Free Essay

Cis 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

In: Business and Management

Submitted By eileneleavell
Words 280
Pages 2
CIS 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

Click Link Below To Buy:

http://hwcampus.com/shop/cis527-assignment-2-assets-risk-management/

Week 6

There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats, but how does an organization with a unique or highly unusual setup discover its vulnerabilities? Many organizations turn to ethical hackers.

Write a four to five (4-5) page paper in which you:

Describe common tools and techniques for identifying and analyzing threats and vulnerabilities.
Critique the practice of offering rewards for discovering vulnerabilities.
Explain the risks of challenging individuals to exploit vulnerabilities in your systems.
Give your opinion on the formation of ethical hackers.
Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:

Describe techniques for identifying relevant threats, vulnerabilities, and exploits.
Use technology and information resources to research issues in IT risk management.
Write clearly and concisely about topics related to IT risk management using proper writing mechanics and technical style conventions.…...

Similar Documents

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...also exposes the Organization to possible attacks and threats. Such attacks have been the most challenging issue for most network administrators and a worrying topic for administrators. Organizations need to share services resources and information but they still need to protect these from people who should not have access to them, while at the same time making those resources available to authorized users. Effective security achieves these goals. The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally behind the attack. For instance, the goal could be to disrupt normal business operations, thereby denying data availability and production. April 13, 2000, 3:55 P.M. Pacific time: The Web site for the Motion Pictures Association of America (MPAA) is suffering intermittent outages, and the organization suspects computer vandals are to blame. A source inside the organization, who asked not to be identified, said that the MPAA is currently “experiencing problems with their public Web site, and they suspect a denial-of-service attack.” The attack was first rumored on http://www.hackernews.com/, a Web site for news on computer hacking. Most of the attacks are becoming more frequent and more damaging, and they are using well-known techniques and methods to exploit vulnerability in security policies and......

Words: 5140 - Pages: 21

Premium Essay

Hazard Vulnerability Assessment

...The Philadelphia Water Department, Baxter Water Treatment Plant Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie Immaculata University EPM 301 Report Summary The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas. Methods We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit. As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is......

Words: 4007 - Pages: 17

Premium Essay

Threats/Vulnerabilities

...Week1 Assignment 1: Application of Risk Management Assume the role of an IT manager assigned by Yield More's senior management to conduct the following risk management tasks. 1. Identify, analyze, and explain several (at least five) likely threat/vulnerability pairs and their likelihood of occurrence in this scenario. In this scenario some of the most likely pairs of threat/vulnerability pairs are location, equipment failure, social engineering, Denial of Service (DOS), and Mal ware. The reason I chose these threats is because they seem to be the most problematic for this company. The first one is location according to the scenario the servers are all housed in the company headquarters where if an a natural or man made disaster happened it would cripple the companies infrastructure. I would have advised the management to distribute there severs to different locations. In doing this if one goes down due to any natural or man made disaster it wouldn't matter because the other two could take up the slack. Another pair is equipment failure according to the scenario each server has its own specific function that it handles and nothing else. It would help mitigate some of the risk that would happen if each server along with handling there own problems would also handle tasks if the other servers went down. Social engineering is a problem because it is dependent on the user or the person. Social engineering is hacking the person for information that might need to be......

Words: 825 - Pages: 4

Premium Essay

Cis 109 Assignment 3

... Logical Design Gregory M Dowell CIS 111 Professor Thakkar 25 February 2014 Logical Design The purpose of normalization is to create a stable set of relations is representative of the operations of an enterprise. By doing this we are able to reduce redundancy to save space and avoid inconsistencies in data. It also ensures that the design is free of certain updates, insertions, and deletion anomalies (Ricardo, 2012). With normalization as with most anything else there are advantages and disadvantages. The advantages of normalization are: ACID, which stands for atomicity, consistency, isolation, and durability. Atomicity means the transaction is a single unit. Either the entire set of actions is carried out or is not. Consistency means that the user ensures their transactions will leave the database in a consistent state. Isolation is the requirement that the final effect of the transaction appear as if it were executed one after another instead of concurrently. Durability is ensuring that the effects are permanently recorded in a database even if the system crashes before all its rights are made to the database (Ricardo, 2012). Another advantage of normalization is performance. Well-normalized databases are faster to write to and access. Disadvantages of normalization are: they are difficult and expensive to do, require great skill and experience to create correctly, require discipline to maintain, and requires skill and discipline to keep well indexed......

