Premium Essay

Security Assessment

In: Computers and Technology

Submitted By moti80
Words 652
Pages 3
Security Assessment

Methodology and Tools for Conducting Security Assessment Footprinting and scanning an organization involves gathering information about the organization in both the passive and active forms. Active footprinting involves assessing the required information about the company through the website, while the passive footprinting is where one would find out the information directly with the organization through the customer care or from an employee of the organization. Security assessment of organizations is carried to identify the security issues such as the risks that the company is exposed to through the information is available from the company’s website or the customer care desk. For most organizations, important information about the company is stored in the company’s database through cloud computing of the website (Gupta, 2013). The existence of high risks in an organization requires the need for an intensive security assessment. In conducting the security assessment, the following tools and methodologies are used;
Web Application Security Scanner The web application security scanner is a tool that is used by organizations in speeding up the process of identifying the web applications vulnerabilities. Company websites, for instance, are vulnerable to various risks that lead to loss or lack of privacy of the information saved in the company’s database. The tool thus, assists in identifying the vulnerabilities in the shortest time possible. With the complexities of the current web applications, the security scanner would help one obtain the information faster (Subashini and Kavitha, 2011). In assessing the footprints and the scans for the company, the exercise should involve an entire scan of the site to identify all the vulnerabilities.

Hyper-Text Transfer Protocol Editor The use of the HTTP Editor in foot printing and…...

Similar Documents

Premium Essay

Security Assessment for Aircraft Solutions

...Security Assessment for Aircraft Solutions Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates 5 Recommended Solutions 6 A Hardware Solution 6 Impact on Business Processes 9 A Policy Solution 9 Impact on Business Processes 10 Summary 10 References 12 Executive Summary This report will seek to evaluate and address security weaknesses with the Aircraft Solutions company. As security weaknesses are pointed out relating to hardware and policy weaknesses, recommendations will be made to Aircraft Solutions to be examined and hopefully implemented to improve IT security operations. Aircraft Solutions, located in Southern California, recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. In reviewing Aircraft Solutions and its operations, uncovered were security vulnerabilities. Two vulnerabilities that were evident were issues with a lack of firewalls and the current security policy in place that is reviewed only every two years. Recommendations have been made that made help to remedy these vulnerabilities through the use of virtualization and by changing the security policy to be evaluated semi-annually instead of every two...

Words: 2450 - Pages: 10

Free Essay

Computer Security Assessment

...Answer a) The MPS is a very large organisation which employs over 50,000 people. A dedicated “solution” is needed for- • Keeping the records of the employees. • Limited access to data from the database. • Automatic upgradation as promotions and demotions of employees takes place. • A single, unique and effectively managed identity repository to help reduce cost and save time. RBA approaches are accepted as strong and efficient technologies for access control. Answer b) If MPS is to strengthen user authentication then biometric techniques will bring a definite improvement by increasing the level of security and being cost effective. That’s because biometric techniques are the authentication methods that use one or more intrinsic physical or behavioural characteristics for recognising an individual. So, there is no question of forgetting passwords or access by some other person by steeling password of the authentic person. Current biometric systems use the enrolment process. This process has a risk of an attacker gaining access to the stored template. If once the biometric measurements are stolen then it is impossible to change the owners’ physical characteristics. So, there is need for template free biometric techniques which is free from templates which stores pre-captured data for comparison before authentication is achieved. This will reduce unauthorised access to confidential information and fraudulent information authoring. Answer c) Biological identity......

Words: 550 - Pages: 3

Premium Essay

Security Risk Assessment

...Security Risk Assessment Southern New Hampshire University Michael Hallin Security risk analysis, which is also known as risk assessment, is essential to the security of any company and benefits the overall business goal. It is vital in ensuring that controls and costs are fully equal with the risks to which the organization is exposed. Having a well laid plan for disaster recovery comes from a good risk analysis of a company. A company’s IT Business Manager and associated team must identify and assess the organizations assets and give them a value. A good IT risk assessment involves identifying what functions need to be reestablished first after a disaster or an attack to the system. Restoration to full operational capability is significantly enhanced when the company is prepared and has taken appropriate action prior to an emergency or disaster (Group, 2005). The steps to identifying IT risks in a company include: determining which of the company’s assets have the most value to the business, identifying the risks that are applicable to those assets. After the risks are identified, they need to be logically examined to see how likely the risk can occur. If the risk is likely to be a factor, then the companies must take action to mitigate those risks. An example of this would be the company’s exchange server, which in almost all companies is a priority 1 asset, also called an essential entity. A server always has a risk of crashing; an exchange server has......

