VulnerabilityManagementProcessMemorandumTEMPLATE

docx

School

University of Maryland Global Campus (UMGC) *

*We aren’t endorsed by this school

Course

421

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by AgentScorpionMaster973

Report
Vulnerability Management Process Memo | [Document subtitle] MEMO January 30 th , 2024 Bernice Kwadu CMIT 421 [Opening Salutation]: Overview In this section, provide a brief overview to establish the purpose of your memorandum. You should introduce the topics in Parts 1, 2, and 3, below. Remember that you are writing to your immediate boss to help her address the CEO’s concerns over recent cybersecurity attacks against the transportation sector. Additionally, your boss has provided you with the results of a recent pen testing engagement performed by a third party on behalf of Mercury USA. The purpose of this memorandum is to address the CEO’s concern over the recent cybersecurity attacks against the transportation sector. This memorandum will first address and assess the vulnerability scan results First, this memorandum will recommend a Vulnerability Management (VM) process that is tailored to Mercury USA. Second, this memorandum will address the quality of the vulnerability scan’s results. Last, this memorandum will present a plausible scenario that Mercury USA could potentially fall victim to if certain recommendations are not met. Part 1: Vulnerability Management (VM) Process Recommendation In this section, present a recommended VM process for Mercury USA. Highlight the major VM process components as you learned in your studies. Explain how your recommendation meets the business needs of Mercury USA. Consider the transportation sector and the overall scenario in context. The text and questions below represent specifics to focus on while writing the memorandum. Do not include the specific text of the questions in your final submission.
Vulnerability Management Process Memo | [Document subtitle] What are the main elements of a VM process, tailored to Mercury USA and the transportation sector? How will you plan for and define the scope of a VM process? How will you identify the assets involved? How will you scan and assess vulnerabilities? What is/are the industry standard scanning tools? Support your findings. What frequency of scanning do you recommend and why? How will you report the results of scanning and recommended countermeasures? Part 2: Vulnerability Scanning Tool Evaluation and Recommendations After performing an analysis of the vulnerability report provided by the third-party penetration testers, present your evaluation of the tool and your recommendations here. The text and questions below represent the specifics to focus on while writing your memorandum. Do not include the specific text of the questions in your final submission . Identify the scanner used to produce the report. Is the tool open source or commercial? Do you consider the tool to be industry standard? What are some advantages to using the tool? Disadvantages? What is your overall impression of the tool’s output? Does the tool provide enough reporting detail for you as the analyst to focus on the correct vulnerabilities? Can you appropriately discern the most critical vulnerabilities? Do you think mitigations for the vulnerabilities are adequately covered in the report? Do you think the reports are suitable for management? Explain why or why not. Would you distribute the report automatically? Explain why or why not. Would you recommend that Mercury USA use the tool? Explain why or why not. Part 3: Business Case Example In this section, provide an example of what could happen if Mercury USA does not implement your recommendations for a VM process (e.g., data exfiltration, hacker intrusions, ransomware, etc.). The text and questions below represent the specifics to focus on while writing your memorandum. Do not include the specific text of the questions in your final submission. What are some of the outcomes to the business if your example occurred? How does your recommended VM process address the example you used? For the tool you evaluated in Part 2 above, do you think the tool will be adequate? Why or why not? Closing In this section, summarize the main points of your argument for a VM process, tool evaluation, and use the case example to support your recommendations. Keep in mind that you are addressing the CEO’s concerns over recent cybersecurity attacks against the transportation sector and how you can help increase Mercury USA’s overall security posture to protect the organization against attacks, breaches, and data loss.
Vulnerability Management Process Memo | [Document subtitle] <Closing Salutation> <Your Name > Cybersecurity Threat Analyst Mercury USA References Use in-text citations in the body of your memorandum as appropriate. Add all sources you used here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for clarification. When using the associated course content, ensure that you cite to the chapter level. [1] "Chapter 5: Implementing an Information Security Vulnerability Management Process",   Pearson CompTIA Cybersecurity Analyst (CySA+) , 2020. [Online]. Available: https://www.ucertify.com/. [Accessed: 28- Apr- 2020].
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Chapter9QuestionsEdu271J.Sharma.docx
Corporate Infrastructure Part 4 IP ADDRESSING.docx
Ocasio_Assignment #2.docx
Week 8 Case Study.docx
Ocasio_Assignment #8.docx
ITMG Term Paper.docx
M06 quiz.docx
Ricki Gageby-AT&T risk assessment.docx
CYB_300_Milestone_Three_Worksheet_SG.docx
CYB_240_Project_One_Milestone_SG.docx
CYB_240_Module_Four_Lab_Worksheet_SG.docx
CYB_240_Module_Five_Lab_Worksheet_SG.docx