A risk assessment is a process for identifying and evaluating risk. It is a key activity in a cost-effective and balanced approach to managing risk for systems. The first step in a risk assessment is identifying the critical assets for the organization. It is not possible to protect the items most valuable to the organization if they are not identified as such. Once assets are identified, then the scope of the risk assessment must be determined.
A vulnerability scan is conducted for the network. The results of the vulnerability scan are used to identify holes in the security posture. These results can be rated as critical, high, medium, and low and addressed accordingly with critical and high results being much more important to address soonest. For this assignment, you will create a risk assessment based on themes discussed in this course. The main purpose of this final project is to tie the concept of risk to a holistic perspective of the organization’s processes.
The final project is based on the following system scenario from ABC Company:
ABC Company is in manufacturing and produces specialty widgets. Many years of research and development have gone into the creation of these widgets and only ABC Company produces them. ABC has a website where they take orders for these widgets. A database for orders and customer payment information is housed on a shared server, which also runs the Intranet. Employees are occasionally allowed to work from home, as ABC Company is small and the skillset for employees is very specific. The company wants to keep their employees happy. ABC Company has one system administrator who maintains the network.
Based on the ABC Company system scenario, your final project must contain a summary of all critical, high, and medium findings; a recommendation for remediation of those findings; and any suggestions for improvement to the network layout for the organization. This assignment requires a 3- to 5-page Risk Assessment Report (template provided) in APA format, along with an additional references page. See below for details.
- A vulnerability scan, based on a Nessus scan, is part of this assignment (results provided). Note: Actual hostnames and IP addresses were removed from this scan for security purposes. However, in a “real” scan result, this information would be included. Analyze the results of the scan to identify the critical, high, and medium findings relevant to the scope of your assessment. Keep in mind what would be the most important assets for ABC Company.
- After identifying relevant findings from the vulnerability scan in step 1, analyze the network diagram for ABC Company (below) and provide recommendations to ABC Company on how to improve their security posture.
- Complete a risk assessment using the risk assessment report template to include the following:
- Complete all applicable sections, as explained in the instructions portion of the template.
- Identify assets and threats in Sections 1.3 and 1.4 of the template.
- Identify vulnerabilities in the network design and vulnerabilities in the scan results in Section 1.5 of the template.
- Complete a risk analysis in Section 1.6 of the template.
- Provide recommendations in Section 2 of the template including:
- Corrective actions and estimated timetables for fixes
- Estimated residual risk to ABC Company
- A future plan (rescan on a specific periodic basis, re-run risk assessments annually, etc.).
Submit the final project (risk assessment report) to your mentor for grading.
This assignment corresponds to or addresses the following Cybersecurity Program outcomes for the bachelor of science degree:
- Students assess and apply cybersecurity principles, tools, and methods to defend information systems against cyber threats. [BSCS1 1]
- Students apply cybersecurity design best practices and technologies to prevent and mitigate cyberattacks and vulnerabilities. [BSCS1 2]
- Students design, implement, and administer networks in a secure manner by integrating network defense technologies, monitoring tools, and measures. [BSCS1 3]
Your work on this assignment should reflect your ability to:
- Describe how the fundamental concepts of cyber defense can be used to provide system security. (Concepts of cyber defense)
- Describe cyber defense tools, methods, and components. (Cyber defense tools, methods, and components)
- Examine the architecture of a particular system and identify significant vulnerabilities, risks, and points at which specific security technologies/methods should be employed. (System architecture)
- Show usage of a network monitoring tool. (Uses of network monitoring tools)
- Describe concepts of network defense. (Concepts of network defense)
WRITING AND RESEARCH RESOURCES
The following links provide online writing and research aids to help you with your paper assignments.
- OWL (Online Writing Lab) at Purdue University
- Writer’s Handbook, the Writing Center at the University of Wisconsin–Madison
- APA Guidelines
- Information Literacy for TESU Students (an online guide from the New Jersey State Library to assist you in starting your research, searching databases for articles, citing sources, using ILLiad to request books or articles, etc.)
Do you need urgent help with this or a similar assignment? We got you. Simply place your order and leave the rest to our experts.