Expert answer:CMGT400 Phoenix Threats Attacks and Vulnerability

  

Solved by verified expert:Part A:Select an organization you wish to explore and use throughout the course.As you make your selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer. You need sufficient knowledge of the organization you select to complete these security assignments.Part B:A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests.Take on the role of a Cyber Security Threat Analyst for the organization you select. Use the Threats, Attacks, and Vulnerability Assessment Template to create a 3- to 4-page assessment document.Research and include the following:REFER TO ADDITIONAL RESOURCES BELOW and to the grading rubric.Provide a scope description of the system you are assessing.Provide a network diagram of the system on which you are conducting a risk assessment.(Microsoft®Visio®or Lucidchart®)Describe at least 12 possible threat agents and how attacks are accomplished with each (attention to attack paths)Describe at least seven exploitable technical and physical vulnerabilities that would enable a successful attack.List at least two security incidents that happened to this organization, or within its industry, against similar systems (same data or business process)Describe the risks associated with at least five threat/vulnerability sets defined in this document.Additional ResourcesThis assignment requires careful attention to each step. In this post, I provide resources to help.Remember that a system is all devices associated with a business process, including servers, routers, switches, firewalls, user devices, applications, etc. For help on creating your network diagram, see the Lucidchart How to Build a Network Diagram or Creating a Network Diagram with Visio.Threat modeling traces attack paths through our infrastructure. This enables us to identify strengths and weaknesses in our controls framework. See A Practical Approach to Threat Modeling.There are many threats and vulnerabilities. For a comprehensive list of possible threats and vulnerabilities, see Catalogue of threats & vulnerabilities. Remember that a threat agent is a specific instance of a threat. For example, a threat of social engineering might be implemented by a malicious actor using a link in a an email message. Social engineering alone would not be detailed enough for this assignment. You must use specific threat agents.It is necessary for this assignment to pair threats and vulnerabilities for the final risk table. Even if you think you understand the differences between threats and vulnerabilities, I suggest you watch the short video, Threats, Vulnerabilities, and Business Impact.When you complete the final risk table, it is important to describe the risk in terms of the threats, vulnerabilities, and business impact as you would to a business manager. After all, that is who will be approving your recommendations. An example of what this might look like is shown in the attachment, below. I adjusted the table columns in the attached version of the template.
cmgt400_v7_wk1_threats_attack_vulnerability_assessment_with_example.docx

cmgt400_v7_wk1_threats_attack_vulnerability_assessment.docx

Don't use plagiarized sources. Get Your Custom Essay on
Expert answer:CMGT400 Phoenix Threats Attacks and Vulnerability
Just from $10/Page
Order Essay

Unformatted Attachment Preview

CMGT/400 v7
Threats, Attacks, and Vulnerability
Assessment Template
Instructions: Replace the information in brackets [ ] with information relevant to your project.
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor,
assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyberrelated interests. Take on the role of a Cyber Security Threat Analyst for the approved organization you
chose. Research the following information about the organization you chose and complete the Threats,
Attacks, and Vulnerability Assessment template.
[Organization Name/Description]
Assessment Scope
What are the tangible assets included? (Must include virtualization, cloud, database, network, mobile,
information systems.) Identify all information systems, critical infrastructure, and cyber-related interests
and combinations that will be assessed. Also, describe information systems, critical infrastructure, and
cyber-related interests which will not be assessed and explain why.
[Response]
System Model
A diagram and descriptions of each asset included in the assessment scope.
[Diagram here or attached]
[Response]
Existing Countermeasures
Describe existing countermeasure already in place.
[Response]
Threat Agents and Possible Attacks
Define 12 to 15 threat agents and possible attacks.
[Response]
Exploitable Vulnerabilities
Identify 7 to 9 exploitable vulnerabilities.
Copyright© 2018 by University of Phoenix. All rights reserved.
Threats, Attacks, and Vulnerability Assessment Template
CMGT/400 v7
Page 2 of 3
[Response]
Threat History/Business Impact
Threat History Events
Duration
Business Impact
Threat Resolution
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
Risks and Contingencies Matrix
Risk
P
r
o
b
a
b
i
l
i
t
y
P
r
i
o
r
i
t
y
Owner
Countermeasures/Contingencies/Mitigation
Approach
A malicious actor can send an email to our
employees that contains a malicious Office
Word document as an attachment. When
the user opens the document, a macro
runs. This macro downloads and installs
malware that collects sensitive information
from the user device. If the malware is a
worm, it can spread throughout across the
system, and to other systems, causing
significant loss of customer data and
intellectual property. The loss of either
results in a very high cost to the
organization.
H 1 Network
Engineering,
Desktop
support
1. Network engineering will segment
the network, placing database servers
on isolated segment accessible only by
application servers.
2. Desktop support will modify system
desktop policies to prevent execution of
macros.
3. Desktop support will modify desktop
policies to prevent users from installing
any software on their devices.
[Response]
[
R
e
s
p
o
n
s
e
]
[Response]
[ [Response]
R
e
s
p
o
n
s
e
]
Copyright© 2018 by University of Phoenix. All rights reserved.
Threats, Attacks, and Vulnerability Assessment Template
CMGT/400 v7
Page 3 of 3
Risk
P
r
o
b
a
b
i
l
i
t
y
P
r
i
o
r
i
t
y
Owner
Countermeasures/Contingencies/Mitigation
Approach
[Response]
[
R
e
s
p
o
n
s
e
]
[ [Response]
R
e
s
p
o
n
s
e
]
[Response]
[Response]
[
R
e
s
p
o
n
s
e
]
[ [Response]
R
e
s
p
o
n
s
e
]
[Response]
Copyright© 2018 by University of Phoenix. All rights reserved.
CMGT/400 v7
Threats, Attacks, and Vulnerability
Assessment Template
Instructions: Replace the information in brackets [ ] with information relevant to your project.
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor,
assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyberrelated interests. Take on the role of a Cyber Security Threat Analyst for the approved organization you
chose. Research the following information about the organization you chose and complete the Threats,
Attacks, and Vulnerability Assessment template.
[Organization Name/Description]
Assessment Scope
What are the tangible assets included? (Must include virtualization, cloud, database, network, mobile,
information systems.) Identify all information systems, critical infrastructure, and cyber-related interests
and combinations that will be assessed. Also, describe information systems, critical infrastructure, and
cyber-related interests which will not be assessed and explain why.
[Response]
System Model
A diagram and descriptions of each asset included in the assessment scope.
[Diagram here or attached]
[Response]
Existing Countermeasures
Describe existing countermeasure already in place.
[Response]
Threat Agents and Possible Attacks
Define 12 to 15 threat agents and possible attacks.
[Response]
Exploitable Vulnerabilities
Identify 7 to 9 exploitable vulnerabilities.
Copyright© 2018 by University of Phoenix. All rights reserved.
Threats, Attacks, and Vulnerability Assessment Template
CMGT/400 v7
Page 2 of 2
[Response]
Threat History/Business Impact
Threat History Events
Duration
Business Impact
Threat Resolution
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
Risks and Contingencies Matrix
Risk
Probability
Priority
Owner
Countermeasures/Contingencies/Mitigation
Approach
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
[Response]
Copyright© 2018 by University of Phoenix. All rights reserved.

Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP