The document discusses risk, threat, and vulnerability management from the perspective of a company called Para Delta. It summarizes Para Delta's analysis of security baselines and networks for clients. This included identifying vulnerabilities, security requirements, common attacks and their impacts. It also describes Para Delta's determination of network defense strategies, testing procedures, and risk management costs. The goal was to help clients develop effective security controls to reduce risks and threats on their IT networks.
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
1. Running Head: RISK, THREAT AND VULNERABILITY
MANAGEMENT 1
RISK, THREAT AND VULNERABILITY MANAGEMENT
2
Risk, Threat and Vulnerability Management
1. Introduction
A general review of threats and vulnerabilities on IT systems
was carried out by an American based company known as Para
Delta that deals with information technology and sells
electronic software. This was done in order to assist the firms to
come up with effective security control measures which reduce
the risk and threats on the IT networks. Para Delta Company
developed procedures through which threat and vulnerability
can be managed. The management steps provide emphasis on
advance action of network security tasks such as insertion
testing. Some automatic systems have advanced antivirus
software installed in them, which are not able to identify the
specific security threat and vulnerability even though they are
capable of detecting dangers. The Para Delta came up with
solutions to these threats by creating a threat intelligence
foundation that combines human capability and data-driven
intersection. Cyber-attacks and risk management are done by
first assessing vulnerabilities that help to identify the common
threats and the magnitude of their effects on the manufacturing
2. environment. The right set of security arrangements and risk
management procedures are required to avoid cybersecurity
vulnerabilities that pose serious threats to IT networks. The
company found out that there is a need to develop guidelines
and techniques which avail adequate information security to
secure the operating system. By protecting the information and
information systems create an affirmative foundation for strong
information. This initiative helps to mitigate risks on the IT
networks by protecting it from unauthorized access or
destruction. Frameworks given by IT security procedures
provide management to the information technology and
governance. Frameworks also acknowledge IT governance
objectives and good actions by the IT process. Companies are
required to develop policies on the planning processes of
information security systems, which again require plans of
action for implementing security controls. This makes it
possible for the provision of a more confidential information
system and its availability.
2. The Analysis of Security Baseline
The analysis was carried out by the Para Delta Company
through the identification of various procedures, security
requirements, the security attacks to the enterprise network
control systems, and network infrastructure with security
posture components.
2.1. Security requirements and goals
The Para Delta Company carried out an analysis of security
baseline through which the identification of various security
necessities and results were listed for the preparation of any
action of security baseline. The company found out that for
strong networks of IT control system to be achieved, there must
be some essential elements of the security network. This helps
IT personnel to secure network systems and the important
services of the network. The company identified specialized IT
personnel to work together to establish cost-effective
guidelines. This assists them in securing IT security products
and helping in dealing with specific security risks and threats
3. during an outsourcing process and when carrying out
procurement processes. The requirements such as security by
design, security by default, and least privileges are identified by
risk-assessment, which again helps in developing a favorable
system’s objectives and the dominance of pictorial security
view.
2.2. General attacks on security networks and their impacts
Most of the known cybersecurity threats include computer
viruses. The computer virus is software in nature and is
designed in a way that it can be spread from one computer to
another. The Para Delta Company found that the virus is
capable of defaulting security settings, corrupting the
information, and can even further steal data such as sensitive
personal information from the computer. The sources of
computer viruses consist of attachments sent from email and
download from the infected websites. Another threat is rogue
security software, which is known to commit internet deception.
