I’m working on a science writing question and need guidance to help me understand better.Assessing Information System Vulnerabilities and RiskYou are an information assurance management officer (IAMO) at an organization of your choosing. One morning, as you’re getting ready for work, you see an email from Karen, your manager.
She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen’s office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There’s been a security breach at the Office of Personnel Management.”We don’t know how this happened, but we need to make sure it doesn’t happen again, says Karen. You’ll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management.At your desk, you open Karen’s email. She’s given you an OPM report from the Office of the Inspector General, or OIG.
You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems.Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report, or SAR.
You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation.Project 2: Assessing Information System Vulnerabilities and RiskStep 8: Creating the SAR and RARYour research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership.Prepare a Security Assessment Report (SAR) with the following sections:
Purpose
Organization
Scope
Methodology
Data
Results
Findings
The final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment.Prepare a risk assessment report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation.Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings.
Include this high-level plan in the RAR.Summarize the results you obtained from the OpenVAS vulnerability assessment tool in your report.The deliverables for this project are as follows:Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab: In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.
Submit your deliverables below.Check Your Evaluation CriteriaBefore you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of standards that either are compliant with or derived from established standards or guidelines.
5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology.
7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence approporiately.
Requirements: 8 – 10 pages
