats.

Based on the vulnerability assessment matrix, there are certain risks that the organization must address immediately. The model was used to analyze internal threats, and it indicates that there are severe risks that the organization must address as soon as possible because they can be catastrophic to the organization and can even interfere with the normal functioning of the organization. There are certain levels of risks that have been identified based on the nature of impacts. Risks which are associated with minor effects or loss results to low vulnerability in the organization and those which are characterized with noticeable impacts have a likelihood of causing weaknesses to the organizational system. Risks that can result in severe and devastating effects are associated with significant flaws to the organization. Therefore, the organization must give priority to risks with major flaws because its impacts may be severe and devastating to the organization. The process of managing and prevention of threats in the organization should follow the findings in the vulnerability assessment matrix. Risks which indicate significant impacts should be given priority, followed by those which may result in low impact or loss.

Organizations should also consider putting enough money for vulnerability assessment and risk management. The amount of money required for risk management should be based on the findings of vulnerability assessment. Organizations can manage risks and protect their assets when they engage in vulnerability assessment regularly.

Burns, W. D., & Fry, R. (2019). U.S. Patent No. 10,511,623. Washington, DC: U.S. Patent and Trademark Office.

Gujar, G., Ng, A. K., & Yang, Z. (2018). A Methodology to Prioritize Security Vulnerabilities in Ports. In Contemporary Container Security (pp. 63-79). Palgrave Macmillan, Cham.

Hodson, C. J. (2019). Cyber Risk Management: Prioritize Threats, Identify Vulnerabilities and Apply Controls. Kogan Page Publishers.

Lang, U., & Schreiner, R. (2017). U.S. Patent No. 9,563,771. Washington, DC: U.S. Patent and Trademark Office.

Siddi, M. (2018). Identities and vulnerabilities: The Ukraine crisis and the securitisation of the EU-Russia gas trade. In Energy Security in Europe (pp. 251-273). Palgrave Macmillan, Cham.

Silva, F. G., Nguyen, Q. T., Correia, A. F., Clemente, F. M., & Martins, F. M. L. (2019). Network Analysis Tools. In Ultimate Performance Analysis Tool (uPATO) (pp. 1-4). Springer, Cham.