The software is harmful in that it deceives users to believe that
they have computer virus installed on their computers, and the
security control measures are never updated. This leads to
malfunctioning of the software is installed, and it can impact
risks on IT networks. Trojan horse is another security threat
which deceives user into inviting a cyber-attacker into a
securely protected area and stealing the user’s passwords
through recording and further steal the important information
from the computer. Computer worms multiply very fast and
spread out from one computer to another. Denial of service
attack is performed by various machines and internet
connections through website flooding. A distributed denial of
service attack function the same as the denial of service, but it
is more forceful. It is very hard to control since it is launched
from several computers. Phishing attacks are brought by short
text messages shared and emails sent that appear to be authentic
and valid. The person receiving the email is deceived into
opening harmful links, which again leads to the installation of
malfunctioning of the computers. Other threats include rootkit,
4. which invites the attacker and operates as phishing and injection
attacks that execute harmful statements that operate a database
behind web applications. Since it involves the interception of
communication between two or more digital systems, it is very
difficult to detect and control, and the solution to this is
defense. To manage all security network threats, preparation is
done in advance to make sure the security network systems are
secure. Security risks are managed by raising concerns on
server and security network virtualization issues that need to be
controlled. This helps to block the hackers from attacking the
security network system. A number of system checks are carried
out to enforce the dual controls for critical tasks, which reduce
the risk of IT networks. Network infrastructure is deployed to
create awareness for IT staff to avoid any significant
vulnerability of network systems such as the denial of access.
2.3. Network infrastructure and security posture components.
The figure below shows the network infrastructure with
security posture components.
Different types of tests on security networks are done
continuously to reduce threats and vulnerability of computers.
The different security test types include; static cord analysis,
penetration test, conformance test, heavy demand test, and
analysis of origin testing. The company stated that to achieve a
successful response to any incident, a well-coordinated and
organized approach must be put in place.
2.4. Open and closed access areas and interconnection access
points
The Para Delta Company identified various wireless devices
vulnerable to security network hacking. The open-access points
are closed to avoid any external invasion. This is done by
outlining important steps covered by any response program to
effectively address the security incidents (Venkatraman, Daniel,
& Murugaboopathi, 2013). These steps include preparation in
policy establishment, detecting and reporting potential security
events, triage, and analysis of data collection from tools and
systems. The contaminant and neutralization perform an equal
5. closure of all systems, threats mitigation, requests, and post-
incident activity, which improves security measures.
2.5. Hardware parts of the security network
The company identified major components of the computer
network required for the software installation. These
components include networking devices connecting several
Ethernet known as hub, network interface card, device
connecting multiple devices on a computer(switch), connecting
internet device called a router, telephone lines internet
connecting device called modem and signal transmitters (cables
and connectors).
2.6. Network-server management
The Para Delta Company carried out research and found that
network-server management can be done through monitoring,
maintaining, and optimizing a network system (Hu, et al, 2018).
The management is done with full compliance with security,
reliability, and smooth operations. Workforce skill is improved
by exploring cybersecurity risks which help in diagnostic
planning. This further creates essential technical skills of the
security workforce and helps in commanding the necessary tools
set to carry out the work. Network security baselines are used as
styles applied during the first evaluation and analysis of gap
phases. It ensures the provision of the least necessities for
security control management. The identification of strengths
and weaknesses of real network control systems in the world is
done by comparing it against the network baseline. The Para
Delta Company stated some threat remedies to perform risk
assessment, such as gathering systems and related information.
Threats are identified, and their weaknesses discovered before
doing the analysis to uncover the dangers and impact of these
threats. Proper action is then carried out depending on the level
and magnitude of each threat. The solution is provided through
the installation of antivirus software and vulnerability
management system to handle and resolve vulnerabilities.
2.7. Methods of security network protection
6. The method employed by the company was through installing
automated systems for regular monitoring of the network. Risk
mitigation is done by reducing the threat level by eliminating
and intercepting adversaries before they attack the security
operating systems. Steps that one applies for mitigation include
encryption of data, educating members of staff, and the use of
proper termination practices.
3. Determination of Network Defense Strategy
The company further came up with effective strategies for the
assurance of service continuity under attack collaboration (Li,
et al, 2007). The service providers face risks whose major
sources are harmful attacks on the network control systems.