Words: 902 - Pages: 4

Free Essay

Security Assessment

...The residence that will be assessed for security vulnerability is located in Rancocas, New Jersey. The house is situated in a small historic town that is completely encircled with trees. There are currently 125 houses in the community with no prospects for future development. The youngest house within the small town is 135 years old with the oldest being 165 years old. The residence that is being assessed is approximately 2000 square feet and is partnered with a 500 square foot detached garage and a 250 square foot storage building. Dwelling Description: The main house has three points of entry including the front entrance, a side entrance, and a basement entrance. The front entrance has a gridded glass entrance door and a metal security door with a normal entry lock and a deadbolt lock. Having a strong, well-constructed door is key to preventing a break in. According to the Washington Post (2008), “34 percent of all burglaries usually occur by way of the front door”. The side entrance has a wooden door and a metal security door with a normal entry lock and a deadbolt lock. The basement entrance is a standard weather door that has a latch that fastens the doors together to prevent access. The residence has 32 windows scattered across four floors. Of the 32 windows, 24 of the windows are new double-hung windows with security latches and double locks. The remainder of the windows is wooden weighted windows original to the house, with circle latch fasteners......

Words: 901 - Pages: 4

Free Essay

Security Assessment Recommendations

...Course Project: Security Assessment Recommendations Vincent Hill DeVry University Keller Graduate School Principles of Information Security and Privacy SE571 Professor Krell April 15, 2012 Course Project: Security Assessment Recommendations INTRODUCTION An organization that specializes in making web site and providing web business solutions is known as Quality web design is. The company’s goal is to help its customers increase consumer generated revenue to Quality Web Design customer web sites. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Quality Web Design should be made aware of various security issues, even those that are not common. Identified are two of the potential security weaknesses that require improvement, and the possible remedies for each threat. The company Quality Web Design provides business solutions to the customers... The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, up gradation whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets......

Words: 1453 - Pages: 6

Premium Essay

Testing and Monitoring Security Controls & Security Audits and Assessments

...Testing and Monitoring Security Controls & Security Audits and Assessments Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. * Authentication failures are one type of security event. A baseline anomalie that may indicate suspicious activity are unauthorized access attempts that can be found within log files. The log files contain records of all types of security events such as logon events, changes in system configuration and attempted violations of policy as well as system events like service startups and closures, errors and system warnings. * A second security event could be a sudden increase in overall traffic. It could simply mean that your website has been mentioned by a popular source, or it could mean that someone is trying to cause harm to your site. Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities. * Problem: Removable storage drives introduce malware filtered only when crossing the network. Solution: Limit user privileges that only include those that are required by the duties that are assigned to that individual. This will hopefully make it clear that no removable storage devices are to be connected to the network, no matter the circumstances unless they are screened first. * Problem:......

Words: 316 - Pages: 2

Premium Essay

Dlis Information Security Risk Assessment

...| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 | | * Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 * Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using...

Words: 1209 - Pages: 5

Free Essay

Security Assessment and Recommendations for Aircraft Solutions

...Security Assessment and Recommendations for Aircraft Solutions Principles of Information Security and Privacy Keller Submitted: December 11, 2013 Executive Summary The purpose of this report is to investigate the vulnerabilities of Aircraft Solutions (AS) in the areas of hardware and policy. Furthermore, it provides recommended solutions to the security weaknesses mentioned in Phase 1. Aircraft Solutions is a well known leader in the design and production of component products and services for companies ranging from commercial industry to the aerospace industry. In addition, Aircraft Solutions maintains a large capacity plant filled with an extensive variety of equipment, which is mostly automated alongside skilled specialists in a range of fields to ensure they meet their customers’ needs. The weaknesses that are being addressed are hardware and policy. Company Overview Aircraft Solutions is a leader in the planning and production of component products and services for companies in the electronics, commercial, defense, and aerospace industry. The headquarters of Aircraft Solutions is located in San Diego, California. The goal of Aircraft Solutions is to use machined products and related services to supply customer success, and to achieve cost, quality, and schedule requisites. They have a Defense Division (DD) of Aircraft Solutions located in Orange County, California and a Commercial Division (CD) located in San Diego County, California. ......

Words: 1560 - Pages: 7

Premium Essay

Security Risk Assessment Process

...Security Risk Assessment P1. Operational risk assessment is the process of determining what threats and vulnerability’s affect an organizations critical business processes. Operation risk assessment is a life cycle process that needs to be conducted often to determine if there are new threats and vulnerability’s to the organization. Without conducting a routine risk assessment an organization is left with exposure to hazards and accidents which lead to a loss. An operational risk assessment consist of risk identification, risk analysis and risk evaluation. The assessment is used to create a risk management policy which gives the best courses of action to mitigate from any threat and vulnerability’s. A risk is the possibility of a loss from exposure to a hazard by conducting an operational risk assessment the end result is to reduce the amount of risk to a project, equipment and personnel. Management are the ones who use risk management to minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly and given the correct level of......

