Instructions The purpose of this homework assignment is to allow you to review the vulnerability life cycle and explain the different types of disclosure to mitigate different risk factors. You will...

1 answer below »

Instructions

The purpose of this homework assignment is to allow you to review the vulnerability life cycle and explain the different types of disclosure to mitigate different risk factors. You will identify risks that attacks, vulnerabilities, malicious code phishing, underground economies, and spam have on organizations.


You will look at the risks caused by the Zero Day Initiative, HTTP Client versus Server Side attacks, Malicious JavaScript, PHP Remote File Include, botnets, and PDF attacks on organizations. You will also look at the practices of vulnerability management to prevent threats from old or previously performed attacks on known vulnerabilities within the seven domains of a typical IT infrastructure.


Participate in each section of the homework assignment and follow the instructions for the exercises in each section. You will use a text document to develop your homework assignment by completing the sections listed below:



Lab 4.1a


Review the following scenario:




Your organization is a governmental agency that serves a vital role in homeland security functions. In fact, your hiring took longer than you would have liked because it seemed as though the organization’s managers wanted to know a lot about you before they gave you clearance to work. After a year at the job, your manager feels your progress has come a long way, so she is giving you more responsibility and has asked you to analyze the benefits of reporting risks, threats, and vulnerabilities in an IT assessment that is under way.




Your manager would like you to conduct research and report your findings about the type of vulnerabilities that require disclosure and when it is lawful or unlawful to conceal information produced by vulnerability assessments. She would also like you to include some trends on current security threats and the types of responsible disclosure being performed by other organizations.



Launch your web browser and navigate to the following website:https://www.sans.org/reading-room/whitepapers/threats/define-responsible-disclosure-932.


Open the PDF article. Read about the following topics:



  • Vulnerability Life Cycle

  • Types of Disclosure

  • Nondisclosure

  • Full Disclosure

  • Limited Disclosure

  • Responsible Disclosure

  • Existing Policies and Proposals


In your document, note one relevant point about each section.



Lab 4.1b


Launch your web browser and navigate to the following website:https://www.insight.com/content/dam/insight-web/en_US/pdfs/symantec/istr-21-2016-government-en.pdf


Review the Highlights section of the document “Symantec Global Internet Security Threat Report” that discusses the main concepts in each section. Then, review the following topics in the document:



  • Threat Activity Trends

  • Vulnerability Trends

  • Spam and Fraud Activity Trends


In your document, note one relevant point about each section.



Lab 4.1c


Launch your web browser and navigate to the following website:http://www.zerodayinitiative.com/advisories/published/


Review some of the links on the page provided by the respected security experts at TippingPoint DVLabs and others.


Research other available resources (e.g., Internet resources, your textbook) to validate how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance.


In your text document, explain how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance.



Lab 4.2


In your document, write an executive summary describing how security assessments throughout the seven domains of a typical IT infrastructure can help organizations achieve compliance by mitigating risks and threats. Please cite at least one resource in your executive summary.


Submit the document to your instructor as a deliverable for this lab.


NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 4.1a, Lab 4.1b, Lab 4.1c, and Lab 4.2 within your submission by labeling those sections within your assignment.


Your homework assignment should be a minimum of two pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.


Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.

Answered 1 days AfterMar 25, 2021

Answer To: Instructions The purpose of this homework assignment is to allow you to review the vulnerability...

Deepti answered on Mar 26 2021
137 Votes
4.1a
Vulnerability Life Cycle: The life cycle of a vulnerability is described through different stages. A vulnerability is created without any awareness about its existence in its birth stage. If its existence is discovered, the second stage of discovery is reached. When the vulnerability is known to others apart from its discoverer, its disclosure stage is reached, Its analysis is done, bug is fixed and released to users in forth stage called correction. The next stage of publicity involves large number of users knowing about the vulnerability. Scripting stage applies automation to exploiting the vulnerability and the last stage is death of vulnerability when old systems are discarded, usable systems are patched and hackers are no longer interested in exploiting the vulnerability.
Types of Disclosure:
· Nondisclosure: This policy is practiced by researchers by not disclosing the vulnerability discovered in the software. It is difficult to quantify this policy since there is no means to determine the number of flaws that are found and not disclosed.
· Full Disclosure: This type of disclosure would be beneficial to vendors so that the flaw can be handled before getting exploited by the hacker community. The users are informed so that affected software can be disabled. The vendors can quickly respond to the vulnerability and patch it on priority.
· Limited Disclosure: It is difficult to assess the reliability of the personnel to whom the vulnerability is disclosed (Hahn, 2012). Ethical behavior is unpredictable among the individuals who are trusted for disclosure as they may aim to take advantage or exploit the vulnerability for personal gain. Early actions to prevent exploitation would be further delayed.
· Responsible Disclosure: This disclosure involves the discloser and the vendor to be responsible and reliable in disclosing the vulnerability. The circle of trust should include selected individuals and communication is secured. Patch development begins in this stage and patches are tested by all the parties thoroughly.
Existing Policies and Proposals:
NTBug Traq Disclosure policy has components of responsible disclosure since...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?