Place your order today at a 20% discount

Remember to be clear about what action you are recommending. Executive management will want to understand not only what you discovered, but also what you propose as a solution. The company’s leaders will want to know what decisions they need to make based on your findings. Give them the actionable information they need to decide.
You may want to review these presentation resources to help you with your narrated presentation. You will provide voice annotation for all slides in the following format: 

five to 10 slides maximum; limit bullets to no more than six per slide
voice annotation for every slide (excluding the reference slide)
a reference slide with one to two quality sources

Project Work for Week 6: Begin the Presentation to Management

Using your two previous deliverables and the Nessus scan report from Project 2, create a five- to 10-slide presentation that will persuade management to implement a VM process and purchase the commercial vulnerability scanner Nessus as a key component of that VM process. 
You will provide voice annotation for all slides in the following format: 
· five to 10 slides maximum; limit bullets to no more than six per slide
· voice annotation for every slide (excluding the reference slide)
· a reference slide with one to two quality sources
Use the Presentation to Management Template. In the template, you will see specific instructions in the document. Delete the instruction text before you submit your project.

5

MEMO

DATE: 11/ 07/2021
TO: MERCURY USA CEO.
CC: MERCURY USA SUPERVISOR.
FROM, CMIT 421
RE: CYBERSECURITY CONCERNS IN THE TRANSPORTATION SECTOR
PRIORITY: (URGENT)

Overview

The key aim regarding this report which was requested is to assist in the addressing of the recent concerns regarding cybersecurity against the identified transportation sector. After effectively viewing the identified pen testing engagement outcomes that were sent to me, I would like to effectively suggest that the identified transportation sector in the company ought to effectively adopt the identified vulnerability management which is key as a cybersecurity principle. Vulnerability management entails the practice associated with making sure that the given business network is effectively protected against any probable security weaknesses that can lead to hacker attacks.
The identified vulnerability management usually works collaboratively with the identified Open Vulnerability Assessment Scanners tool which helps in the reduction of the strain regarding the security personnel and even the operation sectors within the identified transportation segment (Zakareya, 2018). The company may suffer the issue of ransomware if they fail to effectively implement the identified vulnerability management process which could impact the Mercury USA financially.
Part 1: Vulnerability Management (VM) Process Recommendation
When taking part in the implementation of the vulnerability Process, the company needs to consider the identified recognition regarding vulnerabilities as well as the investigation associated with the essential vulnerabilities. It is vital that the organization adopts the internal scans which is regarded as being the kind of vulnerability management which can help in the identification of the loopholes in the given transportation sector which may be associated with damaging the network associated with the company. It is also vital to consider the measure regarding effectiveness associated with the internal scans to make sure that it is the most appropriate strategy that is available (Easttom, 2020).
Part 2: Vulnerability Scanning Tool Evaluation and Recommendations
The identified OpenVas scanning tool is considered to be an open source vulnerability scanning tool which in my personal opinion is considered to be an industry standard. The key benefit for the use of the OpenVas scanning tool is the transparency aspect and it usually does not raise any security associated concerns. It is associated with patching any kind of security issues which may arise since it is easy to locate the bugs but it is also vulnerable to hacking (Easttom, 2020). To ensure feasibility in its use, I would recommend that the identified Mercury USA is involved in the adoption of the OpenVAS scanning instrument because of the capability it has to offer a comprehensive report.
Part 3: Business Case Example
In the situation whereby the company does not take part in the implementation of the given recommendation, there is the risk of ransomware. For the given device to effectively function again, the identified malicious program is associated with infecting the identified protection systems as well as is involved in showing messages requesting for a fee as the charges. It is vital to note that ransomware can also create an essential disruption regarding normal operations at the Identified Mercury USA and in some cases data loss. Ransomware is usually known to be involved in the damage of the companies’ reputation and it is vital for the mercury USA recommendations to be followed to avoid such cases (Foreman, 2019).
Conclusion
Through the adoption of the internal scans as a key vulnerability management kind of process to help in safeguarding the identified transportation sector, the given company can effectively solve most of the cybersecurity breach situations and prevent any kind of losses. Collaboratively with the identified OpenVAS scanning tool, the internal scans can assist the organizations in safeguarding of the essential information and in the reduction of the risk regarding vulnerabilities like the malware infections (Zakareya, 2018).
Eqbal Danish
Cybersecurity Threat Analyst
Mercury USA

