Complete a risk assessment and a threat vulnerability profile for an internet an

Question

Complete a risk assessment and a threat vulnerability profile for an internet and intranet web site. Complete a threat-vulnerability-asset worksheet. This is a small business firm that uses open source and Windows 7/8/10 and Windows Server 2012. Windows is used for the desktops and server. The firewall and network use PFsense as the vendor. Assume 1 windows server, 1 PFsense router and 1 PFsense firewall. And 3 desktops for the staff.

RE: Risk IT Framework for Management of IT Related Business Risk:  http://www.isaca.org/Knowledge-Center/Risk-IT-IT-Risk-Management/Pages/default.aspx

IT Asset Management: http://searchcio.techtarget.com/definition/IT-asset-management-information-technology-asset-management

Microsoft:  https://technet.microsoft.com/en-us/library/cc958343.aspx

Writing Requirements: 

3-4 page paper in APA format, for citations and refereneces

Use the APA template located in the Student Resource Center to complete the assignment.

Each team member submits the team assignment
Project Team Member Peer Evaluation Form (Peer Evaluation Form)

Explanation / Answer

As the years are passing by, security is growing as one of the most effective fields in the history of computers. There is an need of getting each one of the things secured with the help of the internet security with ethical actions. There are many things happening in the web and promising the safety without taking any tough measures is one of the impossible task nowadays. Hence, companies and individuals have moved to the security tools and technologies to keep their information safe while connected to the internet.

Risk Assessment & Threat Vulnerability:

Nowadays, companies have moved on to the Agile or Rapid Application Development SDLC(Software Development Life Cycle) which has been resulting in reducing the development timeframe. Now, starting with the risk assessment, here we go,

Collecting Information:

The collection of the information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.

Information caught in wrong hands can turn out to be a chaos for any organization. Hence, information must always be safeguarded with levels of security.

Risk Profiling:

Checking the website for each and every type of risks/threats is an very important task and must be carried on with each and every module of the organization's availability in the internet space.

There must be things carried out like:

Automated threat scanning

Penetration Testing

Black Box testing of the source codes

Assigning Risk Ratings to the Security Flaws

Reporting to higher Authorities

Updating Technology:

In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.

The use of older versions will come with bunch of vulnerabilities and threats alongwith the destruction of certain aspects of the organization.

Application Fingerprinting:

In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.

The application fingerprinting consists of different levels of assesment. Here are some of the different scopes:

Defining Objectives

Devising Strategy to overcome threats

Role Based Access Control Matrix

Choosing Appropriate Security Tools

Hence, this is all about the risk assessment and the vulnerability. Everyone must keep in mind that being safe on internet is an integral part of the virtual life and must carry on managing the security each time there is any interference of threats or vulnerability.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.