CMIT_421_Project1_VulnerabilityManagementProcessMemorandumTEMPLATE
docx
keyboard_arrow_up
School
University of Maryland, University College *
*We aren’t endorsed by this school
Course
421
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by SuperHumanSparrowMaster546
VULNERABILITY MANAGEMENT PROCESS MEMO | [Document subtitle]
MEMO
1/28/2024
Name
Good Morning:
Overview
In light of recent cyber threats linked to the WannaCry virus from a competitor, an external company conducted a vulnerability assessment for Mercury USA. This memo delves into the crucial takeaways from the evaluation. It outlines a tailored Vulnerability Management (VM) procedure for Mercury USA, evaluates the effectiveness of the vulnerability scan, and emphasizes potential risks if recommended measures are neglected. In recognition of senior management's concerns, this memo seeks to offer practical and actionable solutions.
Part 1: Enhancing Vulnerability Management (VM) Process
Mercury USA, focusing on safeguarding client information during transportation, should implement a robust VM process. This process includes asset configuration, vulnerability assessment, risk and patch management, and penetration testing. Before deciding on the best VM process, a thorough analysis of the organization's security landscape is essential. The four critical steps of the VM process — locating, analyzing, fixing, and reporting vulnerabilities — will enable Mercury USA to identify and address potential risks (Lalic, 2016; Khimji, 2019).
OpenVAS has been recommended for vulnerability scanning due to its simultaneous authenticated and unauthenticated testing capabilities. Weekly reporting using vulnerability management solutions will facilitate identifying, grading, prioritizing, and remedying vulnerabilities, thereby establishing accountability within the organization.
Part 2: Evaluation and Recommendations for Vulnerability Scanning Tool
The assessment of Mercury USA's network using OpenVAS, an open-source vulnerability assessment tool, demonstrated its effectiveness in identifying configuration errors, patching issues, and open port vulnerabilities (OpenVAS, 2021). While OpenVAS is cost-free and customizable, it may produce false positives. However, it surpasses some commercial scanners
like Nessus in terms of its ability to perform authenticated and unauthenticated testing.
VULNERABILITY MANAGEMENT PROCESS MEMO | [Document subtitle]
Despite potential limitations, the advantages of a scanning tool, such as prioritizing urgent issues and evaluating overall security effectiveness, outweigh the drawbacks (Irwin, 2020). To ensure the scanning process aligns with network and application monitoring, choosing a tool consistent with organizational needs is crucial.
Part 3: Business Case Example
Implementing the suggested VM process and OpenVAS scanning is vital to prevent potential security breaches. Failure to act may expose Mercury USA to significant risks, including exploiting MS17 vulnerabilities, leading to unauthorized access and possible data loss. Adhering
to cybersecurity best practices, including vulnerability scanning, will strengthen the organization's defenses and reduce legal and financial risks (Limassol, 2018).
Closing
In conclusion, Mercury USA must prioritize the recommended vulnerability management process and adopt OpenVAS scanning to bolster its cybersecurity posture. Weekly scans and diligent adherence to recommendations will contribute to proactive risk mitigation. Embracing these practices aligns with the organization's commitment to safeguarding client and operational
data, ensuring a secure future. Thank you for your attention and dedication to the ongoing security of Mercury USA.
References
Hacking Loops. (2021). Nessus VS OpenVAS Advantages and Disadvantages Explained. https://www.hackingloops.com/nessus-vs-openvas/
Lalic, Z. (2016). Components of an effective vulnerability management process. https://www.helpnetsecurity.com/2016/10/11/effective-vulnerability-
managementprocess/
OpenVAS. (2021). OpenVAS – Open Vulnerability Assessment Scanner. Open Vulnerability Assessment Scanner, https://www.openvas.org/ Khimji, I. (2019). Vulnerability Management Program Best Practices. The State of Security. Retrieved 30 January 2021, from https://www.tripwire.com/state-
ofsecurity/vulnerability-management/vulnerability-management-best-
practice/
Rubens, P. (2019). Vulnerability Scanning: What It Is and How to Do It Right. eSecurityPlanet. Retrieved 30 January 2021, from https://www.esecurityplanet.com/networks/vulnerability-scanning-what-it-is-
and-how-todo-it-right/
VULNERABILITY MANAGEMENT PROCESS MEMO | [Document subtitle]
Irwin, L. (2020). The pros and cons of vulnerability scanning - IT Governance UK Blog. IT Governance UK Blog. Retrieved 1 February 2021, from https://www.itgovernance.co.uk/blog/the-pros-and-cons-of-vulnerability-
scanning
. Limassol, C. (2018). Maritimecyprus.files.wordpress.com. Retrieved 1 February 2021, from https://maritimecyprus.files.wordpress.com/2018/06/cyprus-shipping-
chambervulnerability-management-case-study.pdf
Primatech.com. (2015). Retrieved 1 February 2021, from http://www.primatech.com/images/docs/paper_the_business_case_for_cyber_
security.pdf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help