CST 610 cyberspace and cybersecurity foundation

Assessing Information System Vulnerabilities and Risk You are an information assurance management officer (IAMO) at an organization of your choosing. One morning as youre getting ready for work you see an email from Karen your manager. She asks you to come to her office as soon as you get in. When you arrive to your work you head straight to Karens office. “Sorry for the impromptu meeting” she says “but we have a bit of an emergency. Theres been a security breach at the Office of Personnel Management.” We dont know how this happened but we need to make sure it doesnt happen again says Karen. Youll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk you open Karens email. Shes given you an OPM report from the Office of the Inspector General or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented if the Office of Personnel Management or OPM had abided by previous auditing reports and security findings. In addition access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report or SAR. You will also create a Risk Assessment Report or RAR in which you identify threats vulnerabilities risks and likelihood of exploitation and suggested remediation. Your research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. Prepare a Security Assessment Report (SAR) with the following sections: The final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment. Prepare a risk assessment report (RAR) with information on the threats vulnerabilities likelihood of exploitation of security weaknesses impact assessments for exploitation of security weaknesses remediation and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the OpenVAS vulnerability assessment tool in your report.The deliverables for this project are as follows: Submit your deliverables below. Before you submit your assignment review the competencies below which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric click My Tools select Assignments from the drop-down menu and then click the project title. Requirements: 8 – 10 pages | .doc file Purpose Organization Scope Methodology Data Results Findings Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures diagrams tables or citations. Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures diagrams tables or citations. Lab: In a Word document share your lab experience and provide screenshots to demonstrate that you performed the lab. 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. 1.3: Provide sufficient correctly cited support that substantiates the writers ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task message and audience. 1.6: Follow conventions of Standard Written English. 5.2: Knowledge of architectural methodologies used in the design and development of information systems including the physical structure of a systems internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. 5.6: Explore and address cybersecurity concerns promote awareness best practice and emerging technology. 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. 8.1: Demonstrate the abilities to detect identify and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize characterize and prioritize an incident as well as to handle relevant digital evidence approporiately. PurposeOrganizationScopeMethodologyDataResultsFindings Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures diagrams tables or citations.Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures diagrams tables or citations.Lab: In a Word document share your lab experience and provide screenshots to demonstrate that you performed the lab.