Question

Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers...

Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers spread throughout the world. A new "zero-day" vulnerability is discovered, and warnings are sent out by major security firms (Zero-day vulnerabilities are recently discovered previously unknown system or software weaknesses). This vulnerability affects 90 percent of your systems, including the servers. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced? What steps should the organization have taken to identify these systems prior to this incident?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

1. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced?

Vulnerability management is a vital part of any business/organization. Every organization should have a dedicated team to manage any vulnerabilities happening. By having a proper vulnerability management team, prioritizing mitigation efforts becomes easy.

By accomplishing an accurate view of your entire attack surface ( in this case 90 percent of the systems. including the servers are vulnerable), you can adequately and effectively respond to those vulnerabilities which represent the greatest threat to your organization. It requires a new way to deal with such vulnerabilities and is called Cyber Exposure.

Cyber Exposure is basically focused on the following four questions:-

  1. Where are we exposed?
  2. How should we prioritize based on our approach?
  3. How are we reducing our exposure over time?
  4. How do we compare with others?

2. What steps should the organization have taken to identify these systems prior to this incident?

Active prioritization requires complete transparency to your attack surface. These are the following steps that should be taken by the organization to identify these systems prior to this incident -

  1. By prioritizing your previous threat responses based on vulnerabilities for which exploits happened.
  2. By letting your data drive actions. When you encounter any vulnerabilities, you will be well informed about where to respond first.
  3. By maintaining an active response team and giving them proper instructions on when to do what when such incidents happen in the future.
  4. By keeping an updated inventory of critical asset so you know accurately what is at risk and where attackers are most likely to take aim.
Add a comment
Know the answer?
Add Answer to:
Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of...

    CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...

  • CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male...

    CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...

  • How can we assess whether a project is a success or a failure? This case presents...

    How can we assess whether a project is a success or a failure? This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT