Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
Project 2: Risk AssessmentStart Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this information to develop a risk assessment plan. This plan should consider the perspectives of owners, shareholders, employees, policy makers, suppliers, and customers. In this project, “Risk Assessment,” use the previous findings from Project 1, “Vulnerability and Threat Assessment Report,” to recommend an action plan for the risk assessment assigned in this project. The final assignment is a five- to seven-page review or summary of the risk assessment. Note that this is not a complete risk management report, but a “what if” report outlining potentials in both attacks and possible responses. For this particular project, grades are based on the ability to clearly and accurately assess policies, processes, and technologies to identify and assess risk and articulate effective mitigation strategies to achieve the appropriate security needed for the enterprise. This is the second of four sequential projects. There are 12 steps in this project. Begin below to review the project scenario. Transcript Competencies Your work will be evaluated using the competencies listed below. 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks. 9.3: Risk Assessment: Assess policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks and to manage mitigation strategies that achieve the security needed. Project 2: Risk Assessment Step 1: Review the Risk Management Framework As the first step in preparing the risk assessment, review the risk management implementation framework and the risk management technologies that you might use in your assessment. In the subsequent sections of this project, you will write a risk assessment summary report that can be used in addressing cybersecurity threats through risk management. When this first step is complete, move to the next step, where you will create a list of vulnerable assets Step 2: Document Vulnerable Assets In the opening step, you considered the risk management implementation framework and the risk management technologies you might use. Now, it’s time to list the organization’s vulnerable assets. In order to conduct effective information risk management, the vulnerabilities of the system must be understood and documented prior to starting the assessment, regardless of which of the risk assessment approaches is used. Begin by conducting a thorough review of the recently completed Vulnerability and Threat Assessment report. During the review, pay particular attention to which security risks to information systems that might be relevant and consider varying types of risk assessment and analysis. Using the Vulnerable Assets Template, identify and create a list of assets considered vulnerable. This is a simple list, not prioritized, not valued, simply identified, but complete. Pay particular attention to application software in both the acquisition and implementation phases. This list of vulnerable assets will also be used during the next step. Submit the completed list of vulnerable assets for feedback. Submission for Project 2: Vulnerable Asset List Previous submissions 0 Top of Form Drop files here, or click below. Add Files Bottom of Form In the next step, you will take the vulnerable assets and use them to identify specific internal and external threats. Step 3: Review the Vulnerable Assets List In the previous step, a list of vulnerable assets was compiled from the Vulnerability and Threat Report in the previous project. Now, incorporate any feedback from the previous step and identify specific cybersecurity threats, including network access risk by devices to those assets. Again, the Vulnerability and Threat Assessment final report is the starting point to fulfill this step in the Risk Assessment. Compiling a complete list of threats and vulnerabilities will act as a comprehensive review of your vulnerability assessment as well as potentially expand the list, now that you have greater input and a second look at your previous results. Step 4: Document Internal and External Threats You’ve reviewed the list of vulnerable assets, and in this step, you will document threats. Recall that a threat is any event, action, or factor that has the potential to cause damage to the enterprise. Threats can come from a variety of sources, including people (a hacker stealing employee passwords) and natural events (a power blackout causing data loss). Use the Internal and External Threats Template to add all threats and vulnerabilities—internal and external to the enterprise—and tie them to the itemized assets that will be affected. Note that external threats will include a comprehensive review by device type at network access, both direct and indirect, a view of the social media landscape as a threat. Submit the itemized list of threats for feedback. Submission for Project 2: Internal and External Threats List Previous submissions 0 Top of Form Drop files here, or click below. Add Files Bottom of Form In the next step, you will conduct research and report on inputs for threats and vulnerabilities. Step 5: Research Relevant Environmental Factors This step continues to build on the internal and external threats as itemized in the previous step by researching relevant external inputs. Since cybersecurity is a complex and multifaceted endeavor, an effective analysis of threats includes consideration of the threat landscape inherent within the context in which the enterprise operates. Researching how the external context and environment contribute to threats and vulnerabilities is critical because no company or industry is an island, particularly as it pertains to cybersecurity. The very nature of cybersecurity is hyperconnectivity—across companies within the same industry and across industries with similar information demands. Be sure to seek external input into the particular situation, specific threats and vulnerabilities, best practices, regulatory factors, government policy issues, previous industry issues, etc. Conduct thorough research in the industry and related industries about previous actions and activities that could affect your company. When the research is complete, you will use it in the next step to create a list of external threats and vulnerabilities. Step 6: Describe External/Environmental Inputs to Threats and Vulnerabilities Using your research from the previous