Words: 1091 - Pages: 5

Premium Essay

How to Identify Threats & Vulnerabilities in an It Infrastructure

...Week 1 Laboratory How to Identify Threats & Vulnerabilities in an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to: • Identify common risks, threats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure. • Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT infrastructure • Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the organization • Prioritize the identified critical, major, and minor software vulnerabilities   Week 1 Lab: Assessment Worksheet Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure Overview One of the most important first steps to risk management and implementing a risk mitigation strategy is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities and map them to the domain that these impact from a risk management perspective. Lab Assessment Questions & Answers The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients with life-threatening situations. Given the list, select which of the seven......

Words: 590 - Pages: 3

Free Essay

Vulnerability Assessment Scan

...------------------------------------------------- Lab Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the......

Words: 559 - Pages: 3

Premium Essay

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Premium Essay

Cis 524 Week 3 Assignment 1

...A++PAPER;http://www.homeworkproviders.com/shop/cis-524-week-3-assignment-1/ CIS 524 WEEK 3 ASSIGNMENT 1 CIS 524 Week 3 Assignment 1, Due Week 3 and worth 80 points Building a user interface that meets the needs of a diverse population can be incredibly difficult. Research the best practices for developing a universally usable interface, as well as some of the federal legislation that applies (i.e., section 508). Write a four to five (4-5) page paper in which you: 1. Assess at least five (5) best practices for developing a universally usable interface. 2. Evaluate how section 508 affects developing user interfaces and assess this compliancy standard’s impact on users. 3. Give three (3) examples of available tools for verifying that your interfaces meet universal design guidelines and the advantages and disadvantages of each. 4. Examine the practicality of building multiple interface options for diverse populations, rather than building one (1) interface that meets the needs of the majority of end users. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a......

Words: 325 - Pages: 2

Premium Essay

Cis 525 Week 9 Assignment 3

...CIS 525 WEEK 9 ASSIGNMENT 3 A+ Graded Tutorial Available At: http://hwsoloutions.com/?product=cis-525-week-9-assignment-3 Visit Our website: http://hwsoloutions.com/ Product Description CIS 525 Week 9 Assignment 3, Assignment 3: Resolve Conflicts and Promote Collaboration as an Agile Coach Due Week 9 and worth 90 points The following resources may be helpful when completing this assignment. Handling Conflict on Agile Teams: What to Do When a Team Member Complains (http://www.agilejournal.com/articles/columns/articles/892-handling-conflict-on-agile-teams-what-to-do-when-a-team-member-complains) Unsolvable Conflict on Agile Teams (http://www.agilejournal.com/articles/columns/articles/888-unsolvable-conflict-on-agile-teams) Navigating Conflicts: A Guide to Frosting High-Performing Agile Teams (http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0409/#/36) Determining how to build a high-performing agile team, while managing conflicts, is a considerable task for any agile coach. In this assignment, you are asked to explore and discuss various conflict resolution methods and determine when and how to use them as an agile coach. You must discuss the techniques in a context of an agile project team environment with various scenarios, and must also demonstrate how you can turn the high-contention situations into high-collaboration situations. For example, the project team has consistently encountered changes of scope by the product owner. The QA team also emailed......

Words: 505 - Pages: 3

Free Essay

Cis 515 Assignment 3

...CIS 515 ASSIGNMENT 3 To purchase this visit following link: http://coursehomework.com/product/cis-515-assignment-3/ Contact us at: HELP@COURSEHOMEWORK.COM CIS 515 ASSIGNMENT 3 CIS515 Assignment 3: University Database – A Grade paper Instant Download Due Week 3 and worth 90 points A prestigious university has recently implemented a consolidation strategy that will require it to centralize their student records. In order to move forward, the local university will need to develop a data model that will retain student records and perform various data extract transform and load (ETL) processes. Imagine that you have been hired as a database consultant to assist in the development of a data design strategy for the student records. You met with various university subject matter experts and have determined the following after performing various business analysis processes: • Faculty groups are divided by core competencies that the university offers. For example, there are groups such as the Art Faculty, Computer Technology Faculty, Language Faculty, and Science Faculty. Each faculty member has an assigned Dean and is designated to teach at one particular campus and school. They are able to teach as many courses as required. • Courses are categorized by course code and title. Certain courses have prerequisites and the university has asked for this to be cataloged as well. • There are various schools within each campus. For example, the Los Angeles campus holds the......

