Posted: April 4th, 2022

Report On Vulnerability Assessment Plan

Report On Vulnerability Assessment Plan
Name
Institution

Report On Vulnerability Assessment Plan
In SME, a vulnerability assessment is significant as it enables the enterprise to understand its security environment. The assessment will also provide the business with directions on how the risks and weaknesses identified in the security environment can be reduced and eliminated. This report provides the vulnerability assessment plan for Small-to-Medium Enterprise (SME). The major aspects covered in the report include proposal and justification of the parts for the business that should be tested and those that should not, the assessment process, the timeline of the assessment, tools that would be utilized in the assessment, any risks associated with the vulnerability assessment processes, and the need and outcome of a vulnerability assessment.
Parts of Business to be Tested and What Should Not
The parts that should of the business that should be tested and those that should not be tested in the vulnerability assessment process should be defined, identified, classified, and prioritized before the assessment is initiated. In SME, the parts that should be tested for vulnerability are mainly connected to system security and functioning. The parts of the business that should be tested include the wired and non-wired networks by conducting network-based scans for detecting network security vulnerabilities. The host-based scans can also be conducted in the effort of detecting issues in the network system. The enterprise’s network system is essential as it connects the business with the outside world, making it a target for attacks. The other part of the business that should be tested is the working stations and servers. By conducting host-based scans, the business can identify and locate various possible vulnerabilities in their working stations and servers, which serve a significant role in the organization’s system functioning and operations.
The business’s wireless network structure should be tested to identify the most probable points of attacks that can have a devastating impact on business operations and systems. Assessment of the wireless network also enables the enterprise to know the configuration state of the wireless network. The business website should be tested for vulnerability, which is conducted through application scans that examine the website to detect software that is vulnerable or for identifying any configuration error in the network (Rouse, 2020). The other business part that should be tested for vulnerability is the database. Since the database holds the organization’s information, making sure any faulty connections that might result in cyber-attacks are identified is significant. However, there some parts of the business that should not be tested on the vulnerability assessment. The parts of the business that do not require testing are mainly those that do not directly impact the security of the business’s systems and networks. They include target market, marketing strategy the business, the business competitors, financial documentation, management and personnel, and the business metrics.
Vulnerability Assessment Process
The objective of vulnerability assessment processes is to detect and remediate system security vulnerabilities. The process consists of five phases. The first phase of the vulnerability assessment process is the preparation phase. The preparation phase involves determining the systems and networks that would be assessed, identifying the location of sensitive data, and the most critical systems and data. Besides determining the in-scope systems, the phase also involves the business identifying and determining the types of scans to be utilized in the testing processes. The types of scans involved include internal and external scans. The internal scans are performed from the perspective of an attacker on the internal network and systems, while the external scans are performed to provide security vulnerability from a perspective of an external attacker on the business network and systems.
The second phase of the vulnerability assessment process is the initial vulnerability scan. The phase involves scanning the identified parts in the network and system. The scanning process can be conducted either manually or through automated tools. The use of scanning tools is recommended in the phase as they offer a wide range of reporting options that enable the business to visualize the results and develop reports, including the number of vulnerabilities detected and the overview of vulnerabilities per technology (Palmaers, 2014: 2024 – Essay Writing Service. Custom Essay Services Cheap). The third phase of the vulnerability assessment process is the remediation phase. In this phase, the remediating actions are defined by the asset owners, the security officer, and the IT department. The remediating actions would be assigned based on the security priority with clear deadlines for implementing the remediating action provided.
The fourth phase of the process is to implement remediating actions, which should be conducted based on the agreed timeframe and priority defined in the remediation phase. In the process that an issue occurs during the implementation of remediating actions, the alternative actions are defined and implemented. The status of remediating actions should be closely tracked to ensure efficiency. The last phase of the vulnerability assessment process is rescan. The rescan phase is used to verify the remediation actions implemented by using the same tools and configuration settings applied in the initial vulnerability scanning phase. Conducting the rescan phase is significant in preventing inaccurate results as a result of configuration change or errors.

Timelines
Phase Deliverables Duration (days)
Preparation Defining scope of vulnerability management 2
Determining types of scanning tools 2
Informing relevant asset owners 1
Initial Vulnerability Scan Start vulnerability scan and monitoring of systems under scan 2
Receive scan results and communicate issues 2
Define remediating actions Analyze vulnerabilities and associated risks 2
Provide input and recommendations for risk remediation 2
Define corrective action 1
Implement remediating actions Implement corrective actions 5
Record issues 1
Implement alternatives 3
Rescan Perform rescan 2
Analyze results 2

Vulnerability Assessment Tools
Vulnerability assessment tools used in the SME assessment process include Metaspoilt, a software designed to imply a code that can enter another system by penetrating essential security measures. The tool can test the security of web applications, networks, and servers on Linux, Microsoft Windows, and Apple Mac OS X. Another assessment tool is the Wireshark, a network protocol analyzer. The tool can explore network vulnerabilities to view status and activities on a network and extract details such as packet information, network protocols, and decryption (Testbytes, 2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). The business can also utilize Nessus, an assessment tool that scans different vulnerabilities in a computer system, including embedded scripting language, authenticated security checks, and configuration.
The risks that the assessment might present
There are various risks associated with the vulnerability assessment process, especially during vulnerability scanning. Vulnerability scanning usually involves sending a large number of packets to systems, which might cause unusual effects, including disruption of network equipment. Lack of effective selection of the scanning tools might result in systems becoming unavailable or other applications to have a poor response, which reduces the accuracy of the scanning results.
The SME should consider proceeding with the vulnerability assessment plan as it will help identify security exposures that can be utilized by attackers. The process outcome will also identify the level of risks and the remediating actions that should be applied. Therefore, the SME will become more secured at the end of the implementation of the vulnerability assessment plan than it is now.

References
Palmaers, T. (2014: 2024 – Essay Writing Service. Custom Essay Services Cheap). Implementing a Vulnerability Management Process. SANS Institute. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/implementing-vulnerability-management-process-34180
Rouse, M. (2020). Vulnerability Assessment (Vulnerability Analysis). TechTarget. Retrieved from https://searchsecurity.techtarget.com/definition/vulnerability-assessment-vulnerability-analysis
Testbytes. (2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). Penetration Testing Tools for Small Business. Retrieved from https://www.testbytes.net/blog/penetration-testing-tools-small-business/

Order | Check Discount