Scenario developments Since your previous major milestones were delivered, you have become a respected CISO in your organisation, which has continued to experience great success and extraordinary...

Scenario developments Since your previous major milestones were delivered, you have become a respected CISO in your organisation, which has continued to experience great success and extraordinary growth due to an increased demand in e-commerce and online shopping in COVID-19. Following your decision to prepare, plan and conduct a pentest of a newly acquired start-up (AlheimLabs) you have obtained some results from the exercise. You will now provide a reflective report on those findings. You engaged a pentesting company to perform some of the activities. Unfortunately, the pentester has been quite slow to complete the job and has delivered a less than complete and professional report. You are required to improve this report before showing the board. In partcualr, you are to complete the ‘results and recommendations section’. Requirements: 1. Carefully read the pentest document. Note: this is an incomplete pentest report that requires your reflection and consideration to improve it. 2. Carefully study the results/findings of the pentest (provided to you). 3. Using your knowledge of and reflecting on the CVE database and CVSS scoring system, complete the results and recommendations section of the pentest report. This will require you to reflect on the vulnerability and exploit involved, the terminology used, and to research the CVE database and complete the CVSS process by determining CVSS metrics, impact and a score for each vulnerability the pentester exploited. Note: You must make use of the Common Vulnerability Scoring System (CVSS) scoring system to determine the ratings of each of the identified vulnerability with its severity level, recommendations and possible impact. Refer to the CVSS training modules you have completed in this unit. 4. You will be required to attend a mandatory 5 minute zoom interview following submission of this assessment where you will reflect on some of the terminology (e.g., exploit, CVSS metrics etc) used in this reflective assessment and the unit.