Premium Essay

Mock Up for Vulnerability Testing

In:

Submitted By jenmarchman
Words 690
Pages 3
C. Mock Up for Vulnerability Testing:
Techniques to use: 1. Conduct an in-depth, physical inspection companywide - thoroughly analyze current company operations and methods; many checklists are available to follow for consistency and accountability purposes. Comb through the organization and document detailed findings on topics such as: * Controlled access procedures/requirements - locks used, required key cards, guard controlled entry, open access…? * Access ability evaluation for key department and employee workspace environments, examples include; HR, CEOs, CFOs, and Payroll. Is sensitive information properly stored with adequate security…? * Identity authentication, verification, and management - determine realistic methods and procedures commonly used. Identify management policies for ex-employees, lost identification, etc. * Network access vulnerability - note the state of unattended employee workstations - locked, sleeping/hibernating, wide-open…? Look out for USB devices, thumb drives, and random hardware and/or software allowing for possible intrusion * Data/information security and availability - are document handling policies in place…? Are methods in place for proper document disposal…? Are the employees operating under any sort of document handling policy…?

2. Telephone penetration - conduct random testing on all levels of employees using deceptive techniques in attempt to gain sensitive/key information. Some deception method examples include: * Authoritative - portray the confidence/clout of someone with a high level of authority, the IT department, executive, supervisor, important client - this is Bill Smith the Network Security Director we are experiencing unusual network activity associated with your network log-in, can you please provide me access to your account for further investigation…?

Similar Documents

Premium Essay

Discovery Recovery Plan for Kudler

...Executive Summary Kudler Fine Foods was first established in 1998 with an objective strongly focused on providing its clients the opportunity to buy fresh ingredients used to make delicious cuisines. Since then, Kathy Kudler (founder) has opened two more locations to satisfy her target market’s thirst for her product(s). Although this small business expansion has increased the customer base and or revenue pursued by its owner, the induction of additional services provided has also slightly altered the projected operations plan and or business plan. Kudler Fine Food’s mission states that it will “provide its customers with the finest selected foodstuffs, wines, and related needs in an unparalleled consumer environment“(Apollo Group, 2008). In order for Kudler to meet the needs of the consumer at all times, administration has proposed a review of the companies operations and or communication plan(s) be reviewed for contingency of any unforeseen threats to daily operations. Scope To assist the company in their daily functions, Kudler Fine Foods stores information used to determine market conditions, customer demographics, individual store sales, employee demographics, payroll, administrative functions, and other human resource related information. A post review of Kudler’s fixed operations reveals the company is currently unprepared for any and all potential threats that may halt daily operations for an over-extended period. Potential threats that Kudler may face are: breach and...

Words: 5884 - Pages: 24

Premium Essay

Vulnrability Assessment

...VUT2- Vulnerability Assessment Task 1 2012 VUT2- Vulnerability Assessment Task 1 2012 Introduction Social Engineering is the means of acquiring information by deceiving and tricking the human element of an information system. Hackers know that people are the weak link in any Information System. Attackers trick users into revealing valuable information and coerce users into performing tasks that may cause harm to their organization. The social engineering attack can be broken down into two logical stages; the physical settings and psychological methods stages. Physical settings stage would gather information by accessing the work place using impersonation, telephone calls, online chat, or email contact. Attackers then use this information against the organization during the psychological methods stage. (Jones, 2003). In this scenario a supervisor that handles customer complaints received an email that one of the product listings on the organization’s website was incorrect. The link provided in the email redirected the user to a page containing a script, that once run, compromised the supervisor’s computer by downloading and installing a Trojan horse and opening a remote access session for the attacker which allowed him to access and downloaded confidential files from the system. During the first stage, the attacker impersonated a customer from account information perhaps discovered during a reconnaissance attack in the form of dumpster diving in the organization’s...

Words: 1821 - Pages: 8

Premium Essay

Web Application

...and the manner in which the market for web related products has grown, it becomes imperative for a developer to ensure that his web application is not just marketable as a breakthrough user friendly concept but also as a secure one. We imagine a world where, every skilled developer is able to make phenomenal applications and is able to provide his users with a large amount of credibility and reliability in terms of security. We aim to conceptualize and subsequently generate a security tool exclusively for the developer, which will be able to scan his work for security lapses and loopholes thereby enhancing the product testing process and making it more wholesome and complete. Chapter – 2 PROBLEM DEFINITION Our project aims at designing an application that has the following features: 1. Identify a selected set of software security vulnerabilities like Cross Site...

Words: 6435 - Pages: 26

Premium Essay

Software Testing Overview

...Software Testing What is testing? Testing is the process of evaluating a system or its component(s) with the intent to find that whether it satisfies the specified requirements or not. This activity results in the actual, expected and difference between their results. In simple words testing is executing a system in order to identify any gaps, errors or missing requirements in contrary to the actual desire or requirements. Who does testing? It depends on the process and the associated stakeholders of the project(s). In the IT industry, large companies have a team with responsibilities to evaluate the developed software in the context of the given requirements. Moreover, developers also conduct testing which is called Unit Testing. In most cases, following professionals are involved in testing of a system within their respective capacities: Software Tester Software Developer Project Lead/Manager End User When to Start Testing? An early start to testing reduces the cost, time to rework and error free software that is delivered to the client. However in Software Development Life Cycle (SDLC) testing can be started from the Requirements Gathering phase and lasts till the deployment of the software. However it also depends on the development model that is being used. For example in Water fall model formal testing is conducted in the Testing phase, but in incremental model, testing is performed at the end of every increment/iteration and at the end the whole application is tested. Testing...

Words: 6175 - Pages: 25

Premium Essay

Vulnerability Assessment

...A. Memo of Case Social engineering is a method of gaining access to information by deception performed against human capital. System penetrators and ‘crackers’ know that people, and their desire to be helpful, or their ability to emote, are the weakest links in any program designed to protect information systems. Attackers can trick or persuade their way into systems in any number of ways via remote and physical means, and convince users to reveal information of interest that can cause harm to an organization. A typical social engineering attack can be segmented into physical and psychological stages. The physical segment of the social engineering operation could include phone calls, or returned phone calls from employees back to the attacker (an example of reverse social engineering) that volunteer information, ‘dumpster diving’ for company specific information that can be used to simulate a rapport or relationship with the company if questioned by an employee or security, emails with surreptitious links requesting unique information such as PIN’s or user names, or physical proximity and entry by impersonating an authorized person. The psychological stage of a social engineering attack takes place after the physical foot printing of the organization by using the bona fides that were learned while gathering physical intelligence to manufacture relationships with persons or the company, or by asserting false authority by impersonating persons or departments within the company...

Words: 1868 - Pages: 8

Premium Essay

Cyber Security

...2011 Ethical Hacking & Penetration Testing ACC 626: IT Research Paper Emily Chow 20241123 July 1, 2011 I. Introduction Due to the increasing vulnerability to hacking in today’s changing security environment, the protection of an organization’s information security system has become a business imperative . With the access to the Internet by anyone, anywhere and anytime, the Internet’s “ubiquitous presence and global accessibility” can become an organization’s weakness because its security controls can become more easily compromised by internal and external threats. Hence, the purpose of the research paper is to strengthen the awareness of ethical hacking in the Chartered Accountants (CA) profession, also known as penetration testing, by evaluating the effectiveness and efficiency of the information security system. 2 1 II. What is Ethical Hacking/Penetration Testing? Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company’s security weaknesses . It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company’s security system, which then can be mitigated and closed. In other words, penetration testing can be described as not “tapping the door” , but “breaking through the door” . These tests reveal how easy an organization’s security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers...

Words: 11999 - Pages: 48

Premium Essay

Cyber Security Act

... Discussion draft Department Of Information Technology National Cyber Security Policy “For secure computing environment and adequate trust & confidence in electronic transactions ” Contents 1.0 Security of Cyber Space – Strategic perspective 1.1 IT as an engine for economic growth and prosperity 1.2 Security of cyber space - Need for action 1.3 Target audience 1.4 Securing cyber space – Key policy considerations 2.0 Cyber space – Nature of threat 2.1 Threat landscape 2.2 International cooperation 2.3 Securing cyber space – Scope of action 2.3.1 Cyber security and cyber defense 2.3.2 Cyber intelligence and cyber defense 2.4 Priorities for action 2.5 Partnership and collaborative efforts 3.0 Enabling processes 3.1 Security threat and vulnerability management 3.2 Security threat early warning and response 3.3 Security best practices - compliance and assurance 3.4 Security crisis management plan for countering cyber attacks and cyber terrorism 3.5 Security legal framework and law enforcement 3.6 Security information sharing and cooperation 4.0 Enabling technologies – Deployment and R&D 4.1 Deployment of technical measures 4.2 Security research and development 5.0 Enabling people 5.1 Security education and awareness 5.2 Security skills training and certification 5.3 Security training infrastructure 6.0 Responsible actions by user...