References

Foreman, P. (2019). The vulnerability experience. Vulnerability Management, 7-34.
doi:10.1201/9780429289651-2
Easttom, C. (2020). Vulnerability assessment and management. The NICE Cyber Security
Framework, 241-258. doi:10.1007/978-3-030-41987-5_12
Zakareya, O. (2018). Vulnerability and forensics associated with the smart grid: Cyber attacks. International Journal of Computer Applications, 181(22), 32-38. doi:10.5120/ijca2018917952

Running Head: REPORT 1

REPORT 7

VM Scanner Background Report
University of Maryland Global Campus
22 November 2021

Introduction

Vulnerability management programs assume a critical role in Mercury’s overall information security programs by limiting the attack surface. A good number of organizations have been a victim of a cyber-attack brought about by different kinds of malware. As a result, a vulnerability assessment was carried out by an external firm. The main objective of this report is to give a clear understanding on how to manage vulnerabilities which tools to use as well as reviewing Mercury USA business cases.
To start with, this report will recommend a Vulnerability Management (VM) process that is tailor made for the organization. Secondly, it will address the nature of the reevaluated flaw scan results. Lastly, it will recommend several techniques that Mercury USA might use to track down itself if the recommended proposals are not upheld. Mercury USA administration have serious security concerns and it’s our duty to provide solution.

Part 1: Nessus Vulnerability Report Analysis

To install an effective VM process, organization must first review present legislations as well as rules that oversee such processes. A current structure that is relevant to this organization is the PCI-DSS. With their latest standard this body is able to enhance cardholder information security. Other than complying with PCI-DSS, organization will be able to enhance their techniques. This normally start with properly defining data based on its sensitivity to ensure its security. Information can either be categorized as personal, public secrete and top secret.
We should as well consider the value of our innovative organization assets. This is gauged as a rule via personal as well as measureable threats assessments. In the wake of acting within and out threats assessments, some of the assets that are seen as basic can be a target based on their impact on organization operations. To properly assess vulnerabilities within the organization, regular vulnerability checks must be carried out. To conform to different regulatory bodies, organization must conduct an audit once a year. Any audit carried out must be performed using accreditations. The fact that this might be tedious than a no-credentialed audit, credentialed scans tend to be more comprehensive and create better outcomes.
The fact that digital threats are dynamic and changes with time, it is recommendable to conduct this check on a monthly basis. Subsequent to assessing different versions of network scanners, Nessus has a grounded history of being one of the most incredible scanning tool that creates definite scan results. The fact that Nessus Professional doesn’t come for free, its cost is justifiable considering the expected loss from a digital attack.
Nessus results and proposals should be adhered to as well as recorded in reports. These reports will be used as referenced to determine which vulnerabilities possess the main threat to the organization. Detailed reports can be generated to give individuals threat outcomes from the IT department, while special reports can be generated to provide organization management with the vital information as well as a number of recommendations they can refer to when making critical decisions.

