Risk, Threat, and Vulnerability Management

Order 100% Plagiarism free essay now

After completing your master’s degree, you have been hired by a
contracting company as an information systems security officer, or ISSO,
supporting systems for federal clients. One morning, your boss asks you
to come to her office. She tells you that you’ll be working on a network
security audit. Network security audits, based on FISMA standards, are
used annually to determine the effectiveness of our security controls.
The boss explains, prior to the security audit, I will need you to test,
execute, collect, and compile your results into a security assessment
report, or SAR. Once you’re finished, you will submit the report to me
and the executive leadership.

Risk, Threat, and Vulnerability Management

Order 100% Plagiarism free essay now

Later, you receive a follow-up email from your boss with instructions.
First you will conduct a risk and threat assessment of the enterprise
network. Next, you will perform black box testing of the network using
network analysis tools. After identifying any network vulnerabilities,
you will lead efforts to remedy and mitigate those vulnerabilities using
appropriate risk management controls. You will then perform a white box
test, and compile the results in the final security assessment report.
And provide this to leadership, along with an executive briefing in your
lab analysis. So management has a baseline view of the security posture
of the enterprise network, before the actual external IT audit. The
email ends with this note, thank you for taking this on. Our executive
leadership is excited to learn of your findings.

Risk, Threat, and Vulnerability Management

Order 100% Plagiarism free essay now