Conduct the System Security Risk and Vulnerability Assessment
Your Network Security Checklist is ready, and in this international domain, you and your team members will now prepare to assess the networks for communication and information sharing that have built-in multilevel security, based on trusted relationships between the different nations.
You have already seen that there are some suspicious behaviors involving the nations. The modes and methods of those behaviors vary, and the attack vectors are just as diverse.
The attendees at the Global Economic Summit use different technologies for communications, and a cyber intelligence analyst must demonstrate an understanding of the threats to those devices. To that end, your team will collaborate in developing a System Security Risk and Vulnerability Report.
This report refers to the Network Security Checklist and to the policies you have created and researched that define the levels and ways of communication and data transmission between the nation teams.
Now that your team has provided the foundational network and policy information for your nation communications systems, you and your team members will identify the threats, risks, and vulnerabilities to those systems.
Your team will determine the effect on your nation team and the other teams if those risks and threats are exploited. Your team will provide what means should be available to address the threats from a risk management perspective.
The report, which you will continue to develop in the next step, should accomplish the following:
• List the different threats to authentication and credentials.
• Explain how social engineering can be a threat to credentials as well as the defenses against social engineering. How can social engineering be used to access email?
• Explain the concept and use of public-key infrastructure and digital signatures (significance of public-key infrastructure) and how it is used to protect access to networks, ensure nonrepudiation of transmissions, and preserve the confidentiality of information sharing.
• Describe “leapfrogging” across networks and what it means for the multiple networks. What is escalation in the cyberattack phase?
The material in the report can come from research of current events or from your experience.
Explain the ways you and the team members can perform remediation and mitigation against the threats you have identified.
What are some of the countermeasures that can be used? Include these explanations in your System Security Risk and Vulnerability Report.
In the next step, you and team members will use these findings to write a system security risk and vulnerability assessment report.