400-600 words

Please read the story entitled The Importance of Knowing Your Own Security Posture. (ATTACHED)

After reviewing the story, conduct research online into the various possibilities for conducting a risk assessment for organizations. Address the following:

• Discuss the specific recommendations that you would make based on your personal experience and research.
• Discuss the impact (from the perspective of various stakeholders) of the use of a risk assessment to stop an attack.
• How can technology be used as an enabler for the risk-assessment process?
• How can technology be a detractor for the risk-assessment process?
• Provide specific examples of how you would conduct a risk assessment.
• How can you apply the lessons that you learned from the story to your own company problem?
• Provide feedback on the recommendations that your classmates made.

 

The Importance of Knowing Your Own Security Posture1It is a typical day. Michael starts at 10:00 p.m. He grabs a bottle of highlycaffeinated soda, turns on the Dub-step playlist, and sits down at hiscomputer. Next, Michael launches his Tor client to ensure anonymity andbegins to fingerprint, scan, and enumerate his target. After a few hours,Michael has a good idea of the company’s network infrastructure as well as alist of servers—both Internet-facing and those sitting on the intranet. Michaelalso knows which systems have which vulnerabilities. Michael shuts down forthe day and begins to plan his attack. The company that he targeted andmapped contains a database with thousands of credit cards that are worththousands of dollars on the black market.Even though Michael has all of the information that he needs to launch anattack, he also knows the time and realizes that the network operations teamand the security response team for the company are beginning to start theirnormal workday. Launching an attack now might be detected by active eyesmonitoring the system. After all, a hacker’s goal is to not be caught. Michaelwill wait until the upcoming weekend to steal the credit card data, when it isleast likely that he will be detected.The problem is that the company Michael just “cased” is your company. Thisis no longer a random third party; you have a vested interest in the successof the company, and because you are a lead security analyst, you also wantto protect the company’s data. As you start your day, you notice that acouple of network pings, sweeps, and port maps took place from the Internet,but in reality, this is nothing new.You are curious about the activity from overnight and conduct somepreliminary investigations about the source of this activity. You see that itoriginates from a Tor network, so tracing the real origination source will bechallenging, if not impossible. Therefore, it is not worth your time andresources. After all, you have a task that is far more important to complete.You have been looking at the security posture of the company networkresources for the past month. You have conducted scans, vulnerabilityassessments, and some penetration tests. It is time to finalize your reportand deliver it to management and the operations teams.

Attachments:

• 1495272416-U2_Story.pdf