Vulnerability Assessment to Cyber Businesses-Myassignmenthelp.Com

Question: How Do Vulnerability Assessment to Cyber Businesses? Answer: Introducation Technology has evolved and many people depend on computers and the internet in running their daily activities. The computers are used practically in every organizations and form part of the crucial running of a particular organizational activity. For those who cannot be able to have machines in their offices or homes but need them for transacting businesses and communication, then the cyber cafes enable them do so. Vulnerability Assessment techniques for the cyber cafe business will therefore, be the main focus of this work. Before any contract is signed, investigation of a business or a person is done and any possible risks take care of to ascertain the viability of the products or services offered. This process is known as due diligence. In a cyber-business, due diligence is important if conducted on the supplier of the machines and equipment that will be used in the business. Vulnerability allows the transformation of hazard to a risk from the assessment. According to SANS Institute (2001), the process of conducting a vulnerability assessment test is very crucial and should be done in three major concepts; Conduct assessments The planning and performance of the vulnerability assessment is done at this level. Definition of activity scopes, the collection of data and information that is relevant, responsibility and role definition encompasses the process. Review of procedures and policies, interviews and security scanning are some of the methods mentioned by the author. Identify exposures Data and information collected in the first phase is reviewed to enable issue of accountability processes and management processes. The information is also used in other processes like enterprise trending and wide risk assessments. Threats and exposures are identified in this stage. Address exposures Proper investigation is done to determine whether the exposures identified actually need redressing services or not. The findings of the investigation will determine the system upgrade that will be decided on or if not will not be addressed. The complexity of the system used in the upgrade will be determined by the magnitude of the risk or possible threat that the exposure causes to the organization. SANS Institute (2001) advices that before any assessment is done, the order should start from the highest levels downwards towards finer details. SANS Institute (2001) illustrates that the vulnerability assessment is sometimes done poorly due to various reasons including the following; Insufficient or unavailability of relational observational data to events that are dangerous. Difficulties in data collection due to a huge number of dimensions to be explored and the complexity of the damage system. The purpose of the study and the three-dimensional or sequential scale analysis. Benefits of conducting a vulnerability assessment Various benefits are accrued from using vulnerability assessment in a business. According to SANS Institute (2001), some of the benefits are; Security exposures are identified on time before possible attack happens. This enables the business to find measures of addressing the exposures hence saving the eminent dangers of losing reputation and total collapse of the business. Early detection identifies both internal and external security exposures hence a business is not ambushed from either side. A detailed network map of enterprise is created or updated when the vulnerability assessment is done. If the assessment is not done properly, the rogue machines may produce unnecessary and unwanted risks which could have been dealt with earlier. An inventory of all the devices are created in a database. The database will be stored in a repository to free storage devices. It can be assessed any time and used for various activities like; system tracking, rescanning machines and general management of the business. The overall security posture of the business can be determined and the maintenance of an archive all possible vulnerabilities is enhanced with any number of systems on the network. Assets of the cyber business Some of the assets that are important in the cyber business include; The desktops and monitors, the Central Processing Units all computer hardware computer software storage devices. According to Proffitt (2008), assets could be categorized in various ways including; Servers that consist of Windows, Linux, or server of choice. Workstations consisting of laptops, desktops and the related hardware. Miscellaneous equipment that consists of such things as webcams, fire alarms and electric door controls, network enabled printers, first aid kits among others. Network Gear that has access points, video conferencing units, routers, balanced loaders and switches. According to R2A, vulnerability assessment techniques are useful in finding solutions to possible threats and risks that may face organizations. The assets listed can also be said to be the critical success factors of a cyber-business. The other possible critical success factors for the cyber business includes; the capability of the listed assets to perform the function for which they were made for, the physical resources and facilities available, customer loyalty and availability of staff to serve customers. They are critical for success since when they are properly installed and used, businesses are able to record profits and benefits. Vulnerability assessment enables the manager of a business determine the kid of assets available and the possible threat to each of them. R2A further documents that in vulnerability assessment, the threats are matched with an asset which enables the redirection of control efforts. The threats matched with the assets include; Critical failure of the servers or workstations Robbery, pilferage and/or collusive theft, malicious damage and industrial actions. Breakdown or complete destruction of the miscellaneous assets due to power surges Industrial espionage, misappropriation or sabotage of data, defamation, and rising costs due to security loses/vandalism. Failure of a major supply to the consumable assets like printing papers and inks Threat of theft of the machines and hardware. The