Remember to be clear about what action you are recommending. Executive management will want to understand not only what you discovered, but also what you propose as a solution. The company’s leaders...

instructions included in the word doc. follow the template


Remember to be clear about what action you are recommending. Executive management will want to understand not only what you discovered, but also what you propose as a solution. The company’s leaders will want to know what decisions they need to make based on your findings. Give them the actionable information they need to decide. You may want to review these presentation resources to help you with your narrated presentation. You will provide voice annotation for all slides in the following format:  · five to 10 slides maximum; limit bullets to no more than six per slide · voice annotation for every slide (excluding the reference slide). (Put side notes here for me instead of the voice notation) · a reference slide with one to two quality sources PowerPoint Presentation CMIT 421

July 6, 2020 Good morning. My name is . I work in the MERCURY USA Information Security and Technology Department as a cyber threat analyst. Today, I’ll be presenting our proposal to address the CEO’s mandate to protect the organization from dangerous ransomware attacks. Let’s get started. 1 AGENDA 2 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! Tell your audience what you intend to cover in your proposal. This is the PURPOSE of your communication! You should cover the three areas enumerated in the Project 3 instructions. Ensure you link your main points to your earlier work in Project #1 and Project #2. Although three main points is considered ideal, use less or more to fit your project; four main points are shown here for example purposes only. The three projects should be consistent and aligned with Judy “Mac” McNamara’s guidance. 2 Main Point #1 Main Point #2 Main Point #3 Main Point #4 1: OUR BUSINESS CASE 3 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! What are the important factors about the business? What is the CEO’s intent and guidance? How do the first two items relate to the next slides? Example sub-bullet #1 Example sub-bullet #2 Example sub-bullet #3 This is main point #1. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words. This is known as the 6 x 6 rule of presenting. On this slide, you should cover the business case. Think of this as the value to the business that will result from your recommendations.  How does your recommendation meet the CEO’s direction and intent? Tell your audience members the what, why, how, and who so that they can make an informed decision about your proposal. If you do not cover these areas adequately, you may not get a decision, you may get a negative decision, or you may be told to come back after you’ve done your due diligence. 3 2: OUR SECURITY POSTURE 4 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! What are the most important vulnerabilities discovered? What is our exposure to known threats? How did you link the results to the business? Transportation industry hit hard by ransomware attacks Example #1: Use your findings and conduct research [1] Example #2: Use your findings and conduct research This is main point #2. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words. This is known as the 6 x 6 rule of presenting. What vulnerabilities did you find in your analysis? What are the most important to tell the CEO about? Why are the vulnerabilities you selected important to the business? Ensure you explain in plain language, not technical jargon or cyber-speak. What are the threats that you see to the business given the scenario? Now consider this simple equation from the uCertify content: risk = threat x vulnerability x impact  Use the equation to effectively explain your findings.    If you find yourself struggling to quantify a vulnerability, return to this equation. Are there identified and specific threats to MERCURY USA? Avoid generic threats and using fear as a motivator. Is there a vulnerability from your analysis that can be linked to the specific threat? What is the potential impact in not addressing the threat (e.g., cost, reputational, loss of jobs, damage to hardware and software, etc.).  4 James Brocker (JB) - [@Andrew Rider] [@Jessica McCarty] Not sure I understand the first bullet point. Looks like something is missing. James Brocker (JB) - [@John Galliano] Can you review? John Galliano (JG) - Sorry for that, Team. Looks like a stray-click & delete. Fixed! 3: OUR VM PROCESS 5 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! This is main point #3. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words. This is known as the 6 x 6 rule of presenting. This slide includes an example graphic. 5 A B C D E F 4A: WE NEED A GOOD SCANNER 6 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! Reviewed scanners is recommended due to several factors Sub-bullet #1 Sub-bullet #2 Sub-bullet #3 Sub-bullet #4 This is main point #4. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words. This is known as the 6 x 6 rule of presenting. Provide your logic in recommending a scanning tool. What process did you use to evaluate the scanning tools? What tool are you recommending? Provide at least three sub-bullets to support your recommendation. 6 4B: THE ASK 7 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! Lead-in bullet Sub-bullet #1 Purchase : Cost Manpower Measures of success This is main point #4 continued. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words. This is known as the 6 x 6 rule of presenting. Now give the specifics of your ask to the executive decision maker. What are you asking for? How much will it cost? Who will implement it, and will additional manpower be required? What about training? How will you measure success? 7 SUMMARY 8 Logistics through innovation, dedication, and technology – MERCURY USA Delivers! Main Point 1 Main Point 2 Main Point 3 Main Point 4 This is your summary and your last opportunity to connect with your audience. Do not merely repeat your agenda topics. Add one to two important details about each main point to review for your audience. Ensure you re-state why you are giving this pitch: What is the decision you want? What is/are the main takeaway(s)? 8 EXECUTIVE DISCUSSION & QUESTIONS The obligatory questions slide. In this scenario, it is highly likely for open discussion to occur among the executives present and other stakeholders, and you will field questions. A narration for this slide is not required. 9 [1] A. Greenberg, "The Untold Story of NotPetya, the Most Devastating Cyberattack in History", Wired, 2020. [Online]. Available: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. [Accessed: 19- May- 2020]. [2] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: https://www.tenable.com/products/nessus. [Accessed: 19- May- 2020]. REFERENCES 10 The example above uses IEEE style. Ask your instructor for clarification on the style to be used. A narration for this slide is not required. 10 Vulnerability Management Process Memo MEMO 03/09/2021 Abdulaziz Mohamed CMIT 421 6980 Dear Manager, Overview This memorandum aims at recommending vulnerability management process best suitable for Mercury, USA. It is divided into three parts. First, the process itself is summarized with its main elements. Second, the vulnerability scanning tool is recommended specifically for Mercury and transport sector. The third part discusses a problem which may occur in the company if the recommendation is not implemented and how the recommended tool serves as the best solution for to overcome the problem. Part 1: Vulnerability Management (VM) Process Recommendation Mercury USA offers extensive rail, truck, ocean and barge freight operations including freight contracts, etc. VM process recommended for the company shall include the main stages of scanning, prioritizing and remediating. The main elements of VM process for Mercury shall include asset management, patch management, vulnerability scanning, penetration testing, vulnerability assessment, metrics, tracking and reporting. The scope of recommended VM process shall include security of all physical and virtual assets of all the business operations of Mercury. The assets shall be identified using vulnerability scanner. It will identify different systems running on Mercury’s network such as servers, databases, desktops, switches, firewalls, peripheral devices, etc. These assets will be probed for their operating systems, software, ports, user accounts, file system, etc. This information shall be used to relate known vulnerability to the scanned systems. For running this association, the scanner shall use vulnerability database in which vulnerabilities enlisted in it which are publicly known. Some of the tools are OpenVAS (Rahalkar, 2019), W3AF (Qianqian, 2014), Nikto2 (Agashe, 2008), Nmap (Orebaugh, 2008). Open VAS offers authenticated testing, unauthenticated testing, industrial protocols, performance tuning for large scale scan of Mercury, USA. W3AF stands for Web Application Attack and Audit Framework. This scanning tool shall exploit all vulnerabilities of web applications of Mercury. Nikto2 is a web server scanner which shall perform web scanning on files, programs, different server versions and identify specific problems on Mercury’s servers. Nmap security scanner shall scan network inventory, monitor hosts uptime and manage service upgrade for Mercury. If Mercury has never done a vulnerability scan, then an unauthenticated scanning is recommended at a frequency of once every month. The frequency may be reduced later to match the policies and risk tolerance. The results for Mercury’s scanned report shall have date of discovery of the vulnerability, its score, its impact on Mercury’s network and the countermeasures for the identified vulnerability. Part 2: Vulnerability Scanning Tool Evaluation and Recommendations The scanner used to produce the report is OpenVAS. It is an open-source tool. The tool is industry standard since it offers services for large-scale scanning. It has certain advantages such as it is free, it covers 26000 vulnerabilities exposure coverage. The company Greenbone offers tutorials to understand the usage of the tool. It has a can engine which is updated regularly. It is the most used tool among small and medium enterprises. However, OpenVAS offers less OS supportability, covers few CVEs and has no policy management. The tool is popular for its accuracy in results and finding more vulnerabilities. It offers complete list of patch on OS. The report usually includes summary sheet and a sheet per vulnerability containing its details and the list of hosts that are impacted by it. This individual sheet for each vulnerability shall help the analyst in discerning critical vulnerabilities. Mitigations are appropriately covered. The analyst should not distribute the