step, create a list of external industry sources and best practices that might apply. Include one or two sentences for each input, commenting on why you think it would add value to your Risk Assessment. Submit your list of external inputs of threats and vulnerabilities for feedback. Submission for Project 2: External Inputs of Threats and Vulnerabilities Previous submissions 0 Top of Form Drop files here, or click below. Add Files Bottom of Form Next, you will identify potential and actual business impacts. Step 7: Identify Business Impacts and Probabilities Remember, cyber risk management and compliance is not just about the technology. It is also about the impact people, policies, and processes can have on the financial results of the company. After the previous step, in which you created a list of threats and vulnerabilities, now it’s important to consider the effects on business as part of risk assessment. Each enterprise must identify and address its own unique threat issues because the most obvious threats are not always the most dangerous ones. Many common threats, such as fire, are already mitigated to a high degree through local building codes and modern infrastructure redundancies. These might not require any further action. However, obscure threats, such as disruptive actions taken by a malicious insider, may be completely unmitigated. Any risk assessment should include a view of the business impact should an identified threat become a reality. Also consider the likelihood of occurrence for each threat so the list can be prioritized and appropriately managed. For this step, use the external inputs of threats and vulnerabilities compiled in the previous step to consider the business (monetary) impact of any realized threats and the prioritization of these threats by potential impact to the enterprise. In the next step, you will create a list of the business impacts. Step 8: List Business Impacts and Probabilities You identified the potential financial impacts should identified threats become realities in the last step. Here, use your findings to complete the Business Impacts and Probabilities Matrix, listing each identified threat and the risk, the probability, and a potential mitigation to include all policies, processes, and technologies to be used in formulation of financially and logistically sound mitigation strategy. After you’ve completed this step, you will document and prioritize risk responses. Submit your Business Impacts and Probabilities Matrix for feedback. Submission for Project 2: Business Impacts and Probabilities Matrix Previous submissions 0 Top of Form Drop files here, or click below. Bottom of Form Step 9: Consider Risk Response Strategies Now that you have developed a comprehensive list of potential risks with probabilities and potential business impact, it is time to consider possible risk response strategies for these risks. In the next step, you will document and prioritize risk responses. Step 10: Document and Prioritize Risk Responses In this step, you will prioritize your selected risk responses from the last step based on several factors: The economic impact to the organization should the assessed risk occur. The likelihood (probability) of an event that would activate the risk. The arrangement of assets ranked by priority based on the highest value of the following formula: (economic impact) X (probability) = risk Risk Formula Use the Prioritized Risks and Response Matrix template to submit your findings for feedback. Submission for Project 2: Prioritized Risks and Response Matrix Previous submissions 0 Top of Form Drop files here, or click below. Add Files Bottom of Form After this process, you will be ready for the final step, the risk assessment summary report. Step 11: Compile Your Work Up to This Point You’ve prioritized your list of risk responses. It’s time to take a look at everything compiled so far for the Risk Assessment Summary Report. Keep in mind that a full risk management report is an intensive team endeavor that takes considerable time and resources to create. Remember that Maria has not tasked you with generating a full risk management report; rather, she has asked you to write a brief “what if” report outlining potentials in both attacks and possible responses. In this step, take some time to review, make any updates, and compile your risk findings up to this point in preparation for creating the final report in the next step. Step 12: Write the Risk Assessment Summary Report Throughout this project, the necessary information has been assembled to provide your boss Maria with a risk assessment so that she may begin developing a long-term risk management strategy. This final step is compiling that information into a cogent “summary report” for presentation to company executives. This report will summarize the Vulnerability and Threat Assessment with the addition of the Risk Assessment just completed. It is critical to provide recommendations to help the organization implement effective information risk management practices. Use findings in the previous steps to recommend risk management strategies such as least privilege, separation of duties, mandatory vacation, risk management technologies, and others you have found appropriate. Remember, the recommendations included in the report should address all aspects of the research—business, economic, and technical reasoning for the conclusions. Follow these Final Risk Assessment Summary Report requirements while writing the final risk assessment summary. Check Your Evaluation Criteria Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title. 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks. 9.3: Risk Assessment: Assess policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks and to manage mitigation strategies that achieve the security needed. Submission for Project 2: Risk Assessment Summary Report Previous submissions 0 Top of Form Drop files here, or click below. Bottom of Form
Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
Prioritized Risks and Response Matrix In this step, you will add a final column to your existing threat/asset table that demonstrates a potential response to a breach. In addition, add a column showing prioritization of these responses. Asset Threat Risk Probability Mitigation Strategies Potential Response Prioritization of Responses Note: You can add more rows to the bottom of the table if needed.
Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
Business Impacts and Probabilities Matrix Paste your findings on vulnerable assets and threats into this table, and add the risk, the probability, and potential mitigation strategies. Your mitigation strategies should include all policies, processes, and technologies that can be used. Asset Threat Risk Probability Mitigation Strategies Note: You can add more rows to the bottom of the table if needed.
Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
Final Risk Assessment Summary Report Template Your CIO, Maria Sosa, has asked you to write a “what if” report outlining risks and responses. Final Risk Assessment Summary Report (five- to seven-page report using this template: Step 13). This report should include the following components: Title Page Include: for whom you are preparing the document, the title, the date prepared, and your name as the preparer of the document Executive Summary Include:  the purpose of the report, intended audience, and an explanation of the importance of risk assessment relevant external/environmental factors (from Step 6) Prioritized Risks and Response Matrix (table from Step 8) Recommended Risk Management Strategies and Technologies (one- to two-page narrative, from Step 11) Include: a summary of your Prioritized Risks and Response Matrix the consideration of relevant compliance issues Risk Management Implementation Recommendations (two- to three-page narrative)
Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
Vulnerable Assets Template In this step, list all the vulnerable assets for the enterprise. Note that assets should simply be identified at this stage. Items do not need to be prioritized or assigned values. Pay particular attention to application software in both the acquisition and implementation phases. This initial list should be as comprehensive as possible, even if you don’t keep every item in your final working list of resources to be protected. Vulnerable Assets
Project 2: Risk Assessment Start Here Organizations must stay up-to-date on their vulnerabilities and protection measures. Once vulnerabilities have been evaluated, the organization uses this informat
FINAL VULNERABILITY AND THREAT ASSESSMENT REPORT Maria and Top Executives Vulnerability and Threats Assessment Report Table of Contents Overview 1 Mission-critical aspects of current organizational 2 Personnel 2 Physical security 2 Network security 2 Cybersecurity in the overview 3 Scope of Work 3 Work Breakdown Structure 5 Internal threats 6 External threats 6 Existing security measure 6 Compliance requirements 6 Threats and Vulnerabilities Report 7 Explanation of threats and vulnerabilities 7 Classifications of threats and vulnerabilities 12 Prioritization of threats and vulnerabilities 13 Lessons learned report 14 Network Analysis Tools Report (Appendix A) 15 Vulnerability Assessment Matrix (Appendix B) 17 References 20 Overview This is a threat and vulnerability assessment document that will be presented to the executive-level stakeholders. It contains the mission-critical aspects of the current organization, the scope of work, work breakdown structure, threats, and vulnerabilities report, lessons learned, network tool analysis, and lastly, vulnerability assessment matrix. Mission-critical aspects of current organizational Personnel The company is a Small Medium Enterprise (SME) with sixty-one employees. The company has got thirty employees in the Information Technology department, five employees in each of the following departments, marketing, operations, finance, sales, Human Resources, and Physical security The employees use a badge to access doors within the company. A visitor needs to be accompanied by authorized personnel. The company has a data center that is accessed using a two-way multi-factor authentication by authorized personnel (System Administrator, Network Administrator, and Database Administrator). Visitors who want to access the data center must sign a logbook before accessing the facility. The data center and the office premises have CCTV installed that can retain video for forty-five days. Network security The company has a firewall that checks incoming and outgoing traffic. The network has an Intrusion Detection System / Intrusion Prevention System (IDS/ IPS) that detects and prevents network intrusion. Users can only access the company’s network by logging in using a user’s account. The user account is logged off after fifteen minutes of idleness. Logging onto the company’s network is subject to password policies. The password policies require that a password be more than eight characters and contain letters, numbers, and