Words: 7888 - Pages: 32

Premium Essay

Post-Earthquake Relief Action

...Research Methodology Post-Earthquake Relief Action Contents 1. Abstract 2. Background 3. Literature review 4. Aim 5. Hypothesis 6. Scope 7. Method of Data collection 8. Survey Questionnaire 9. Gujarat’s Vulnerability to Earthquake 10. Case Study: Bhuj Earthquake 11. Drawbacks of the Bhuj earthquake 12. Gujarat State Disaster Management Authority (GSDMA) 13. Data Analysis 14. Conclusion 15. Bibliography ABSTRACT India has been traditionally vulnerable to natural disasters on account of its unique geo-climatic conditions. Floods, droughts, cyclones, earthquakes and landslides have been recurrent phenomena. About 60% of the landmass is prone to earthquakes of various intensities; over 40 million hectares is prone to floods; about 8% of the total area is prone to cyclones and 68% of the area is susceptible to drought. In the decade 1990-2000, an average of about 4344 people lost their lives and about 30 million people were affected by disasters every year. This paper emphasis on management during and after an disaster and readiness of the state in response to future earthquakes. BACKGROUND Many Natural Disasters in India have caused havoc to the life and property of citizens and nature as a whole from time to time. These disasters include Cyclones, Floods, earthquakes, volcanic eruptions, Famines, Drought, and Landslides etc. Amongst all the ones mentioned floods and earthquakes are the most common...

Words: 2836 - Pages: 12

Premium Essay

Post Earthquake Relief Actions

...Research Methodology Post-Earthquake Relief Action Submitted to, Prof Anuj Bawa By, Shridhar Nayak (CP0812) Romil Sagar (CP1212) Construction and Project Management CEPT University 6th Nov, 2012 Contents 1. Abstract 2. Background 3. Literature review 4. Aim 5. Hypothesis 6. Scope 7. Method of Data collection 8. Survey Questionnaire 9. Gujarat’s Vulnerability to Earthquake 10. Case Study: Bhuj Earthquake 11. Drawbacks of the Bhuj earthquake 12. Gujarat State Disaster Management Authority (GSDMA) 13. Data Analysis 14. Conclusion 15. Bibliography ABSTRACT India has been traditionally vulnerable to natural disasters on account of its unique geo-climatic conditions. Floods, droughts, cyclones, earthquakes and landslides have been recurrent phenomena. About 60% of the landmass is prone to earthquakes of various intensities; over 40 million hectares is prone to floods; about 8% of the total area is prone to cyclones and 68% of the area is susceptible to drought. In the decade 1990-2000, an average of about 4344 people lost their lives and about 30 million people were affected by disasters every year. This paper emphasis on management during and after an disaster and readiness of the state in response to future earthquakes. BACKGROUND Many Natural Disasters in India have caused havoc to the life and property of citizens and nature as a whole from time to time. These disasters include Cyclones...

Words: 2857 - Pages: 12

Free Essay

Proj 598 - Part 2

...RFQ: FHWA Website Project Antoine Stephenson Contract and Procurement Management DeVry University, Keller Graduate School of Management Solicitation Number: PR031014_290 Notice Type: Combined Synopsis/Solicitation PROJ598 August 17, 2014 Professor: Gloria Durham Outline Cover Letter: Technical Approach: Problem/Request: The Federal Highway Administration (FHWA) has a requirement to conduct an analysis of the website, Federal-aid Essentials for Local Public Agencies (www.fhwa.dot.gov/federal-aidessentials), and to provide an updated design of the website to enrich the initial layout, usability, and functionality of the website. Solution: As a company Twanworks Inc., is different from other design companies. We don’t look to just deliver a product but to deliver an overall experience that will turn into a long lasting relationship/contract. Our understanding of current technical requirements that go into the process of planning designing, and implementing a website, is extensive and growing. We provide a whole solution to the problem at hand not just a product. Task 1 – Kick Off Meeting As with each and every project our company will send over some of our staff to visit your company/department to better understand the full needs and goals of each project. We will be sending a Project Manager (myself) and two of our senior staff. The purpose of which is to establish a working process that works within your...

Words: 2345 - Pages: 10

Premium Essay

Disaster Preparedness

...and other services in the aftermath of the disaster, as well as have the capability and resources to continue to sustain its essential functions without being overwhelmed by the demand placed on them. The American Nursing Association is helping to ensure that disaster preparedness and response is robust in this country to be personally and professionally prepared for a disaster. Being in a prepared profession can help cope and help the communities recover from disaster better, faster and stronger (Brewer, 2010). According to the Maricopa Integrated Health System (MIHS) at Maricopa Medical Center, they have a specialized disaster preparedness plan to fit their current top three hazards. Maricopa Medical Center conducts a Hazard Vulnerability Assessment (HVA) annually. The current top three hazards K.F., Manager of Fire Safety and Disaster Preparedness, at Maricopa Medical Center has identified include: Mass Causality Incidents (trauma, burns, pandemic, etc.), Small Casualty Hazardous Materials Response (less than five patients), and Severe Weather Incidents (monsoonal action, thunderstorms, and haboobs). This organization has a comprehensive Emergency Operations Plan that addresses the top three current hazards in the organization’s region. Maricopa Medical Center is also further developing their business continuity and recovery plans into stand-alone plans (K.F., personal...

