threats attacks and vulnerability assessment 2

by

Part A:

Select an organization you wish to explore and use throughout the course.

As you make your selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer. You need sufficient knowledge of the organization you select to complete these security assignments.

Part B:

A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests.

Take on the role of a Cyber Security Threat Analyst for the organization you select. Use the Threats, Attacks, and Vulnerability Assessment Template to create a 3- to 4-page assessment document.

Research and include the following:

  • REFER TO ADDITIONAL RESOURCES BELOW and to the grading rubric.
  • Provide a scope description of the system you are assessing.Provide a network diagram of the system on which you are conducting a risk assessment.(Microsoft®Visio®or Lucidchart®)
  • Describe at least 12 possible threat agents and how attacks are accomplished with each (attention to attack paths)
  • Describe at least seven exploitable technical and physical vulnerabilities that would enable a successful attack.
  • List at least two security incidents that happened to this organization, or within its industry, against similar systems (same data or business process)
  • Describe the risks associated with at least five threat/vulnerability sets defined in this document.

Additional Resources

This assignment requires careful attention to each step. In this post, I provide resources to help.

  • Remember that a system is all devices associated with a business process, including servers, routers, switches, firewalls, user devices, applications, etc. For help on creating your network diagram, see the Lucidchart How to Build a Network Diagram or Creating a Network Diagram with Visio.
  • Threat modeling traces attack paths through our infrastructure. This enables us to identify strengths and weaknesses in our controls framework. See A Practical Approach to Threat Modeling.
  • There are many threats and vulnerabilities. For a comprehensive list of possible threats and vulnerabilities, see Catalogue of threats & vulnerabilities. Remember that a threat agent is a specific instance of a threat. For example, a threat of social engineering might be implemented by a malicious actor using a link in a an email message. Social engineering alone would not be detailed enough for this assignment. You must use specific threat agents.
  • It is necessary for this assignment to pair threats and vulnerabilities for the final risk table. Even if you think you understand the differences between threats and vulnerabilities, I suggest you watch the short video, Threats, Vulnerabilities, and Business Impact.
  • When you complete the final risk table, it is important to describe the risk in terms of the threats, vulnerabilities, and business impact as you would to a business manager. After all, that is who will be approving your recommendations. An example of what this might look like is shown in the attachment, below. I adjusted the table columns in the attached version of the template.