special symbols. The password should expire after sixty days. Password recently used should not be accepted by the system. Cybersecurity in the overview The company does store and process credit card information online. The company, therefore, complies with Payment Card Industry Data Security Standard (PCI DSS) compliance. The company implements NIST 800-53 security controls such as access control, audit, and accountability, awareness and training, configuration management, incident response, etc. According to Lord (2018), NIST 800-53 is a “set of standards and guidelines to help federal agencies and contractors meet the requirements set by the Federal Information Security Management Act (FISMA).” back-end developers, two Java programmers, five android programmers, one system administrator, one network administrator, one database administrator, one technician, one IT manager, one CISO, one cryptographer, one Information Security Analyst, and one project manager. Scope of Work Currently, the company has security measures such as physical security, network security, and system and application security. The company also stores and processes clients’ credit card information; therefore, it must conform to Payment Card Industry Data Security Standard (PCI DSS) compliance. The vulnerability assessment is to check whether the security measures in place are working as expected, or the information system is susceptible to cyber-attacks and whether the company complies with PCI DSS compliance. Goals of the agreement We will perform vulnerability assessments on the network, physical security, and web application. This will entail penetration testing. According to Porup (2020), penetration testing is “a simulated cyber-attack where professional, ethical hackers break into corporate networks to find weaknesses before attackers do.” What we will be testing are: Is the firewall secure and updated? Are the firewall, router, switches, and other network devices adequately configured? Is the network segmented to facilitate security? Is the software system updated to the latest security patches? Are all unused ports on the network closed? Does the network allow the use of discovery protocol? Are the offices secured, and how can you access them? Does the company comply with PCI DSS compliance? How secured is the data center? Is the web application behind a web app firewall? Can the web application allow cross-site scripting? Can the database allow SQL injection? Does the company use endpoint security solutions such as antivirus, antimalware software, etc.? How well are employees trained regarding cybersecurity? Deliverables After the vulnerability assessment, what will be delivered is a report on the findings and recommendations on how to improve the company’s security, e.g., physical, information system security, etc. Timeline The vulnerability assessment will take one month to complete. Work Breakdown Structure We have attached the spreadsheet with internal and external threats, existing security measures, and compliance requirements. Internal threats The following are internal threats: fire, theft and burglary, vandalism, opened ports, unpatched software, and granting of excess privileges. Threat and burglary and vandalism can be categorized as an internal threat or external threat. External threats The following are external threats: terrorism, natural disasters, man-in-the-middle attack, Distributed Denial of Service (DDoS), malware, spyware, ransomware, phishing, rootkit, botnet, and SQL injection. Existing security measure Currently, the organization has a firewall that checks incoming and outgoing traffic. The network also has an Intrusion Detection / Intrusion Prevention System and antivirus software. The web is accessed using user Id. Password needs to be more than eight characters, and the characters are numbers, letters, and special symbols. Compliance requirements The company complies with PCI DSS compliance since it performs transactions online. Threats and Vulnerabilities Report Explanation of threats and vulnerabilities Physical security In the physical security, we had identified theft and burglary, terrorism, natural disasters, vandalism, and internal threats such as fire, etc. Theft and burglary According to Reed (2017), theft is taking someone’s property without their permission. An employee or a visitor can enter the organization’s premises and steal laptops etc. Burglary on the other hand is entering into someone’s property without his/her permission with the intent of committing a crime (Reed, 2017). Terrorism FBI defines terrorism as “violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations.” Terrorism