Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers...
Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers spread throughout the world. A new "zero-day" vulnerability is discovered, and warnings are sent out by major security firms (Zero-day vulnerabilities are recently discovered previously unknown system or software weaknesses). This vulnerability affects 90 percent of your systems, including the servers. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced? What steps should the organization have taken to identify these systems prior to this incident?
Homework Answers
1. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced?
Vulnerability management is a vital part of any business/organization. Every organization should have a dedicated team to manage any vulnerabilities happening. By having a proper vulnerability management team, prioritizing mitigation efforts becomes easy.
By accomplishing an accurate view of your entire attack surface ( in this case 90 percent of the systems. including the servers are vulnerable), you can adequately and effectively respond to those vulnerabilities which represent the greatest threat to your organization. It requires a new way to deal with such vulnerabilities and is called Cyber Exposure.
Cyber Exposure is basically focused on the following four questions:-
- Where are we exposed?
- How should we prioritize based on our approach?
- How are we reducing our exposure over time?
- How do we compare with others?
2. What steps should the organization have taken to identify these systems prior to this incident?
Active prioritization requires complete transparency to your attack surface. These are the following steps that should be taken by the organization to identify these systems prior to this incident -
- By prioritizing your previous threat responses based on vulnerabilities for which exploits happened.
- By letting your data drive actions. When you encounter any vulnerabilities, you will be well informed about where to respond first.
- By maintaining an active response team and giving them proper instructions on when to do what when such incidents happen in the future.
- By keeping an updated inventory of critical asset so you know accurately what is at risk and where attackers are most likely to take aim.
Add Answer to:
Assume that you work for an organization that has around 10,000
desktops/laptops and approximately 1,000 servers...
A new version of the operating system is being planned for installation into your department’s production...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...
How can we assess whether a project is a success or a failure? This case presents...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
Most questions answered within 3 hours.
-
What is the net ionic equation for the reaction that would occur
when an aqueous solution...
asked 2 hours ago -
A
student bought $1000 worth of furniture. What is the equivalent
annual cost if it is...
asked 2 hours ago -
What taboo subject did Ida B. Wells suggest was consensual
between black men and white women?...
asked 4 hours ago -
You have just been hired by the EPA to help with the new gas
mileage standards...
asked 5 hours ago -
4) A firm is hit by increases in its wage rate, w.
a) How does this...
asked 5 hours ago -
A square current loop 5.4 cm on each side carries a 510 mA
current. The loop...
asked 7 hours ago -
What are five tips in conducting knowledge assessment/literature
review research? Each of these tips needs to...
asked 8 hours ago -
Antigen presenting cells link innate and adaptive immune
responses. In the theoretical scenario where phagosomes cannot...
asked 8 hours ago -
Dealing with conflict, in my opinion, is a skill and an art. I
believe that those...
asked 8 hours ago -
6. A long straight wire with circular cross section and radius
1.5 cm carries a 1.2...
asked 9 hours ago -
Deacon Corporation has provided the following financial data
from its balance sheet and income statement:
Year...
asked 9 hours ago -
List and discuss at least three variables from everyday life for
which you expect the variable ...
asked 9 hours ago