No More Worries!


Our orders are delivered strictly on time without delay

Paper Formatting

  • Double or single-spaced
  • 1-inch margin
  • 12 Font Arial or Times New Roman
  • 300 words per page

No Lateness!

image Our orders are delivered strictly on time without delay

AEW Guarantees

image

  • Free Unlimited revisions
  • Guaranteed Privacy
  • Money Return guarantee
  • Plagiarism Free Writing

Security Assessment Report (SAR)

Posted on | by Kelvin

Based on the Assignment Scenario, determine the risk associated with the vulnerabilities. Use NIST SP 800-30 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf to calculate the risks for each vulnerability.

Part 1 – Report Risk
Develop a 2- to -3-page Security Assessment Report (SAR) using the Wk 4 Assignment Template https://myresource.phoenix.edu/secure/resource/CYB407v2/CYB407_v2_Wk4_Assignment_Template.docx. The Security Assessment Report (SAR) should include the following for each vulnerability:
• Vulnerability title
• A precise vulnerability description
• Likelihood
• Impact
• Overall risk level
• Logical recommendations for mitigation

Part 2 – Communicate the Risk to Leadership
Develop a 10- to 12-slide Microsoft® PowerPoint® presentation documenting the risks for each vulnerability to be presented to the leadership of Health Coverage Associates.

The presentation should include:
• An introduction slide
• A description of each of the three vulnerabilities
• An accurate illustration of the NIST SP-30 5×5 matrices
• A description of the likelihood and impact, with a justification of that determination (e.g., very low, low, moderate, high, very high)
• An illustration of the overall, high watermark level of risk (e.g., very low, low, moderate, high, very high)
• A logical recommendation for mitigation actions, including an explanation of risk tolerance and risk acceptance for the organization
• A conclusion slide
• Detailed speaker notes

Be sure to include supportive graphics and appropriate backgrounds and styles. All references need to adhere to APA guidelines. Images should not be copied, unless author permission is obtained or copyright-free images are used.

Sample Answer

 

 

 

Security Assessment Report (SAR)

Introduction

The purpose of this Security Assessment Report (SAR) is to provide an analysis of the vulnerabilities identified in the system of Health Coverage Associates. Each vulnerability will be described, including its likelihood and impact. The overall risk level will be assessed, and logical recommendations for mitigation will be provided.

Vulnerability 1: Weak Password Policy

Vulnerability Title: Weak Password Policy

Vulnerability Description: The current password policy in Health Coverage Associates is weak, allowing users to create passwords that are easily guessable or susceptible to brute force attacks. This vulnerability increases the risk of unauthorized access to sensitive information and compromise of user accounts.

Likelihood: Moderate

Impact: High

Overall Risk Level: High

Recommendations for Mitigation:

Implement a strong password policy that enforces complexity requirements such as minimum length, use of uppercase and lowercase letters, numbers, and special characters.
Enforce regular password changes and educate users on the importance of using unique passwords for different accounts.
Implement multi-factor authentication to provide an additional layer of security.

Vulnerability 2: Outdated Software Versions

Vulnerability Title: Outdated Software Versions

Vulnerability Description: Health Coverage Associates is using outdated software versions, including operating systems and applications. This exposes the system to known vulnerabilities that can be exploited by attackers. It increases the risk of unauthorized access, data breaches, and system disruptions.

Likelihood: High

Impact: Very High

Overall Risk Level: Very High

Recommendations for Mitigation:

Establish a patch management process to regularly update software versions and apply security patches.
Implement continuous monitoring and vulnerability scanning tools to identify and prioritize software updates.
Develop a plan to migrate critical systems to supported versions or consider alternative solutions if unsupported software cannot be updated.

Vulnerability 3: Lack of Employee Security Awareness Training

Vulnerability Title: Lack of Employee Security Awareness Training

Vulnerability Description: Health Coverage Associates does not provide sufficient security awareness training to its employees. This increases the risk of employees falling victim to social engineering attacks, phishing attempts, and other forms of cyber threats.

Likelihood: Moderate

Impact: Moderate

Overall Risk Level: Moderate

Recommendations for Mitigation:

Develop a comprehensive security awareness training program that educates employees about common cyber threats, safe browsing habits, and best practices for handling sensitive information.
Conduct regular phishing simulations to test employees’ awareness and provide targeted training based on identified weaknesses.
Establish policies and procedures for reporting suspicious activities and incidents to ensure timely response and mitigation.

Conclusion

In conclusion, Health Coverage Associates has three significant vulnerabilities that pose risks to its system’s security: weak password policy, outdated software versions, and lack of employee security awareness training. These vulnerabilities have been assessed based on their likelihood and impact, resulting in an overall high-risk level for the weak password policy and outdated software versions, and a moderate-risk level for the lack of employee security awareness training. It is recommended that Health Coverage Associates take immediate action to address these vulnerabilities by implementing the mitigation recommendations provided.

Communicating the Risk to Leadership

Please refer to the attached PowerPoint presentation for the communication of risks to the leadership of Health Coverage Associates. The presentation includes detailed slides addressing each vulnerability, NIST SP-30 5×5 matrices illustrations, likelihood and impact justifications, overall risk levels, recommendations for mitigation actions, explanations of risk tolerance and risk acceptance, as well as an introduction and conclusion slide.

[Link to PowerPoint Presentation](insert link here)

Please refer to the speaker notes provided with each slide for additional information and explanations.

All references adhere to APA guidelines, and all images used in the presentation are either obtained with author permission or are copyright-free.

Thank you for your attention.

 

This question has been answered.

Get Answer
PLACE AN ORDER NOW

Compute Cost of Paper

Subject:
Type:
Pages/Words:
Single spaced
approx 275 words per page
Urgency:
Level:
Currency:
Total Cost:

Our Services

image

  • Research Paper Writing
  • Essay Writing
  • Dissertation Writing
  • Thesis Writing

Why Choose Us

image

  • Money Return guarantee
  • Guaranteed Privacy
  • Written by Professionals
  • Paper Written from Scratch
  • Timely Deliveries
  • Free Amendments