can be bombing the organization’s premises, cutting power supply using EMP attack, etc. Natural disasters Natural disasters are natural occurrences such as earthquakes, tornadoes, avalanches, lightning, etc. The organization premise can be affected by earthquakes etc. Vandalism Reed (2017) defines vandalism as “any activity that involves the deliberate destruction, damage, or defacement of public or private property.” An unsatisfied employee can vandalize the company’s property, e.g., network cables, etc. Internal threats Internal threat and vulnerability assessment found that users stored passwords on their desktops. Common ways for an attacker to exploit and gain access to a network is through trusting employees There are several internal threats such as humidity in the data center, unstable power supply, fire, etc. Once inside the system, the intruder can access privileged information, insert malicious software or erase the entire database causing great harm to the company Network security In the network security, we had identified malware and viruses, spyware, ransomware attacks, phishing, denial of services (DoS) and Distributed Denial of Services (DDoS), rootkit, man-in-the-middle attack, opened ports, and botnets. Malware and viruses According to Fruhlinger (2019), malware is malicious software, and it incorporates all malicious programs such as viruses, Trojans, worms, etc. Fruhlinger (2019) defines a virus as a “piece of computer code that inserts itself within the code of another standalone program, then forces that program to take malicious action and spread itself.” Spyware Fruhlinger (2019) gives defines spyware as the same provided by Webroot Cybersecurity as “malware used to gather data on an unsuspecting user secretly.” Spyware can spy on you by using a keylogger that gathers data about keystrokes that you type and also steal passwords. Ransomware attacks Fruhlinger (2019) defines ransomware as malware that encrypts your data, and the attacker demands payment to decrypt the data. Phishing According to Vos (2020), phishing is where an attacker collects personal information from an unsuspecting user through an email link or a website that appears to originate from a legitimate organization. DoS / DDoS According to Vos (2020), a DDoS is when the network is overwhelmed with traffic making it hard for users to access crucial applications. Rootkit Vos (2020) defines rootkit as “computer software that is designed to give the attackers unauthorized remote access to your computers and network.” Man-in-the-middle attack Vos (2020) defines a man-in-middle attack as an attack where an attacker intercepts communication on the network and can alter the communication. Opened ports Opened ports are ports that are not in use, and an attacker can use them to inject malware into your system. Botnet According to Wright, Lutkevich, and Hanna (2021), a botnet is a “collection of internet-connected devices, which may include personal computers, servers, mobile devices and Internet of Things (IoT) devices that are infected and controlled by a common type of malware, often unbeknownst to their owner.” The controlled computers are known as zombies, and an attacker gives them commands. System and application security In the system and application security, we have the following threats and vulnerabilities: viruses, SQL injection, unpatched security vulnerabilities, and granting of excess privileges. SQL injection SQL injection is when a user injects SQL queries using a web interface that will maliciously manipulate the data, e.g., deleting a table, etc. Unpatched security vulnerabilities We need to update applications with the latest security patches to curb security issues that were in previous versions. Granting of excess privileges Giving users of the database excess privileges is a mistake. Users need to be granted the most negligible benefits and rights increased with roles. Threat modeling process According to Fruhlinger (2020), a threat modeling process is a “structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attacks and protect IT resources.” There are several threat modeling processes: STRIDE, PASTA, DREAD, NIST, Trike, OCTAVE, and VAST (Fruhlinger, 2020). We will use the STRIDE threat model. STRIDE stands for Spoofing, Identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service, and Elevation of privileges (Donovan, 2021). Donovan (2021) states that STRIDE can be used to spot threats when designing an app or a system. STRIDE aims to ensure the Confidential, Integrity, and Availability (CIA) of a system (Donovan, 2021). Third-party outsourcing issues Currently, the company is using its local