Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers...
Assume that you work for an organization that has around 10,000 desktops/laptops and approximately 1,000 servers spread throughout the world. A new "zero-day" vulnerability is discovered, and warnings are sent out by major security firms (Zero-day vulnerabilities are recently discovered previously unknown system or software weaknesses). This vulnerability affects 90 percent of your systems, including the servers. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced? What steps should the organization have taken to identify these systems prior to this incident?
Homework Answers
1. How should the organization go about prioritizing mitigation efforts once the vulnerability is announced?
Vulnerability management is a vital part of any business/organization. Every organization should have a dedicated team to manage any vulnerabilities happening. By having a proper vulnerability management team, prioritizing mitigation efforts becomes easy.
By accomplishing an accurate view of your entire attack surface ( in this case 90 percent of the systems. including the servers are vulnerable), you can adequately and effectively respond to those vulnerabilities which represent the greatest threat to your organization. It requires a new way to deal with such vulnerabilities and is called Cyber Exposure.
Cyber Exposure is basically focused on the following four questions:-
- Where are we exposed?
- How should we prioritize based on our approach?
- How are we reducing our exposure over time?
- How do we compare with others?
2. What steps should the organization have taken to identify these systems prior to this incident?
Active prioritization requires complete transparency to your attack surface. These are the following steps that should be taken by the organization to identify these systems prior to this incident -
- By prioritizing your previous threat responses based on vulnerabilities for which exploits happened.
- By letting your data drive actions. When you encounter any vulnerabilities, you will be well informed about where to respond first.
- By maintaining an active response team and giving them proper instructions on when to do what when such incidents happen in the future.
- By keeping an updated inventory of critical asset so you know accurately what is at risk and where attackers are most likely to take aim.
Add Answer to:
Assume that you work for an organization that has around 10,000
desktops/laptops and approximately 1,000 servers...
A new version of the operating system is being planned for installation into your department’s production...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...
How can we assess whether a project is a success or a failure? This case presents...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...
CASE 8 Unlocking the Secrets of the Apple iPhone in the Name of access the male San Bernardino suspect's iPhone 5c. Cook stated: Antiterrorism We are challenging the FBI's demands with the deepes respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications While we believe the FBI's intentions are good, if would be wrong for the w e nt to force...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
Most questions answered within 3 hours.
-
An infinite sheet of charge that has a surface charge density of
39 nC/m2 lies in...
asked 1 minute ago -
After watching the lectures I am still having a hard time
understanding these equations.
1. The...
asked 1 hour ago -
Testing:
H0:μ=56.9
H1:μ<56.9
Your sample consists of 23 subjects, with a mean of 56.3 and
standard...
asked 1 hour ago -
straight wire, labeled as Wire A, lies horizontally on a
tabletop and is oriented to run...
asked 1 hour ago -
For a Chi-Squared Goodness of Fit Test about a uniform
distribution, complete the table.
Round to...
asked 1 hour ago -
Milk of magnesia is only slightly soluble in water. Kc for the
reaction Mg(OHs)(s)>Mg2+(a) + 2OH-1(aq)...
asked 1 hour ago -
Excel's HYPGEOM.DIST function can be used to compute _____.
a. both hypergeometric probabilities and cumulative
hypergeometric...
asked 2 hours ago -
The rocket used for the human lunar missions was the Saturn V
rocket. At liftoff the...
asked 1 hour ago -
1. The East Street Bagel Shop has a weekly demand for 3,500
bagels, which they make...
asked 1 hour ago -
paraphrasing each paragraph
“Where two or more persons knowingly act together unlawfully,
the act of each...
asked 1 hour ago -
The lateral line system in fish is contained which of the
following?
chemoreceptors
photoreceptors
mechanoreceptors
odor...
asked 1 hour ago -
Find the y-intercept of y =-5 x. The y-intercept of y equals
negative 5 x is______...
asked 2 hours ago