Words: 621 - Pages: 3

Free Essay

Cis 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

...CIS 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices Click Link Below To Buy: http://hwcampus.com/shop/cis527-assignment-2-assets-risk-management/ Week 6 There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats, but how does an organization with a unique or highly unusual setup discover its vulnerabilities? Many organizations turn to ethical hackers. Write a four to five (4-5) page paper in which you: Describe common tools and techniques for identifying and analyzing threats and vulnerabilities. Critique the practice of offering rewards for discovering vulnerabilities. Explain the risks of challenging individuals to exploit vulnerabilities in your systems. Give your opinion on the formation of ethical hackers. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the......

Words: 280 - Pages: 2

Free Essay

Cis 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

...CIS 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices Click Link Below To Buy: http://hwcampus.com/shop/cis527-assignment-2-assets-risk-management/ Week 6 There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats, but how does an organization with a unique or highly unusual setup discover its vulnerabilities? Many organizations turn to ethical hackers. Write a four to five (4-5) page paper in which you: Describe common tools and techniques for identifying and analyzing threats and vulnerabilities. Critique the practice of offering rewards for discovering vulnerabilities. Explain the risks of challenging individuals to exploit vulnerabilities in your systems. Give your opinion on the formation of ethical hackers. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the......

Words: 280 - Pages: 2

Premium Essay

Vulnerability Assessment

...are fewer ‘weaker links’ for the attacker to exploit. (Mitnick & Simon, 2002) Hardware solutions such as firewalls, routers, auditing, IDS (Intrusion Detection Systems), biometrics can bolster those protections because even if the social engineer attacker gets an important piece of information it is paired with a piece of physical security such as a palm print, voice scan, body multi-dimensional password, IP scanning, or outright packet refusal (at the router) because of traffic from an outside source. Those physical hardware solutions need to be monitored on their own to avoid being compromised and affording another avenue of attack, but the combination of both active security and training work together to make single pieces of information that are usually sought by a social engineer almost useless. Date retention policies identify how data is stored, protected and or/destroyed. Addressing how your data lives, and eventually dies, and the responsibilities of personnel at all levels with regards to how data is handled prevents one of the easiest methods in a social engineers arsenal. Combining this training with an analysis of how data is classified helps determine what security level is adequate for different kinds of information. PII (Personally Identifiable Information) or HIPAA data, financial records, may require federally mandated special handling, while Research and Development documents might require specific practices that detail proper handling, and by......

Words: 1868 - Pages: 8

Premium Essay

Threat Assessment

...Threat Assessment Robert Nassar SEC 440 February 20, 2012 Threat Assessment When conducting an assessment to a company’s information or (computer) security system, the person or personnel must determine all possible risks that may threaten a company’s security. Risk as defined by OHSAS (Occupational Health & Safety Advisory Services) is the product of the probability of a hazard resulting in an adverse event, times the severity of the event the possibility of losing something. With this being said an assessment needs to include the possibility of loss, and how to minimize the risk of loss or the manageable way to contain all possible risks. To determine what types of risks a company maybe associated with is an on going process since in the cyber world new viruses, worms and thousands of different types of spyware are created everyday, the system must be monitored daily. Vulnerability is the potential point of attack, such as a computer without a password to access the system, which makes the system vulnerable to unauthorized access to the system. If a password was installed to the system it can reduce the risk of unauthorized access. While conducting an assessment one can understand the vulnerabilities and the difficulty of exploiting vulnerability, with a result in containment and deterrence of such a threat, with priority of such threats as a guideline. Depending of the level of threat, the vulnerability of access to a company’s information can be analyzed from......

Words: 1457 - Pages: 6

Premium Essay

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2

ВЕНЕЦИАНСКАЯ ГРУППА | → Download | Stitchers