|Your boss wants you to draft a two- to three-page vulnerability process and assessment memorandum addressing the main points of a VM process for Mercury USA. You will cover the main elements of a vulnerability management process, tailored to Mercury USA’s business in the transportation sector, evaluate the OpenVAS scanning tool, and provide recommendations for mitigating the vulnerabilities found within the OpenVAS report. The third-party pen tester used the free tool Open Vulnerability Assessment Scanner (OpenVAS) to scan Mercury USA’s network. Review the report from the OpenVAS Scan. As you review the scan, consider some important points from Lesson 5: Priority Difficulty of implementation Communication/change control Inhibitors to remediation MOUs SLAs Business process interruption Degrading functionality
How Will My Work Be Evaluated?
An important part of your duties as a cybersecurity analyst will involve analyzing data from multiple sources and sensors such as antivirus/antimalware scanners, firewalls, insider threat monitoring systems, intrusion detection/prevention systems, SIEMs, vulnerability scanners, web application scanners, and other tools. You will also process logs from applications, auditing, network infrastructure devices, internet of things (IoT) devices, mobile communications devices, printers, servers, security appliances, and generalized logging collectors like syslog and Windows Event Logs. As a cybersecurity analyst, you will be considered the subject matter and technical expert. A large part of your work will focus on identifying, analyzing, and mitigating vulnerabilities. For this assignment, you are asked to provide your supervisor with a technical evaluation of the organization’s vulnerabilities and propose a vulnerability management process. By summarizing your results in a short memorandum, you are showing how you use your technical knowledge to convey your ideas to others in a professional setting. Your ability to express your findings using the right mix of technical detail in a business context using an accepted format is an important workplace skill. The following evaluation criteria aligned to the competencies will be used to grade your assignment: 1.1.1: Articulate the main idea and purpose of communication.
1.3.1: Identify potential sources of information that can be used to develop and support ideas.
1.4.1: Produce grammatically correct material in standard academic English that supports the communication.
10.1.1: Identify the problem to be solved.
10.1.2: Gather project requirements to meet stakeholder needs.
12.1.2: Formulate policies, processes, and procedures based upon identified business needs.
12.2.1: Identify systems for the risk assessment. You will use this report to write a two- to three-page memorandum for your manager, Judy. Follow the instructions in the VM Process Overview Template to record your work
Vulnerability Management Process for Mercury USA
The vulnerability management process for Mercury USA, a transportation company, should include the following key elements:
Vulnerability Identification: This step involves identifying vulnerabilities in the network through regular scanning and assessments. In this case, the third-party pen tester used the free tool Open Vulnerability Assessment Scanner (OpenVAS) to scan Mercury USA’s network.
Vulnerability Prioritization: Once vulnerabilities are identified, they should be prioritized based on their severity and impact on the business. Factors such as the difficulty of implementation, communication/change control, and inhibitors to remediation should be considered when prioritizing vulnerabilities.
Vulnerability Mitigation: The next step is to implement mitigation strategies for the identified and prioritized vulnerabilities. This may include patching, configuration changes, or other remediation actions.
Vulnerability Monitoring: Vulnerabilities should be continuously monitored to ensure that they have been effectively mitigated and that new vulnerabilities have not emerged.
Communication and Change Control: Effective communication and change control are crucial for ensuring that all stakeholders are aware of the vulnerabilities and the steps being taken to mitigate them. This includes notifying management, IT staff, and other stakeholders of vulnerabilities and their status, as well as documenting the steps taken to mitigate them.
Memorandum of Understanding (MOUs) and Service Level Agreements (SLAs) : It’s important to have MOUs and SLAs in place with third-party vendors and service providers to ensure that they understand and are held accountable for their role in protecting the organization’s assets.
Business Process Interruption: The management of vulnerabilities should not interrupt the business process, but rather, it should be integrated into the overall security strategy.
Degrading Functionality: Any steps taken to mitigate vulnerabilities should not degrade the functionality of the systems or applications affected.
Evaluation of OpenVAS Scanning Tool
OpenVAS is a widely used open-source vulnerability scanning tool that can be used to identify vulnerabilities in a network. It offers a large number of plugins and supports various operating systems. One of the main advantages of OpenVAS is that it is free to use, making it an attractive option for organizations with limited budgets. However, it can be difficult to set up and configure, and the interface can be confusing for users who are not familiar with vulnerability scanning tools.
Recommendations for Mitigating Vulnerabilities Found within the OpenVAS Report
Based on the results of the OpenVAS scan, the following recommendations can be made to mitigate the vulnerabilities identified:
Patch Management: Apply all relevant software patches and updates to address identified vulnerabilities.
Configuration Changes: Review and implement configuration changes to address vulnerabilities related to misconfigurations or insecure settings.
Network Segmentation: Implement network segmentation to limit the scope of a potential compromise and to improve the overall security of the network.
Monitor for New Vulnerabilities: Continuously monitor for new vulnerabilities and address them in a timely manner.
Employee education: Provide regular training to employees on security best practices, including how to identify and report potential vulnerabilities.
Test and Validate: Test and validate the effectiveness of the mitigations implemented.
By following these recommendations, Mercury USA can effectively manage and mitigate vulnerabilities in its network, improving the overall security of the organization.