I need APA citation 5 references
Attached is SAR outline template. The way the paper should be written.
Here are some thoughts on how Project 2 can be approached.
Again, watch the video and read the transcript to understand the scenario and work your Project with the scenario in mind. The objective is to essentially provide two things;
(1)A Security Assessment Report or SAR on the state of the Microsoft and Linux operating systems within the fictitious organization in the scenario, and
(2) Create a non-technical narrated presentation.
There is no executive summary. So your narration can either be audio on your slides or simply written speakers notes in the note area. The audience for the presentation is the executive level and for the SAR it is the leadership who are both technical and non-technical.
Going through the Steps you will see that you the SAR have the following:
- A brief definition and explanation of OSs and information systems. See Step 1, Items 1-4. Note that although there may be specific questions in each step, you are not necessarily just answering these. You cover those aspects in your writing (in the OS overview in this case).
- Continue with a brief overview of the advantages, disadvantages, known vulnerabilities or security issues for each OS. Again see Items 1-6 in Step 2.
- You will be scanning the two OSs. So the next thing you include in your SAR is what you are going to do, how you will do it, what tools you will use, any pros and cons of each tool, what information the tools will provide and why this data will be important. The Step gives examples of the data (password strength, Internet Information Services or IIS administrative vulnerabilities, etc.) which you can talk about. Talk means why they are important. What types of issues could they have? What impact could those issues have on the business? Etc.
- Include your OS scan results in an Appendix, but from those results prepare professional tables, charts, graphs, etc. which convey the issues. Some people like to divide the results into extremely important, lesser importance and those in the middle. You can create dashboard summaries for your presentation too.
- Along with the tables you will discuss the findings, how the two tools might have found different issues, any disagreements between tools, etc. and also conclude which tool you recommend be routinely used (or neither or both) and why.
- Your final recommendations will be what issues should be addressed, in what order, and why (roadmap). Convincing reasons are quantitative impact on the business vs. perhaps how costly it would be to take action. Include how. (See Step 6, Items 1-2.)
Check Step 7 for information in the non-technical presentation to upper-management/executives. There are a few key statements about the purpose of the presentation.
- Upper-management is interested in the bottom line. Help them understand the technical vulnerabilities you found by giving them the business consequences.
- Help them understand that having these issues is normal for an organization and they just need to address them.
- Help them clearly see their required actions and/or approvals.
- Remember the options are to do nothing and accept the risk, to take all, or some, of the recommended actions. Also remember that there are often multiple actions that can be taken for a given vulnerability. Help them understand which to settle on. You can make the suggested steps clear to them at the very end.
A sample outline for the SAR is attached.
Project 2 START HERE PAGE
The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer’s memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer’s memory, central processing unit, and storage. The OS coordinates all these activities and ensures that sufficient resources are applied. These are the fundamental processes of the information system and if they are violated by a security breach or exploited vulnerability it has the potential to have the biggest impact on your organization.
Security for operating systems consists of protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could consist of a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data. It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (whether it is a Microsoft, Linux, or another type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.
There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:
- Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
- Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
- In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
- 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
- 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
- 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
________________________________________________________________
Step 1: Defining the OS
The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.
Click on and read the following resources that provide essential information you need to know before creating a thorough and accurate OS explanation:
- operating systems fundamentals
- the applications of the OS
- The Embedded OS
- information system architecture
- cloud computing
- web architecture
- After reviewing the resources, begin drafting the OS overview to incorporate the following:
- Explain the user’s role in an OS.
- Explain the differences between kernel applications of the OS and the applications installed by an organization or user.
- Describe the embedded OS.
- Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture..
Include a brief definition of operating systems and information systems in your SAR.
Step 2: OS Vulnerabilities
You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying “So what?” The organization’s leaders are not well versed in operating systems and the threats and vulnerabilities in operating systems, so in your SAR, you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.
Prepare by first reviewing the different types of vulnerabilities and intrusions explained in these resources:
- Windows vulnerabilities
- Linux vulnerabilities
- Mac OS vulnerabilities
- SQL PL/SQL, XML and other injections
Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:
- Explain Windows vulnerabilities and Linux vulnerabilities.
- Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.
- Explain the motives and methods for intrusion of the MS and Linux operating systems;
- Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.
- Describe how and why different corporate and government systems are targets.
- Describe different types of intrusions such as SQL PL/SQL, XML, and other injections
You will provide leadership with a brief overview of vulnerabilities in your SAR.
Step 3: Preparing for the Vulnerability Scan
You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of the organization’s operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the purpose, goals, objectives, and execution of vulnerability assessments and security updates:
- Vulnerability assessments
- Patches
Then provide the leadership with the following:
- Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organizations OS.
- Include a description of the applicable tools to be used, and the limitations of the tools and analyses, if any. Provide an explanation and reasoning of how the applicable tools to be used, you propose, will determine the existence of those vulnerabilities in the organizations OS.
- Include the projected findings from using these vulnerability assessment tools.
In your report, discuss the strength of passwords, any Internet Information Services’ administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities.
Step 5: The Security Assessment Report
By utilizing security vulnerability assessment tools, such as MBSA and OpenVAS, you now have a better understanding of your system’s security status. Based on the results provided by these tools, as well as your learning from the previous steps, you will create the Security Assessment Report (SAR).
In your report to the leadership, emphasize the benefits of using a free security tool such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.
Remember to include these analyses and conclusions in the SAR deliverable:
- After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.
- You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.
Include your SAR in your final deliverable to leadership.
Step 6: The Presentation
Based on what you have learned in the previous steps and your SAR, you will also develop a presentation for your company’s leadership.
Your upper-level management team is not interested in the technical report you generated from your Workspace exercise. They are more interested in the bottom line. You must help these nontechnical leaders understand the very technical vulnerabilities you have discovered. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your nontechnical presentation:
- How do you present your technical findings succinctly to a nontechnical audience? Your Workspace exercise report will span many pages, but you will probably not have more than 30 minutes for your presentation and follow-up discussion.
- How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.
- How do your Workspace exercise results affect business operations? Make sure you are presenting these very technical results in business terms that upper-level management will understand.
- Be very clear on what you propose or recommend. Upper-level management will want to not only understand what you discovered; they will want to know what you propose as a solution. They will want to know what decisions they need to make based on your findings.
Your goal for the presentation is to convince the leadership that adopting a security vulnerability assessment tool (such as MBSA) and providing an extra security layer is a must for the company.
The deliverables for this project are as follows:
- Security Assessment Report (SAR): This report should be a 7-8 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
- Nontechnical presentation: This is a set of 8-10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
- In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
- 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
- 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
- 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 6-12hours? Order a custom-written, plagiarism-free paper
Get Answer Over WhatsApp Order Paper Now