critical vulnerabilities from these threats include; Physical vulnerabilities like theft or sabotage of the equipment Notional vulnerabilities like failure of the supplier that leads to disruption of the daily running of the business. Failure of Servers and miscellaneous assets According to R2A, the critical vulnerabilities have a lot of impacts on; community, people and performance; direct and indirect cost of activities; organizational behavior, goodwill, quality of life and reputation of the business. The environment, asset and resource base of the organization is also put at risk by these critical vulnerabilities. Precautionary analysis From the vulnerability assessment done above on the cyber business various vulnerability assessment techniques can be applied in the process of identification and address of the vulnerabilities. These techniques enable the whole process to be easy and profitable. According to Proffitt (2008), one of the techniques used is the QualsyGuard that offers solutions on vulnerability assessment online. The technique is run by Qualsy who offers Internet Protocol (IP) hardware based items for the assessment to be installed in the business premises or can allow use of their scanners from their operation centers. The use of QualsyGuard technique is important in various ways including; The data retention period is long for up to two years hence can be accessed when need arises hence very efficient. The data does not have to be stored in your devices but in a repository hence saving storage space. Relief is provided in terms of securing workstations, provision, configuration or securing hardware to be used for the san hence very efficient to use. This is because the hardware needed for the vulnerability assessment is provided for the service. All the system data collected from various appliances is stored in a single repository for ease of assessment and retrieval. The technique is also responsible for automatically updating the scanning machines and maintaining the vulnerability signatures. The machines are updated with a vulnerability database in which queries can be compared. The data collected from your system are under a very tight security with heightened confidentiality, availability and integrity. The precautionary analysis that could be from the assessed vulnerabilities include the following; Always purchase appliances, hardware and software from qualified and licensed retailers or distributors. These will be very significant in ensuring that they are not rendered inoperable once they are installed. Vulnerability assessment should be done before the equipment are fed with data, or installed for use at a particular place. These could be helpful in preventing attacks both on hardware and software either externally or internally. Before vulnerability assessment is done, the top most management of the enterprise should give an approval such that no blame games are issued in case of possible internal threats are identified. The assessment team should be given a go ahead after the risks of scanning the systems is fully understood by the management. Awareness training should be conducted to the management and employees of an enterprise before the Vulnerability assessment is done such that they will be knowledgeable on how to handle the machines or how to address the identified exposures at the end of the exercise. The training should clearly define and explain the exercise; the areas of infrastructure to be assessed and its importance to the enterprise, expectations and how reports can be created; the importance of the technology for the enterprise with details of the severity levels in which action should be taken. The correct data from the results of the vulnerability assessment should be relayed only to the authorized people since it is very critical to the organization. Relaying the data to the right people will guarantee success of the vulnerability assessment program since they will be able to authorize and initiate the best ways to address the exposures identified on time before an impeding attack takes place. SANS Institute (2001) illustrates that vulnerability assessments are very crucial to an enterprise and should be adopted. The reasons given for the use of vulnerability assessment is that the existing enterprise controls may not sufficiently provide comprehensive assurance of ongoing and appropriate confidentiality, availability of information and integrity. A good image is illustrated on how security is managed and improved, with the identification of areas that need consideration, when the vulnerability assessment is used by an organization. The author, SANS Institute (2001), still advices that the development of policies that are firm will enable timely completion of the vulnerability assessment program in line with the needs of the organization. The Vulnerability assessment program will be helpful to the management of the organization through provision of a continuous base from which their assessments are compared from. The assessment program should be able to enable the enterprise create inventory of all devices that is very essential in programming for upgrades and assessments in the future. The data should enable the prediction of future possible attacks hence very useful for the security system of the organization. When approved and used by the management, then the program will be considered official and authorized for use by the official activities of the organization. Conclusion The burden of compliance efforts, reduction of risk levels by the corporations and organizations, due diligence performance provision of forensic data and report generation for technology metrics use can be aided by a leveraged vulnerability assessment program. The program will increase the defense depth of the organization against attacks and increase knowledge and skills on how to identify and mitigate exposures and threats. Using the vulnerability assessment program therefore, will be very essential in providing the cyber business a safer and protected computing atmosphere. References Proffitt, T. (2008). Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard. SANS Institute (2001). Vulnerability Assessments: The Pro-active Steps to Secure Your Organization R2A- Due Diligence Engineers