Network attacker intends to interrupt and bring disorder in the
services, on the other hand, the user providing defense has to
make sure there is continuity of the service provision, and this
brings a high degree of complexity characteristic. The defender
has to apply the effective and appropriate strategies such as
deploying specific advance action and reaction defense
mechanisms, under resources and predefined provision quality
services to protect the network control system.
3.1. Determination of test violations and procedures of the
security network
The Para Delta Company carried out testing violations and
assessment of vulnerabilities by using various manual methods
and automated tools. The review of manual application systems
and the network policies were found to be significantly
vulnerable and possible for malicious attackers. The company
identified ports, services, and their capability of vulnerabilities.
The verification of these vulnerabilities on the network systems
is done by carrying out penetration testing. The review
techniques used by the company were manually carried out to
examine systems, applications, and network policies to ensure
everything put in place. The network security personnel were
interviewed to help in identifying important systems,
applications, and services that run on the network, such as word
press from the web server and security policies and monitoring
7. systems. The company primarily focused on the webserver for
vulnerabilities during the evaluation process. The
vulnerabilities are due to the inspection of packets conveying
the network and how the number of times ports are opened.
These malicious attacks can be intentionally or accidentally
initiated into the network software by an end-user. Automated
tools such as maps are used to verify the open ports and to scan
them for the possibility of vulnerable directories. Test of
violations on network defense includes identifying system
operations through providing backups, and disaster recovery
tested, maintaining information through periodic verification
and validity of the data updates, identifying and modifying the
process, and maintaining system software.
3.2. Identification of different test types and test plans
There two types of tests carried out by the company, which
include a security scanning test that is done either manually or
by use of automated machines and penetrating tests. The
techniques and procedures used to conduct the test are first
starting with obtaining additional information and performing
more reconnaissance through network scanning, an inspection of
potential parts of exploit on a network system and vulnerability
scan help in detecting them, scanning done to find out hackers
vulnerabilities to gain access to the network system, attempting
to gain unauthorized access to restricted systems by use of
password cracking and finishing with a penetration test. The
company noted that when carrying out a test on network
security, the following guidelines need to be followed; most
critical areas which exposed to the public access should be
tested first to avoid exposing risk on the network, the system
being tested should have the latest updates of the security
patches installed, the correct interpretation of testing outcomes
because sometimes vulnerability testing give false-positive
results, those carrying out the test should be aware of the
security policies, selection of the correct equipment that give
favorable characteristics needed to carry out testing. The Para
Delta Company suggested that the outcome achieved from the
8. network security test assist the developers in coming up with
various strategies of protecting network security systems and
web applications and can also be shared among the security
team within the company. Security implementation is done by
figuring out the measurement of all collective action that needs
to be taken and also initiate the progress or improvement
process.
4. Plans for the Penetration Testing Engagement
The company noted that when planning for penetration testing,
the rules of engagement for penetration testing need to be
addressed. The rules of engagement are directives defining
circumstances and conditions such as hostilities and actions
needed to be applied when carrying out a penetration test
(Tiller, 2011).
4.1. Definition of penetration test and steps involved
This process involves the advanced testing of web applications
through executing attacks that are the same as the real attack
(Wilhelm, 2013). These attacks might occur at a specific time
during the process of testing. They are computed in a specified
manner to get security faults and to provide effective strategies
and steps on how to reduce the risks brought by these defects.
The process aim at uncovering vulnerabilities and highlight the
practical risks involved. The steps involved in rule of
engagement process include; identifying the type and depth of
test to be carried out, checking contact details of a client
involved, looking at the notifications of the IT team and the
client, handling data responsibly and checking the status of any
meeting and going through reports. The company argued that
the type of test to be applied is identified depending on the
directives given out in the rule of engagement and also the size
of information given out by the team conducting the test. The
team carrying out the test operates from the view of an attacker
from outside the company in the black box test. The process of
penetration starts by identifying the network mapping,
implementation of various defense strategies, and website
services. This type of test is best applicable internally and can
9. be used by the specialized IT personnel of the Para Delta
Company. The white box test is where the available information
about the targets is distributed to the testing. The information
sometimes includes the source code of the applications. Testing
of web applications is done using a gray box test, and the main
purpose is to identify vulnerabilities within the applications.