Part 2: The Business Case

Considering the steady and always developing threats presented by digital attackers, we have a rough picture of what can happen within our organization in an event of an attack. The fact that our organization management are aware of recent security incident that took place in other organizations, we are sure that those organizations will try their best to avoid future attacks. Be that as it may, our organization may not be as lucky. As a result of rapid growth of our organization, it is hard to know which attacks we are protected from. Hackers could potentially access our personal documents and download them. This could comprise bank account details, credit card data as well as employee’s PII.
Once such delicate data is extracted, hackers can easily install ransomware which would encode our documents, forestalling access. Hackers can later ask for a ransom and insist payment to be done on untraceable bitcoin in exchange of a decryption key, which isn’t ensured. The cost of the genuine result could far outperform what the organization could pay, leaving the organization systems locked stopping organization critical operations. Cyber attacks impacts are felt the moment there is loss of income, lost customer’s confidence. On top of that there must be some lawsuits filed against the organization for refusing to properly secure client data, the cost of which in return can make the organization overlay.
This may seems to be a most dire outcome conceivable but in reality, many organization have consistently faced this reality. The average cost of a malware attack three years ago was $1million, a huge amount compared with properly protecting our most sensitive IT resources as well as critical information. The recommended VM process gives a broad approach of identifying basic assets, suitably filtering those assets for flaws using Nessus as well as generating comprehensive reports to help in critical decision making. This makes Nessus our key tool in securing VM process.

Part 3: Nessus Purchase Recommendation

Subsequent to auditing the output results given by the outsider source was not sufficient. A Linux based assessment tool was used which left many questions unanswered. When utilized appropriately, the tool can give point by point output of current vulnerabilities, even in big business environment (Hoffman, 2020). The fact that OpenVAS is available for free, it lacks a couple of features. This system doesn’t have many features and this expose the system to all sorts of threats. On top of that, it doesn’t support all operating nor does it provide policy management ideas.
This report only scanned one host IP address for 3 minutes and only spotted 4 weaknesses. An effective tool can run up to 1 hour or more based on network infrastructure efficiency and will normally find more vulnerabilities. In terms of vulnerability scan outcomes, it’s evident that only small number of them are spotted. This report should not be given to the top management as it does not depict the true nature of the organization security status. It is therefore highly advisable to buy Nessus application and allow organization team to carry out a proper vulnerability check. After the aftereffects of the sweep have been ordered and explored, an appropriate report can be generated and presented to the organization management.

Conclusion

To enhance security within the organization, VM installation should be a priority. There are many other attacks that can be carried out by digital criminals other than the one the case study. By following the stated guidelines as well as coming up with our own policies we will be able to conduct average vulnerability check within the organization which will help fix many flaws. Use of certifies scanning tools such as Nessus will enhance our security by instantly identifying potential threats within the organization. By drastically reducing cyber security threats, Mercury USA will end up being the best supplier in transportation services for its current and future clients.

Reference
Hoffman, “OpenVAS vs. Nessus: How Different are the Two?” WisdomPlexus, 20-Jul-
2020. [Online]. Available: https://wisdomplexus.com/blogs/openvas-vs-nessus/.
[Accessed: 11-Nov-2020].
Vaseashta, A., Susmann & Braman, E. (2019). Cyber Security and Resiliency Policy Framework. IOS Press.
New York (State). (2018). Cyber Security Policy: Information security policy. Albany, NY: New York State & Critical Infrastructure Coordination.

<insert narration>
<Title>
CMIT 421 <Section #>
<Student Name>
July 6, 2020

Good morning. My name is <Student Name>.
I work in the MERCURY USA Information Security and Technology Department as a cyber threat analyst.

Today, I’ll be presenting our proposal to address the CEO’s mandate to protect the organization from dangerous ransomware attacks.

Let’s get started.
1

<insert narration>
AGENDA
2
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!

Tell your audience what you intend to cover in your proposal. This is the PURPOSE of your communication!

You should cover the three areas enumerated in the Project 3 instructions.
Ensure you link your main points to your earlier work in Project #1 and Project #2.
Although three main points is considered ideal, use less or more to fit your project; four main points are shown here for example purposes only.
The three projects should be consistent and aligned with Judy “Mac” McNamara’s guidance.

2

Main Point #1

Main Point #2

Main Point #3

Main Point #4

1: OUR BUSINESS CASE
3
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
What are the important factors about the business?
What is the CEO’s intent and guidance?
How do the first two items relate to the next slides?
Example sub-bullet #1
Example sub-bullet #2
Example sub-bullet #3

This is main point #1. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.

