0 Download2 Pages / 488 Words
Security professionals need to ensure that they keep up to date with the latest threats and security issues. This allows them to update their risk profiles, such as identifying if their systems are vulnerable. In order to determine what the risk to an organisation is, you need to know what the problems could be.
In this assignment, your task is to identify a recently announced security vulnerability and write a profile of the threat. The profile should contain the name of the threat, the systems it attacks, how it performs its attack, mitigation strategies and concluding reflection on the adequacy of the mitigation strategies. The risk to an organisation using vulnerable systems should also be determined.
Organisations face new threat scenarios every day. This report provides a threat profile for one of the most recent security threat and vulnerability facing organisations currently. The report also provides a detailed description of the vulnerability attacks and prevention.
A threat is whatever thing that has the capability or intention to interrupt the operation, functioning or reliability of an information system or application (John, 2001, pg 25). The term vulnerability refers to a flaw in a system or applications that can let an attacker to infringe the integrity of that system or application (Vacca, 2013, pg 201). Vulnerabilities include software bugs, virus or malware and script code injection. Threat profile describes threats and vulnerabilities that are likely to attack an organisations information assets and how they may try to harm, change, distort or in some way prevent services, information and other components within the organisation from being rightfully being used or retrieved. For the rationale of this report the following parameters were used to create the threat profile; threat name, description, threat agent, attack vector, attacked system, threat risk rating and finally existing risks mitigation control.
|
Threat name: OpenSSL Heartbleed vulnerability (CVE-2014-0160) |
|
Threat description: A severe vulnerability in the OpenSSL cryptographic software library. The vulnerability can allow malicious people to repossess private memory of an application in chunks of 64K at a time which might include the secret keys, usernames and passwords. |
|
Threat agent: Non-human |
|
Attack vector: TCP/IP transport layer security protocols (TLS) |
|
Asset(s) at risk: Wired and wireless communications using OpenSSL versions 1.0.1 through 1.0.1f |
|
Threat / risk rating: Severe |
|
Exploitation of this vulnerability can lead to: ü Loss of confidential, sensitive or classified data and information to unauthorised persons. ü Loss of data integrity through data corruption or destruction of information ü Severe legal actions, unintended expenses, financial losses or damage to an organisation reputation |
|
Existing risk mitigation control: ü Use the latest OpenSSL versions ü Patching ü Configure OpenSSl to remove support for the Heartbeat protocol using the OPENSSL_NO_HEARTBEATS flag (Ivan,2014, pg 164) |
Preparing a threat profile in an organisation allows the risk and incident management team to be prepared on how to handle threats that might face the organisation. The threat profile describes how the threat occurs, which system it attacks, the attack vector and how to mitigate the attack. This detailed information enables the incident management team to put into action safeguards to moderate the risk of anticipated attacks even before they happen.
Ivan R. (2014).Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. Festy Duck Limited: London
John E.C., (2001).Fundamentals of Network Security. Artech House:
US-CERT (2014). Retrieved August 03, 2017 from Alert (TA14-098A) OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160). website https://www.us-cert.gov/ncas/alerts/TA14-098A
Vacca J. R., (2013). Managing Information Security Second Edition. Elsevier Inc: USA
To View this & another 50000+ free samples. Please put your valid email id.
Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.
Upload
Unique Document
Document
Under Evaluation
Get Money
into Your Wallet
Total 2 pages, 1 USD Per Page
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Information Security. Retrieved from https://myassignmenthelp.com/free-samples/itc595-information-security/vulnerability-attacks-and-prevention.html.
"Information Security." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/itc595-information-security/vulnerability-attacks-and-prevention.html.
My Assignment Help (2021) Information Security [Online]. Available from: https://myassignmenthelp.com/free-samples/itc595-information-security/vulnerability-attacks-and-prevention.html
[Accessed 27 October 2021].
My Assignment Help. 'Information Security' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/itc595-information-security/vulnerability-attacks-and-prevention.html> accessed 27 October 2021.
My Assignment Help. Information Security [Internet]. My Assignment Help. 2021 [cited 27 October 2021]. Available from: https://myassignmenthelp.com/free-samples/itc595-information-security/vulnerability-attacks-and-prevention.html.
There are different types of assignments included in all the academic curriculums. From essay to book review, we provide urgent assignment help for all. You Do not have to waste your precious time looking for academic companies across the world. Just place your order directly with us. Take a look at our client testimonials to understand how popular we are among our clients.
Answer: Introduction Ransom ware virus had recently started a worldwide chaotic outbreak in May of 2017. The warehouse drawbacks and the recommendation for the threats and the ransom ware attacks on how to combat them have compiled in this report for the CFO of Motherboards and More Pty Ltd also discussing about the revenue cycle that is being followed. Overview of the revenue cycle The organization, Motherboards, and More Pty Ltd is ...
Read More
Answer: Risk Assessment Methodology It is crucial for a leading company in the Information Technology industry to identify and devise the strategies for categorizing and mitigating the risks in order to maintain its position in the global market (Altuhhov, Matulevi?ius & Ahmed, 2013). Various frameworks are needed to be laid out for the minimization of the risks faced by Apple. The methodology for the assessment of risk faced by App...
Read More
Answer: Introduction Aztek has decided to shift to the cloud and they are hoping to shift to the IT can be a blessing for them, the IT services can offer the facilities that can help them to enrich their business activities, the IT services can help them to outsource their services to third-party company and can be largely benefitted, however, they should be mindful of all the risks associated with the IT services (Lam, 2014). The report wil...
Read More
Answer: Short overview of paper The third party cloud computing is the most promising outsourcing as applied to computation services such as Microsoft’s Azure and Amazon’s EC2 which allows users to install the virtual machines. However, there is several vulnerability of third party cloud computing which has been elaborated in this given research paper. Third party cloud computing- It has also been gaining momentum througho...
Read More
Answer: Introduction The illegal activity that involves a computer and network is termed as cyber crime. Moreover, the protection approaches taken for avoiding threats, disruption, misdirection and theft from computer system referred to cyber security. Amin et al. (2013) stated that controlling physical access where hardware of the computer system can be accessed for protection against harm is a common method for implementing cyber se...
Read More
Get top notch assistance from our best tutors !
Excel in your academics & career in one easy click!
On APP - grab it while it lasts!
*Offer eligible for first 3 orders ordered through app!
