Transcript
undefined
Operating Systems Vulnerabilities
undefined
Congratulations. You are the newly appointed lead cybersecurity engineer with your company in the oil and natural gas sector. This is a senior-level position.
undefined
You were hired two months ago based on your successful cybersecurity experience with a previous employer. Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this company’s culture, processes, and IT funding decisions, which are made by higher management.
undefined
You have recently come across numerous anomalies and incidents leading to security breaches. The incidents took place separately, and it has not been determined if they were caused by a single source or multiple related sources.
undefined
First, a month ago, a set of three corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the configuration of certain server and router systems of your company. You immediately recognized that something with your IT resources was not right. You suspect that someone, or some group, has been regularly accessing your user account and conducting unauthorized configuration changes.
undefined
You meet with your leadership to discuss the vulnerabilities. They would like you to provide a security assessment report, or SAR, on the state of the operating systems within the organization.
undefined
You’re also tasked with creating a nontechnical narrated presentation summarizing your thoughts. The organization uses multiple operating systems that are Microsoft-based and Linux-based. You will have to understand these technologies for vulnerability scanning using the tools that work best for the systems in the corporate network.
undefined
You know that identity management will increase the security of the overall information systems infrastructure for the company. You also know that with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to the stakeholders.
undefined
The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer’s memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer’s memory, central processing unit, and storage.
undefined
The OS coordinates all of these activities and ensures that sufficient resources are allocated. These are the fundamental processes of the information system, and if they are violated by a security breach or exploited vulnerability, that could have a significant impact on the organization.
undefined
Security for operating systems means protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could include a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data.
undefined
It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (for any type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.
undefined
As you assess your company’s systems, you will likely uncover gaps and errors. These may reveal mistakes that people at the company have made which might embarrass or anger those involved. However, the trust placed in you means that you have a responsibility to report your findings fully and accurately so that you can reduce or eliminate the risk of future unauthorized access. So be fair and follow industry standards, but have the courage to be a force for positive change in your company’s cybersecurity efforts.
undefined
There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:
undefined
- Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
- Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
- In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
undefined
Competencies
undefined
Your work will be evaluated using the competencies listed below.
undefined
- 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
- 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
- 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
undefined
Develop the Presentation
undefined
Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company’s leadership.
undefined
Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. Team members are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation:
undefined
- How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.
- How do you describe the most serious risks factually but without sounding too dramatic? No one likes to hear that the entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.
- How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.
- Be clear about what action you are recommending. Upper-level managers will want to understand not only what you discovered, but also what you propose as a solution. They will want to know what decisions they need to make based on your findings.
undefined
Your goal for the presentation is to convince the leadership that the company needs to adopt at least one security vulnerability assessment tool to provide an extra layer of security.
undefined
The deliverables for this project are as follows:
undefined
- Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
- Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
0 comments