Assessing Information System Vulnerabilities and RiskYou are an information assurance management officer (IAMO) at an organization of your choosing. One morning, as you’re getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen’s office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There’s been a security breach at the Office of Personnel Management.”We don’t know how this happened, but we need to make sure it doesn’t happen again, says Karen. You’ll be receiving an email with more information on the security breach.
Use this info to assess the information system vulnerabilities of the Office of Personnel Management.At your desk, you open Karen’s email. She’s given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems.Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report, or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation.
In this project, there are eight steps, including a lab, that will help you create your final deliverables. The deliverables for this project are as follows:Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
CompetenciesYour work will be evaluated using the competencies listed below.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines.
5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology.
7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.
Requirements: 8 to 10 pages double spacing
