Project: Vulnerability Assessment Matrix
Complete the Matrix of Vulnerability Attributes and System Object Types in Chapter 4 of the RAND document. A policy to protect the infrastructure must be developed to identify threats and locate vulnerabilities. Complete the matrix to determine requirements for the policy. Review page 28, table 4.2 to understand how to complete a matrix. Complete the matrix on page 27, table 4.1 based on the scenario below. Fill in the type of threat/vulnerability and your recommendation to correct the threat/vulnerability.
Scenario
In the organization, there is an insider threat. The employee who is the threat has been discussing a perceived vulnerability in the system. Many of the employees believe this vulnerability in the system and are attempting to create a patch. The insider threat employee has created malware in the system separate from the alleged vulnerability. While the technical team is searching for a vulnerability, the malware is traveling through the system disrupting all network traffic.
Question: What is the issue? Identify the threats and vulnerabilities in the matrix for this scenario. Also, identify the resolutions and solutions.
Question: Separate the issues from the solutions in a table with two columns and submit to your assignment folder.
Question: Identify the problem in a paragraph. Summarize the scenario and then analyze what has happened.
Question: Describe typical behaviors that could be indicators that an insider threat may or could occur.
Question: Create a table of analysis based on the attributes below. Use RAND as a resource for referring to your readings. Name the attributes in one column (behavioral sensitivity). In the second column, identify possible indicators (behavior to be aware of). In the third column, list proposed resolutions (plan of action), and in the fourth column, solutions (repairs, lessons learned, etc.). After preparing a cover sheet, prepare a table of analysis on the attributes below:
Table 4.1
Matrix of Vulnerability Attributes and System Object Types
RANDMR1601-table4.1
1. Behavioral sensitivity/Fragility
2. Malevolence
3. Rigidity
4. Malleability
5. Gullibility/Deceivability/naiveté
6. Complacency
7. Separate ability
8. Logic/Implementation
9. Errors; fallibility
10. Design sensitivity/Fragility/limits/Finiteness
11. Unrecoverable
12. Singularity
13. Attributes
14. Uniqueness
15. Centrality
16. Homogeneity
17. Design/Architecture
18. Corruptibility/Controllability
19. Accessible/Detectable/Identifiable
20. Transparent
21. Interception
22. Hard to manage or control
23. Self-unawareness and unpredictability
24. Predictability Behavior General (other observations overall; name two not on list)