Security Assesment Report

Security Assesment Report

The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer’s memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer’s memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.

Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.

Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:

• Windows vulnerabilities
• Linux vulnerabilities
• Mac OS vulnerabilities
• SQL PL/SQL, XML and other injections

Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:

1. Explain Windows vulnerabilities and Linux vulnerabilities.
2. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.
3. Explain the motives and methods for intrusion of the MS and Linux operating systems;
4. Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.
5. Describe how and why different corporate and government systems are targets.
6. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

You will provide leadership with a brief overview of vulnerabilities in your SAR.

Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company’s leadership.

Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these non­technical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve.

The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.

Suggested Outline

Abstract

OS Overview

Operating System (OS)

User’s Role in OS.

Kernel and OS Applications.

OS Types.

OS Vulnerabilities

Windows Vulnerabilities

Intrusion Methods.

Linux Vulnerabilities

Intrusion Methods.

MAC Vulnerabilities

Mobile Device Vulnerabilities

Risk

Accepting Risk

Transferring Risk

Mitigating Risk

Eliminating Risk

Security Tools

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

Vulnerability Assessment Methodology

Microsoft Baseline Security Analyzer (MBSA)

OpenVAS

Assessment Tool Comparative Analysis

Similarities.

Differences.

Recommendations

Conclusion

References

National Institute of Standards and Technology (NIST) (2014).Assessing security and privacy

controls in federal information systems and organizations.NIST Special Publication 800-53A Revision 4.Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio…

National Institute of Standards and Technology (NIST) (2010).Guide for applying the risk

management framework to federal information systems.NIST Special Publication 800-37 Revision 1.Retrieved from http://csrc.nist.gov/publications/nistpubs/800-37-…

.

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.

Discount Code: CIPD30

Click ORDER NOW..