On this slide, you should cover the business case. Think of this as the value to the business that will result from your recommendations. 
How does your recommendation meet the CEO’s direction and intent?

Tell your audience members the what, why, how, and who so that they can make an informed decision about your proposal.
If you do not cover these areas adequately, you may not get a decision, you may get a negative decision, or you may be told to come back after you’ve done your due diligence.
3

2: OUR SECURITY POSTURE
4
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
What are the most important vulnerabilities discovered?
What is our exposure to known threats?
How did you link the results to the business?
Transportation industry hit hard by ransomware attacks
Example #1: Use your findings and conduct research [1]
Example #2: Use your findings and conduct research

This is main point #2. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.

What vulnerabilities did you find in your analysis? What are the most important to tell the CEO about? Why are the vulnerabilities you selected important to the business? Ensure you explain in plain language, not technical jargon or cyber-speak.

What are the threats that you see to the business given the scenario?
Now consider this simple equation from the uCertify content: risk = threat x vulnerability x impact 
Use the equation to effectively explain your findings. 
 
If you find yourself struggling to quantify a vulnerability, return to this equation.
Are there identified and specific threats to MERCURY USA? Avoid generic threats and using fear as a motivator.
Is there a vulnerability from your analysis that can be linked to the specific threat?
What is the potential impact in not addressing the threat (e.g., cost, reputational, loss of jobs, damage to hardware and software, etc.). 
4

James Brocker (JB) – [@Andrew Rider] [@Jessica McCarty] Not sure I understand the first bullet point. Looks like something is missing.

James Brocker (JB) – [@John Galliano] Can you review?

John Galliano (JG) – Sorry for that, Team. Looks like a stray-click & delete. Fixed!

3: OUR VM PROCESS
5
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
<example process graphic>

This is main point #3. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.

This slide includes an example graphic.
5

A

B

C

D

E

F

4A: WE NEED A GOOD SCANNER
6
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Reviewed scanners
<Product Name> is recommended due to several factors
Sub-bullet #1
Sub-bullet #2
Sub-bullet #3
Sub-bullet #4

This is main point #4. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.

Provide your logic in recommending a scanning tool.
What process did you use to evaluate the scanning tools?
What tool are you recommending? Provide at least three sub-bullets to support your recommendation.

6

4B: THE ASK
7
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Lead-in bullet
Sub-bullet #1
Purchase <Product Name>:
Cost
Manpower
Measures of success

This is main point #4 continued. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.

Now give the specifics of your ask to the executive decision maker.
What are you asking for? How much will it cost? Who will implement it, and will additional manpower be required?
What about training? How will you measure success?
7

SUMMARY

8
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Main Point 1
Main Point 2
Main Point 3
Main Point 4

This is your summary and your last opportunity to connect with your audience.
Do not merely repeat your agenda topics. Add one to two important details about each main point to review for your audience.
Ensure you re-state why you are giving this pitch: What is the decision you want?

What is/are the main takeaway(s)?
8

EXECUTIVE DISCUSSION & QUESTIONS

The obligatory questions slide. In this scenario, it is highly likely for open discussion to occur among the executives present and other stakeholders, and you will field questions.

A narration for this slide is not required.
9

<Example IEEE Reference Citations>
[1] A. Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History”, Wired, 2020. [Online]. Available: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. [Accessed: 19- May- 2020].
[2] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: https://www.tenable.com/products/nessus. [Accessed: 19- May- 2020].

REFERENCES

10

The example above uses IEEE style. Ask your instructor for clarification on the style to be used.

A narration for this slide is not required.
10

The assignment Remember to be clear about what action you are recommending. Executive management will want to under Has been handled previously by writers From HUB ESSAYS, and Assignment Writing Service

ORDER ASSIGNMENT

About ASAP Essays

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 18% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Order your Assignment today and save 15% with the discount code ESSAYHELP

X