See attached
CYB 240 Project One Guidelines and Rubric Vulnerability Summary Report CYB 240 Project One Guidelines and Rubric Vulnerability Summary Report Overview When you perform new system-wide hardware or software updates, it’s a good idea to run a vulnerability scan. Reading vulnerability scan reports is an important skill for you as a cybersecurity analyst. Interpreting and prioritizing what is important to the organization will be a key part of your role. You will get to practice these skills in this project by creating a vulnerability summary report. The project incorporates one milestone, which will be submitted in Module Four. The project will be submitted in Module Six. In this assignment, you will demonstrate your mastery of the following competencies: ● CYB-240-01: Identify and troubleshoot deficiencies related to web application security ● CYB-240-03: Identify and troubleshoot deficiencies related to tiered web application security Scenario You are a cybersecurity analyst and work for an IT company that is having issues with its computer systems. The company has supplied you with vulnerability analysis scan (OpenVAS) reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains both Windows and Linux components. Prompt You must address the critical elements listed below in your vulnerability summary report. The codes shown in brackets indicate the course competency to which each critical element is aligned. I. Server: Select a server-related vulnerability from the vulnerability analysis report. For the selected vulnerability: A. Briefly describe the risk posed by the vulnerability. [CYB-240-01] B. Summarize one other incident this vulnerability has caused in the industry. [CYB-240-01] C. Provide evidence of successful remediation of the vulnerability (e.g., screenshot of successful software upgrade, vulnerability analysis report, or failed Metasploit attack). [CYB-240-01] 1 II. Other tier: Select a non-server-related vulnerability from the vulnerability analysis report. For the selected vulnerability: A. Briefly describe the risk posed by the vulnerability. [CYB-240-03] B. Summarize one other incident this vulnerability has caused in the industry. [CYB-240-03] C. Provide evidence of successful remediation of the vulnerability (e.g., screenshot of successful software upgrade, vulnerability analysis report, or failed Metasploit attack). [CYB-240-03] Project One Rubric Guidelines for Submission: Your submission should be 2–3 pages in length and should be written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Include at least two references, which should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Server: Risk [CYB-240-01] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Briefly describes the risk posed by the vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Server: Other Incident [CYB-240-01] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Summarizes one other incident this vulnerability has caused in the industry Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Server: Evidence of Successful Remediation [CYB-240-01] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Provides evidence of successful remediation of the identified vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Other Tier: Risk [CYB-240-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Briefly describes the risk posed by the vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Other Tier: Other Incident [CYB-240-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Summarizes one other incident this vulnerability has caused in the industry Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Other Tier: Evidence of Successful Remediation [CYB-240-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Provides evidence of successful remediation of the identified vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Articulation of Response Submission is free of errors related to grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to grammar, spelling, or organization Submission has some errors related to grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 3 CYB 240 Project One Guidelines and Rubric Vulnerability Summary Report Overview Scenario Prompt Project One Rubric CYB 240 Project Two Scenario One You are a newly hired analyst for a health insurance company with a central office and several satellite offices. The central office administers all back-end servers and pushes out all communications to satellite offices via a web interface. The organization has requested a security analyst be part of a new web application development from the start of the project to advise on possible security risks. The application is used as an interface with the patient information system, and it is used by internal employees only. A member of the IT team has reviewed the design documents for the new development project, and has provided the following list of system specifications: ● Three-tiered system: ○ MySQL Database Current system specifications: ■ Proper authentication to access data in table ■ Communication with transaction server done through PHP ○ Microsoft Transaction Server Current system specifications: ■ Transaction server has administrative access to MySQL database ■ Communication to the database is done over company network ■ Communication to the web server front end is done over the internet ■ Components sent to web server front end are in XML format with weak metadata ■ Transactions sent to web server are unencrypted and 1-1 (not batched) ○ Web Server Front End Current system specifications: ■ Data displayed on webpages is in clear text using HTTP protocols ■ Log-on access to web server is via client-side scripting