Words: 1525 - Pages: 7

Premium Essay

Applying Owasp to a Web Security Assessment

...Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential......

Words: 574 - Pages: 3

Premium Essay

Security Assessment and Recommendations

...SE571 Course Project:  Security Assessment and Recommendations SE571 Course Project:  Security Assessment and Recommendations Charlie Furze Professor: Eddie Wachter SE571 Principles of Information Security and Privacy Keller Graduate School of Management July 24, 2015 Table of Contents Executive Summary 1 Company Overview 1 Security Vulnerabilities 3 A Hardware Example Title 3 A Software Example Title 4 Recommended Solutions 5 A Hardware Example Solution 6 A Software Example Solution 8 Impact on Business Processes 9 Budget 10 Summary 11 References 12 Executive Summary The executive summary can’t really be completed until the course project is completed. This is because the section should summarize BRIEFLY the entire paper. There should be one or two sentences about the purpose of the report, a one to two-sentence description of the company and then a quick summary of the two vulnerabilities and the two solutions that you have identified. Company Overview Here you should identify which of the two company scenarios you are using and briefly summarize the organizations products or services, and business processes. Two Security Vulnerabilities Software Vulnerability Remember, you need to choose only two vulnerabilities from the three categories: hardware, software and policy. It is recommended that you make them limited in scope and very specific. Also, before starting on this section, be sure you have a very......

Words: 1180 - Pages: 5

Premium Essay

Itrust Database Software Security Assessment

...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the......

Words: 7637 - Pages: 31

Free Essay

Company Security Assessment

...investigating the issue would be to complete an assessment of the network. A review of the traffic that is produced in and out of the company’s network is key to understand what is going on with the network. It is critical to select the appropriate personnel to make up the team that will oversee the security management and assessment activities. Needed on the team are people that have experience in security management and also people that have experience in the financial industry. Team members will have one person from each department, preferably the head or second in command: Network security Personnel: This person is part of the network security team. They are on the team that manages and maintains all network related security devices such as the Intrusion Prevention Systems, Firewalls...etc. Operations personnel: These people understand the company’s daily operations. Finance: This person is on the team that manages the finances of the company. They will be able to provide info on what type of resources can be used for the assessment and the correction of issues. Executive representative: This person will either be an executive or on the board. Buy-in must come from the top of an organization so it is very important that the CEO has someone within the company to be aware of the actions being performed as part of the assessment. There will be different roles and tools that will be used as part of the company’s assessment. On the assessment team there will be......

Words: 1289 - Pages: 6

Premium Essay

Security Assessment

...Security Assessment for JLJ Information Technology Group By John Jacobs Table of Contents Company Description 3 Management Controls 3 Operational Controls 4 Technical Controls 5 Concerns and Recommendations 6 Conclusion 7 References 8 Company Description JLJ Information Technology Group helps organizations of all sizes to successfully do business online. Their complete portfolio of technology services drives business effectiveness and profitability for many customers not only in the United States but also around the world. The breadth of their offering extends from helping small businesses build an online presence through to managing the complex technology environments of large enterprises and governments including Internet domain name services, critical web hosting, online brand protection and promotion, video content delivery, application development services, managed cloud and security services and more. JLJ IT Group’s culture of integrity, innovation, collaboration and customer centricity has been built by its large team of passionate professionals that have been delivering managed online services since 2001. The customers range from small businesses to Fortune 500 companies and internationally recognized government organizations. Here at JLJ IT Group they design, build and manage software enabled Cloud and Mobile Solutions for large Corporate and Government......

Words: 2610 - Pages: 11

Premium Essay

Security Assessment and Recommendations

...SE571 Principles of Information Security and Privacy James Smikonis Week 3 Project March 18, 2012 Professor George Danilovics Security Assessment and Recommendations A report needs to be assessed for Aircraft Solutions. This report consists of a security assessment that exhibits all founding flaws in their system, as well as giving AS a report regarding their current infrastructure. Aircraft Solutions is a component fabrication and equipment company that delivers different architectural designs. One of their specialties is establishing communications and solutions to defense, commercial, aerospace industries. The employees at AS are fully qualified for the tasks they entail hence making their workforce more efficient and supplying outstanding service. The purpose of this assessment is to investigate the weaknesses that are presented in the operations of Aircraft Solutions (AS). While conducting this assessment, we will expose vulnerabilities; give an analysis of any relative threats, risks that will be addressed and a comprehensive analysis of the relative threats and consequences pertaining to this mission. Assessment and Investigation After carefully examining the three sections pertaining to Aircraft Solutions, we found that policy and hardware related issues require special attention. We found that Aircraft Solutions does not utilize any firewall between the commercial division and the Internet Gateway. In fact, we exhibited that the Department Defense......

Words: 907 - Pages: 4