Instructions
The purpose of this homework assignment is to allow you to review the vulnerability life cycle and explain the different types of disclosure to mitigate different risk factors. You will identify risks that attacks, vulnerabilities, malicious code phishing, underground economies, and spam have on organizations.
You will look at the risks caused by the Zero Day Initiative, HTTP Client versus Server Side attacks, Malicious JavaScript, PHP Remote File Include, botnets, and PDF attacks on organizations. You will also look at the practices of vulnerability management to prevent threats from old or previously performed attacks on known vulnerabilities within the seven domains of a typical IT infrastructure.
Participate in each section of the homework assignment and follow the instructions for the exercises in each section. You will use a text document to develop your homework assignment by completing the sections listed below:
Lab 4.1a
Review the following scenario:
Your organization is a governmental agency that serves a vital role in homeland security functions. In fact, your hiring took longer than you would have liked because it seemed as though the organization’s managers wanted to know a lot about you before they gave you clearance to work. After a year at the job, your manager feels your progress has come a long way, so she is giving you more responsibility and has asked you to analyze the benefits of reporting risks, threats, and vulnerabilities in an IT assessment that is under way.
Your manager would like you to conduct research and report your findings about the type of vulnerabilities that require disclosure and when it is lawful or unlawful to conceal information produced by vulnerability assessments. She would also like you to include some trends on current security threats and the types of responsible disclosure being performed by other organizations.
Launch your web browser and navigate to the following website:https://www.sans.org/reading-room/whitepapers/threats/define-responsible-disclosure-932.
Open the PDF article. Read about the following topics:
- Vulnerability Life Cycle
- Types of Disclosure
- Nondisclosure
- Full Disclosure
- Limited Disclosure
- Responsible Disclosure
- Existing Policies and Proposals
In your document, note one relevant point about each section.
Lab 4.1b
Launch your web browser and navigate to the following website:https://www.insight.com/content/dam/insight-web/en_US/pdfs/symantec/istr-21-2016-government-en.pdf
Review the Highlights section of the document “Symantec Global Internet Security Threat Report” that discusses the main concepts in each section. Then, review the following topics in the document:
- Threat Activity Trends
- Vulnerability Trends
- Spam and Fraud Activity Trends
In your document, note one relevant point about each section.
Lab 4.1c
Launch your web browser and navigate to the following website:http://www.zerodayinitiative.com/advisories/published/
Review some of the links on the page provided by the respected security experts at TippingPoint DVLabs and others.
Research other available resources (e.g., Internet resources, your textbook) to validate how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance.
In your text document, explain how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance.
Lab 4.2
In your document, write an executive summary describing how security assessments throughout the seven domains of a typical IT infrastructure can help organizations achieve compliance by mitigating risks and threats. Please cite at least one resource in your executive summary.
Submit the document to your instructor as a deliverable for this lab.
NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 4.1a, Lab 4.1b, Lab 4.1c, and Lab 4.2 within your submission by labeling those sections within your assignment.
Your homework assignment should be a minimum of two pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.
Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.