Words: 1573 - Pages: 7

Premium Essay

Vut2 Task 1 Memo Checklist

...TO: FROM: SUBJECT: DATE: CC: METHOD OF INTRUSION After gathering much information from the supervisor who received the original email in question, as well as events having occurred with immediate subsequence, it seems highly evident that the method of intrusion was a result of spear phishing campaign, which typically involves sending a seemingly genuine email containing a seemingly genuine link. However, the email, while pretending to be from a friendly (“recognizable” or “valid” or “authorized”) individual, but is far from that. The link is very malicious, designed to redirect (cause the web browser to go to an unintended/unwanted/ unknown/undesired web page) a person’s web browser to a webpage that is (phony and) malicious in nature, seeking only to execute commands that are for clandestine purposes. The typical outcome involves installation of some form of malware (keylogger, virus, trojan, browser hijacker, remote access backdoor, network and password sniffer, data extractor, ransom hijacker, and so much more) on the user’s computer (keeping in mind the user clicked on the link). In this case, it is likely that a remote access Trojan with keylogger capabilities at minimum, with possible network sniffing capabilities, was installed that captured the keystrokes of the user, thus obtaining user name and password, but also trolled through network activity to obtain potential accounts (username and password) that would have higher level administrative permissions...

Words: 1895 - Pages: 8

Premium Essay

Disaster Mangement

...FACTORS INFLUENCING AWARENESS OF DISASTER MITIGATION AND PREPAREDNESS AMONG NURSES AT THE CASUALTY DEPARTMENT AT KNH MALIK MWENDO H32/2258/2010 A Research Proposal Submitted In Partial Fulfillment of The Requirements For The Conferment of The Degree of Bachelor of Science in Nursing Sciences In College of Health Sciences at The University of Nairobi. March 2014 List of abbreviations KNH - Kenyatta National Hospital JCAHO- Joint Commission on Accreditation of Healthcare Organizations ABSTRACT CHAPTER ONE 1.0 Background Information A disaster can be defined as a sudden extraordinary event that brings great damage, loss, destruction and injury to people and their environment (Stanhope and Lancaster, 2008). Bradt and Drummond (2007) also defined a disaster as a phenomenon that leads to massive destruction of infrastructure. A disaster can be classified either as man-made or natural incident that causes destruction that cannot be relieved without assistance. Disasters can also occur either internally, that is within the healthcare facility, or externally, that is outside the healthcare facility (Hassmiller, 2008). Disaster preparedness and management has changed dramatically since September 11, 2011. This incident raised the awareness towards disasters that made disaster management and response an issue that needed to be urgently addressed. After that in America there was the advent of the biological warfare that involved envelopes of anthrax...

Words: 5989 - Pages: 24

Premium Essay

Infosec Career

...Even once a person realizes he or she has a passion for information security, moving in the field can seem a daunting task. The education market is oversaturated with degrees, certifications, and training programs. Meanwhile, many prominent hackers mock those programs publicly. Although I’ve touched on security education and training quite a bit, I’m continually asked to provide a resource for people who are trying to transition from school or other fields into Information Security roles. Ours is a healthy job market and we do need qualified and motivated applicants. The jobs exist, but we repeatedly see candidates being given false advice to get them. With tremendous and very much appreciated help from many of my colleagues and friends in the field, I have endeavored to compile a comprehensive blog about starting an InfoSec career. This is a very lengthy blog broken into sections that may help people as parts or as a whole. We want you to succeed in our field. As always, please feel free to ask questions or leave comments / gripes / suggestions. Chapter 1: The Fundamentals  Unfortunately, for all the interminable hacking tool tutorials and security guides floating around the internet, many InfoSec job candidates haven’t grasped two fundamental concepts: * To hack something (or defend it from hacking), you must have a solid understanding of how that thing works. And, * InfoSec is not a career that can be put in a box once you go home from work or school. You must be...

Words: 11232 - Pages: 45

Free Essay

Ceh Test Questions

...Exam : 312-50 Title : Ethical Hacker Certified Ver : 02-23-2009 312-50 QUESTION 1: What is the essential difference between an 'Ethical Hacker' and a 'Cracker'? A. The ethical hacker does not use the same techniques or skills as a cracker. B. The ethical hacker does it strictly for financial motives unlike a cracker. C. The ethical hacker has authorization from the owner of the target. D. The ethical hacker is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer:...

Words: 34575 - Pages: 139