Provide an introduction that includes what you intend to cover in the background paper. Ensure you are specific and define your purpose clearly.
In this section, analyze and interpret the results of the report to give your boss a clear picture of the Mercury USA’s potential vulnerabilities.
As you analyze the report, address the following points:
· Is it appropriate to distribute the report as is, or do you need to interpret the report, attach meaning before sending to management? Explain why or why not.
· What is your overall impression of the tool’s output? Is it easy to interpret, well-organized, include enough detail, too much detail?
· Does the tool provide enough reporting detail for you as the analyst to focus on the relevant vulnerabilities for Mercury USA?
· Name the three most important vulnerabilities in this system for Mercury USA. Why are they the most critical?
· How does the report provide enough information to address and remediate the three most important vulnerabilities?
|Take Note: Judy has asked you to provide a screenshot to help her understand what the Nessus report looks like.
1. Open Lab 4.5.x, “Conducting Vulnerability Scans” within the uCertify Pearson CompTIA Cybersecurity Analyst (CySA+) content
1. After Step 25, click on the scan “General Scan”
1. Click the Report button dropdown and choose HTML
1. In the “Generate HTML Report” dialog, click the Generate Report button
1. Open the report from the browser’s download bar at the bottom of the screen
1. Click the Show Details button
1. Take a full window screenshot that includes the date/time of the report and the date/time area of the VM’s taskbar (refer to the example below)
Note: This portion of the background paper also helps determine that your submission is unique. Thus, you must include the specific screenshot as seen below or your project will not be accepted.
<insert your screenshot here>
|Keep these issues in mind as you address the two questions below:
· Think back to the video from Mercury USA’s CEO. What were his main areas of concern?
· What is the industry/function of the organization?
· What kinds of data might be important to the organization?
What is your assessment of the Mercury USA’s overall current security posture? What information in the vulnerability scans supports your assessment?
Based on the vulnerabilities present in the reports and the information available about them, what threats might an adversary or black hat hacker try to use against the organization to exfiltrate data or hold it for ransom?
State your case for your recommendation of the Nessus commercial vulnerability scanner. Be sure to address the following questions:
· Do you think the overall presentation and scoring features are adequate for technical professionals?
· How can this tool help Mercury USA comply with regulatory and standards requirements?
· What is the cost to license the tool? Does the usability, support, and efficacy of the tool warrant the cost?
· Do you think the Nessus report is understandable/suitable for management? Explain why or why not.
· Would you recommend that Mercury USA purchase the tool? Provide your rationale for this recommendation.
Provide a conclusion of at least a paragraph summarizing your analysis of the Nessus vulnerability report, your purchase recommendation, and why your purchase recommendation is beneficial for employees, management, and the organization.
Use in-text citations in the body of your memorandum as appropriate. Add all sources you used here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for clarification. When using the associated course content, ensure you cite to the chapter level. An example IEEE citation is provided below for your reference.
 “Chapter 5: Implementing an Information Security Vulnerability Management Process”, Pearson CompTIA Cybersecurity Analyst (CySA+), 2020. [Online]. Available: https://www.ucertify.com/. [Accessed: 28-Apr-2020].