The company found out that the penetration tester can operate
with the user accounts to adopt the point of view of a harmful
attacker that is capable of gaining access through social
engineering. The client, together with the team conducting
testing, evaluate the information that is valuable and necessary
to be protected, and the application needed to be tested when
making a decision on scope testing. The company found out that
capturing the right information contact of the client-side helps
to mitigate denial of service attack. The tests are used to create
awareness concerning the readiness of the supporting staff
members in responding to incident and intrusion attempts. The
client is informed about the testing process through time and
date indication and also the source of addresses from where the
testing. The penetration tests are always announced. The data
handling process requires special attention in the rule of
engagement through which proper storage and communication
measures are taken. For a penetration test to be successful,
frequent communication is required and very fundamental. The
testing team and client of the company are required to carry out
regular meetings and give information concerning report status.
4.2. Determination of updates on security components
The Para Delta Company emphasized on the importance of
software updates citing that there are critical patches to security
network that requires regular monitoring and updates. This
brings improvement to the stability of the software and also
ensuring that the outdated features are removed. These updates
aim at making the service provider have a better experience.
The latest patch implantation is done through efficient patch
management, which ensures the security and smooth functioning
of corporate software, and the company indicated that it should
10. be automated by the use of specialized patch management
solutions. The aim of patch implementation is to ensure that all
applications running on the network are secure and stable. The
company listed how these goals can be achieved through taking
control of software inventory, monitoring the existence of
security for all operating systems and applications, by detecting
any software that is not correctly patched, identifying patches to
be applied to specific systems, testing of patches and ensuring
that they are all installed at the right time to avoid risks to the
network security.
5. Analysis of Risk Management Cost Advantage
The company found out that benefit-cost analysis provides one
with means of identifying the situations in which the specific
interventions to manage risks appear to be cost-effective of
mitigating the risk of disaster and orders of magnitude involved.
This process is significant in selecting the appropriate loss
prevention and control measures.
5.1. Identification of cost test violations and implementation of
control measures
Various tests violation were identified, and the implementation
of security control measures to help mitigate the risk volume
sufficiently (Stoneburner, Goguen, & Feringa, 2002). This
provides security on an acceptable level and benefits for the
company. These control measures on risk management include
the elimination of automated machines that are vulnerable to
malicious attackers, a substitution which reduces the risk by
replacing a more vulnerable device with a secure device that is
cost-effective, and engineering controls that ensure the
protection of the service provider. The engineering control
gives priority to measures that protect all employees of the
company over the individual measures.
References
Hu, H., Liu, Y., Zhang, H., & Pan, R. (2018). Optimal network
defense strategy selection based on incomplete information
evolutionary game. IEEE Access, 6, 29806-29821.
11. Li, M., Koutsopoulos, I., & Poovendran, R. (2007, May).
Optimal jamming attacks and network defense policies in
wireless sensor networks. In IEEE INFOCOM 2007-26th IEEE
International Conference on Computer Communications (pp.
1307-1315). IEEE.
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk
management guide for information technology systems. Nist
special publication, 800(30), 800-30.
Tiller, J. S. (2011). CISO's guide to penetration testing: a
framework to plan, manage, and maximize benefits. CRC Press.
Venkatraman, K., Daniel, J. V., & Murugaboopathi, G. (2013).
Various attacks in wireless sensor network:
Survey. International Journal of Soft Computing and
Engineering (IJSCE), 3(1), 208-212.
Wilhelm, T. (2013). Professional penetration testing: Creating
and learning in a hacking lab. Newnes.