unit 4 homework

.docx

School

Columbia Southern University *

*We aren’t endorsed by this school

Course

SEC 4302

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by briandjones127

Running head: ASSESSMENT DISCLOSURE 1 IT Assessment Disclosure Brian Jones Columbia Southern University

ASSESSMENT DISCLOSURE 2 IT Assessment Disclosure Lab 4.1a After reviewing the article, several key points in each of listed sections caught my attention.  Vulnerability Life Cycle – The relevant point pertaining to the life cycle of a vulnerability is the death stage. Death of a vulnerability can occur in a number ways. For example, an older system can be retired and replaced with newer, more secure technology. Also, the exploit may simply no longer hold the attention of an attacker.  Nondisclosure – As a practice, when it pertains to threats and vulnerabilities, nondisclosure has a great number of drawbacks. Some individuals believe that by keeping news of a known vulnerability quiet, they can create a defense or fix for the vulnerability without alarming anyone. This is a potential problem for a few reasons. First, there is no guarantee that the information can be contained. Second, by working on a fix in secret, the vulnerability may have evolved well past what was initially found.  Full disclosure – Acting as a polar opposite to nondisclosure, full disclosure champions letting as many entities as possible know about found vulnerabilities. Advocates of this method state that if the information is made public, more entities can protect themselves faster and avoid attacks.  Limited disclosure – As is the case with nondisclosure, limited disclosure faces some of the same issues. Companies who attempt to find a patch or a fix for a known vulnerability will not release full technical details until they have successfully fixed the problem. The problem with that model is that the vulnerability may have already damaged or crippled systems by then and much data may have already been lost or stolen.

ASSESSMENT DISCLOSURE 3  Responsible disclosure – Responsible disclosure can be viewed as a mix of full disclosure and nondisclosure. A vulnerability is found, and while the full details may not be made public, the information is shared. The main focus of responsible disclosure is ongoing communication between those who have information to protect and those who are attempting to fix the vulnerability.  Existing policies and proposals – While most remain divided on which method of disclosure is best, there are at least five methods which take different approaches to fulfilling the need of information being shared, each with its own merits and drawbacks (Shephard, 2003). Lab 4.1b The document that was reviewed for this section offers very detailed information regarding the various attacks, threats, and vulnerabilities that individuals and companies face every day.  Threat activity trends – Most threats listed in the document were centered around spam zombies. The document details how this type of threat uses broadband speed internet connections to remotely take over a machine to send large parcels of spam email which can contain malicious code.  Vulnerability trends – A major vulnerability that is discussed in the document is Industrial Control System (ICS) vulnerability. ICS is most commonly used in industries such as water, gas, and oil. Since these industries deal directly with critical infrastructure,

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help