servers for data storage, but it intends to outsource several services such as data storage, internet-based applications, etc., due to growth. Outsourcing brings about several issues such as information security and data privacy, business continuity, etc., while outsourcing we will ensure that the service provider can recover from disasters and that they comply with regulations and standards such as HIPAA, PCI DSS, Cloud Security Alliance (CSA), among others. Classifications of threats and vulnerabilities Threat According to Muscat (2019), threats refer to “cybersecurity circumstances or events with the potential to cause harm by way of their outcome.” Vulnerability Muscat (2019) defines vulnerability as “weaknesses in a system.” The following table classifies the threats and vulnerabilities Threats Vulnerabilities Theft and burglary Opened ports terrorism Unpatched software Natural disaster vandalism Internal threats, e.g., fire, etc. Man-in-middle Distributed Denial of Service Malware spyware Ransomware Phishing Rootkit Botnet SQL injection Granting of excess privileges The classification of threats and vulnerabilities is vital because threats can cause damage to our system and organization’s reputation, whereas vulnerabilities point out what needs to be done to prevent hazards. Prioritization of threats and vulnerabilities Internal threats The following are internal threats: fire, theft and burglary, vandalism, opened ports, unpatched software, and granting of excess privileges. Threat and burglary and vandalism can be categorized as an internal threat or external threat. External threats The following are external threats: terrorism, natural disasters, man-in-the-middle attack, Distributed Denial of Service (DDoS), malware. Spyware, ransomware, phishing, rootkit, botnet, and SQL injection. Lessons learned report Record findings We found that a lot of software is not up-to-date, e.g., Android Studio for developing android programs and IntelliJ IDEA for developing Java programs. We also found that specific ports were opened. We found that our database needs to be optimized further since it has a slow response time. Nontechnical factors to be considered It is essential to include all stakeholders in a vulnerability assessment since the security of the network, applications, etc., is a company effort, not a department effort. The point at which the assessment is complete The vulnerability assessment is complete when we create a remediation process and mitigation plan (Stankovic, 2021). Truth be told, vulnerability assessment is a continuous process, and the company needs to perform vulnerability assessment from time to time. Next steps The next step will be to interpret the scan results. The tools used will prioritize vulnerabilities, but specific vulnerabilities will have higher precedence. For example, network vulnerability should have a high priority compared to an application vulnerability. After interpreting the results, we will come up with a remediation process and mitigation plan. Network Analysis Tools Report (Appendix A) The following are the tools that we will use. Netsparker According to Mangat (2020), Netsparker is a tool used to find vulnerabilities in a web application. The difference between netsparker and other web application tools such as Nikto2 is that Netsparker offers ways of remediating the vulnerabilities found. OpenVAS According to Mangat (2020), OpenVAS is a “vulnerability scanning tool that supports large-scale scans which are suitable for organizations.” Mangat (2020) says that OpenVAS is used to scan Operating Systems, web servers, web applications, networks, databases, and virtual machines. OpenVAS gives countermeasures that can be implemented to correct the vulnerabilities identified. NMAP Mangat (2020) indicates that NMAP is an open-source networking scanning tool. We will use NMAP to scan for hosts in our network and Operating System discovery. Any intruder can be detected with ease. Kali Linux We also recommend Kali Linux for penetration testing. According to Dobran (2019), Kali Linux offers a “security auditing operating system and toolkit with more than 300 techniques to ensure your site and Linux servers stay safe from attack”. Kali Linux will show vulnerabilities in all areas, e.g., weak passwords, opened ports, new hosts in a network, etc. SolarWinds We will use SolarWinds to monitor our database since monitoring of the database can show available vulnerabilities such as misconfigured disks etc. Vulnerability Assessment Matrix (Appendix B) Threat or Vulnerability Classification Priority(High-Medium-Low) Analysis Tool Used Remediation Plan Theft and burglary Low