Project 2: VM Scanner Evaluation Background Report
Assignment
Don't use plagiarized sources. Get Your Custom Essay on
Project 2: VM Scanner
Just from $13/Page
This week, you will submit the second project, VM Scanner Background Report, based on the
Nessus Report
. As you are writing your report, you may want to refer back to the CEO’s video in Week 1 to make sure your analysis and recommendations align with the CEO’s priorities and concerns.
You should link your analysis to the kinds of organizational functions and data associated with a transportation company (e.g., protecting order data, customer lists, sales leads, Payment Card Industry (PCI) compliance for processing credit, proprietary software, etc.) and provide your recommendation if Mercury USA should purchase the Nessus tool. This report should be four to six pages in length and include a title/cover page. Include in-text citations and a reference page with three quality sources in a citation style of your choice.
|
How Will My Work Be Evaluated?
For this assignment, you are asked to provide your supervisor, Judy, with a technical evaluation of a vulnerability scanner. By documenting your results in an effective background report, you are showing how you use your technical knowledge to convey your ideas to others in a professional setting. Your ability to express your findings using the right mix of technical detail in a business context is an important workplace skill.
The following evaluation criteria aligned to the competencies will be used to grade your assignment:
· 1.3.1: Identify potential sources of information that can be used to develop and support ideas.
· 1.4.1: Produce grammatically correct material in standard academic English that supports the communication.
· 10.1.1: Identify the problem to be solved.
· 12.2.1: Identify systems for the risk assessment.
· 12.3.1: Select controls.
· 13.2.1: Evaluate vendor recommendations in the context of organization requirements.
|
If you haven’t already downloaded it last week, download the
VM Scanner Background Report Template
now and follow the instructions in the document.
Delete the instructional text from the template before you submit.
2/4/2021 My Basic Network Scan
https://learn.umgc.edu/content/enforced/572629-027858-01-2212-OL1-6384/My_Basic_Network_Scan_qw3e2d (2).html 1/2
Report generated by Nessus™
Expand All|Collapse All
Show Details
Show Details
Show Details
My Basic Network Scan
Wed, 08 Apr 2020 09:12:48 Pacific Standard Time
TABLE OF CONTENTS
Hosts Executive Summary
192.168.1.10
192.168.1.25
192.168.1.30
192.168.1.100
Hosts Executive Summary
192.168.1.10
0 1 1 0 22
CRITICAL HIGH MEDIUM LOW INFO
192.168.1.25
0 1 2 2 43
CRITICAL HIGH MEDIUM LOW INFO
192.168.1.30
5 1 12 2 57
CRITICAL HIGH MEDIUM LOW INFO
192.168.1.100
0 0 1 0 26
CRITICAL HIGH MEDIUM LOW INFO
2/4/2021 My Basic Network Scan
https://learn.umgc.edu/content/enforced/572629-027858-01-2212-OL1-6384/My_Basic_Network_Scan_qw3e2d (2).html 2/2
Show Details
© 2020 Tenable™, Inc. All rights reserved.
VM Scanner Background Report
CMIT 421 Threat Management and Vulnerability Assessment
Introduction
Provide an introduction that includes what you intend to cover in the background paper. Ensure you are specific and define your purpose clearly.
Part 1: Nessus Vulnerability Report Analysis
In this section, analyze and interpret the results of the report in order to give your boss a clear picture of the Mercury USA’s potential vulnerabilities.
As you analyze the report, address the following points:
· Is it appropriate to distribute the report as is, or do you need to interpret the report, attach meaning before sending to management? Explain why or why not.
· What is your overall impression of the tool’s output? Is it easy to interpret, well-organized, include enough detail, too much detail?
· Does the tool provide enough reporting detail for you as the analyst to focus on the relevant vulnerabilities for Mercury USA?
· Name the three most important vulnerabilities in this system for Mercury USA. Why are they the most critical?
· How does the report provide enough information to address and remediate the three most important vulnerabilities?
|
Judy has asked you to provide a screenshot to help her understand what the Nessus report looks like.
Screenshot Instructions
· Open lab 14.2.30, “Conducting Vulnerability Scans” lab within the uCertify Pearson CompTIA Cybersecurity Analyst (CySA+) content.
· After Step 20, click the Report button dropdown and choose HTML.
· In the “Generate HTML Report” dialog, click the Generate Report button.
· Open the report from the browser’s download bar at the bottom of the screen.
· Click the Show Details button.
· Take a full window screenshot that includes the date/time of the report and the date/time area of the VM’s taskbar. Refer to the example below.
Note: This portion of the background paper also helps determine that your submission is unique. Thus, you must include the specific screenshot as seen below or your project will not be accepted.
|
Part 2: The Business Case
|
Keep these issues in mind as you address the two questions below:
· Think back to the video from Mercury USA’s CEO. What were his main areas of concern?
· What is the industry/function of the organization?
· What kinds of data might be important to the organization?
|
What is your assessment of the Mercury USA’s overall current security posture? What information in the vulnerability scans supports your assessment?
Based on the vulnerabilities present in the reports and the information available about them, what threats might an adversary or black hat hacker try to use against the organization to exfiltrate data or hold it for ransom?
Part 3: Nessus Purchase Recommendation
State your case for your recommendation of the Nessus commercial vulnerability scanner. Be sure to address the following questions:
· Do you think the overall presentation and scoring features are adequate for technical professionals?
· How can this tool help Mercury USA comply with regulatory and standards requirements?
· What is the cost to license the tool? Does the usability, support, and efficacy of the tool warrant the cost?
· Do you think the Nessus report is understandable/suitable for management? Explain why or why not.
· Would you recommend that Mercury USA purchase the tool? Provide your rationale for this recommendation.
Conclusion
Provide a conclusion of at least a paragraph summarizing your analysis of the Nessus vulnerability report, your purchase recommendation, and why your purchase recommendation is beneficial for employees, management, and the organization.
References
Use in-text citations in the body of your memorandum as appropriate. Add all sources you used here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for clarification. When using the associated course content, ensure you cite to the chapter level. An example IEEE citation is provided below for your reference.
[1] “Chapter 5: Implementing an Information Security Vulnerability Management Process”, Pearson CompTIA Cybersecurity Analyst (CySA+), 2020. [Online]. Available:
https://www.ucertify.com/
. [Accessed: 28- Apr- 2020].