Ensuring offices are locked when not in use. Ensuring offices are accessed using an access card at all times Revoking access card privileges to terminated employees Terrorism Medium Ensuring the network is secure and all devices are well configured is a start. Ensuring that employees only access sites that are beneficial to the organization Natural disasters Medium Smoke detectors for fire Early detection alert tools for earthquakes etc. To have a proper disaster recovery plan in place where we can bounce back fast after a disaster. vandalism Low Employ security guards to guard the premises day and night. Ensuring the premises is locked, and offices are accessed by authorized personnel using door card badges Malware and Viruses High Endpoint solution, e.g., antivirus, antispyware, etc. Allow automatic scanning of personal computers and devices from time to time. Ensure endpoint solutions are up to date in terms of security patches. Spyware High antispyware Having antispyware in your system. Ensuring the antispyware is up to date when it comes to security patches. Ransomware High Segment your network Have an incident response plan in place Use antivirus and anti-spam solutions Ensure systems are patched phishing High BrandShield anti-phishing Train employees about phishing and the damages done by phishing. Use a Spam filter technology Update systems to the latest security patches. Use web filter to block malicious websites DoS / DDoS High OpenVAS Use anti-DDoS technology Ensure your network is secure Have an incident response plan in place. Rootkit High OpenVAS Ensure your system is patched to the latest security patches. Use antivirus. Perform automatic scans from time to time. Man-in-the-middle attack High NMAP Monitor your network frequently. Ensure your network is secure and devices are well configured. Opened ports High Kali Linux Close all non-used ports. Close all network discovery protocols. Botnet High OpenVAS Blacklist all IPs that originate from suspicious websites Perform packet filtering using a firewall. SQL injection High SolarWinds Ensure data is sanitized and validated before being sent to the database Unpatched software High SUMo Ensure software is up to date. References Dobran, B. (2019, July 3). 35 network security tools you should be using, according to experts. Phoenixnap. https://phoenixnap.com/blog/best-network-security-tools Donovan, F. (2021, January 11). What is STRIDE and how does it anticipate cyberattacks? Security Intelligence. https://securityintelligence.com/articles/what-is-stride-threat-modeling-anticipate-cyberattacks/ FBI. (2021). Terrorism. https://www.fbi.gov/investigate/terrorism Frughlinger, J. (2019, May 17). Malware explained: how to prevent, detect and recover from it. CSO Online. https://www.csoonline.com/article/3295877/what-is-malware-viruses-worms-trojans-and-beyond.html Goldman, J. (2019). How to conduct a vulnerability assessment: 5 steps toward better cybersecurity. EsecurityPlanet. https://www.esecurityplanet.com/networks/how-to-conduct-a-vulnerability-assessment-steps-toward-better-cybersecurity/ Lord, N. (2018). What is NIST SP 800-53? Definition and tips for NIST SP 800-53 compliance. DigitalGurdian. https://digitalguardian.com/blog/what-nist-sp-800-53-definition-and-tips-nist-sp-800-53-compliance Mangat, M, (2020, March 23). 17 best vulnerability assessment scanning tools. Phoenixnap. https://phoenixnap.com/blog/vulnerability-assessment-scanning-tools Mixon, E. (2020). Android OS. Search mobile computing. https://searchmobilecomputing.techtarget.com/definition/Android-OS Muscat, I. (2019). Cyber threats, vulnerabilities, and risks. Acunetix. https://www.acunetix.com/blog/articles/cyber-threats-vulnerabilities-risks/ Porup, J. (2020). 11 penetration testing tools the pros use. Cso Online. https://www.csoonline.com/article/2943524/11-penetration-testing-tools-the-pros-use.html Reed, H. (2017, October 23). 5 most common types of physical security threats. United Lock Smith https://unitedlocksmith.net/blog/5-most-common-types-of-physical-security-threats Stankovic, S. (2021). How to perform a successful network security vulnerability assessment. Purplesec. https://purplesec.us/perform-successful-network-vulnerability-assessment/ Vos, C. (2020). Top 12 network security threats and vulnerabilities. Resolutes. https://www.resolutets.com/network-security-threats-and-vulnerabilities/ Watts, S. (2017). What is threat remediation? Threat remediation explained. Bmc. https://www.bmc.com/blogs/what-is-threat-remediation-threat-remediation-explained/ Wright, R., Lutkevich, B., & Hanna, K. (2021). Botnet. Tech target. https://searchsecurity.techtarget.com/definition/botnet