Dynamic Vulnerability Analysis, Intrusion Detection, And Incident Response

When the GCU gathers evidence for later use for the court, sources of evidence can be monitored to detect threatened incidents in a timely manner. The GCU employee’s needs to be aware of suspicious transaction related to any activity in the customer account. Securing intrusion detection systems (IDS) components are important because IDS are often targeted by attackers that want to prevent the IDS from detecting attacks or want to gain access to sensitive information on the IDS, such as host configurations and known vulnerabilities. In monitoring and auditing, the types of activities recognized as suspicious will be different from different business needs. For example, a forensic accountant may look for specific patterns of financial data to trigger suspicion of fraud or theft. A suspicious event might be multiple emails on a sensitive subject from a person that is not involved in the subject. Recommend resources that can be used

Finally, gathering all this information would enable the network administrator adjust the IDS to attacks specific to the network.

Interruption identification frameworks (IDS) take either system or host based methodology for perceiving and redirecting assaults. In either case, these items search for assault marks (particular examples) that for the most part demonstrate malignant or suspicious goal. At the point when an IDS searches for these examples in system activity then it is system based (figure 1). At the point when an IDS searches for assault marks in log records, then it is host based.

Monitor all network traffic and alert personnel to suspected compromises using network intrusion-detection systems, host-based intrusion detection systems, and intrusion-prevention systems.

With reports from the CIO that malicious activity is on the rise, analyzing the system is essential to guarantee that the data that is critical to the organization's success is secured. Since assaults must be executed on a framework with vulnerabilities, I should analyze the system to address concerns, for example, backdoors, patches and updates, security to server rooms, appropriate security for access of data, and so forth.

Firewalls prevent unauthorized users from accessing a private network when it is linked to the Internet. Intrusion detection systems monitor private networks from suspicious network traffic and attempts to access corporate systems. Passwords, tokens, smart cards, and biometric authentication are used to authenticate system users. Antivirus software checks computer systems for infections by viruses and worms and often eliminates the malicious software, while antispyware software combats intrusive and harmful spyware programs (Laudon and Laudon, 2009, p.260)

As CIO, the goal is to keep the network safe from rapidly evolving malicious intent and this can be accomplished by an effective vulnerability assessment. The first thing on the agenda is to start with performing risk assessment. Corporate assessments are the ones that are risk-based and measurable with the intent of isolating corporate assets that generate the highest value to a corporation and present the highest potential threats and vulnerabilities related to the assets (Bayan, 2004). Further, risk assessments will help to isolate the areas where security investigation is needed and where it's likely to be loaded with consequences, as well as point out whether a business continuity or disaster recovery plan is required.

We also described various Vulnerability Assessment (VA) tools that allow customization of security policy, automated analysis of vulnerabilities, and creation of reports that effectively communicate security vulnerability discoveries and detailed corrective actions to all levels of an organization. Vulnerability Assessments tools will identify known network, operating system, web application, and web server exploits/vulnerabilities with the use of automated scanning

The purpose of this report is to explain the process of conducting vulnerability assessments and modeling threats. Vulnerability assessments are conducted to keep organizations safe from device and network vulnerabilities. There is a process that should be followed in order to perform a proper vulnerability assessment, if it is followed properly the organization will eliminate most if not all vulnerabilities from their network. Modeling threats is also an important step in creating a safe computing environment. It is a way for organizations to classify threats to their network, applications, and devices. Classifying the threats allows an organization act accordingly when it comes to the threats that are present on their networks. All organizations should adopt some form of vulnerability assessment and threat modeling, this will help protect the organizations reputation as well as its data that resides and travels through the network.

Two factors increase the stakes of the cyber struggle. Tactically and operationally, the increasing dependence of modern technologically advanced forces (especially U.S. forces) on networks and information systems create new kinds of exploitable vulnerabilities. Second, as modern societies including the militaries that mirror them have continued to evolve, they have become ever more dependent on a series of interconnected, increasingly vulnerable “critical infrastructures” for their effective functioning. These infrastructures not only have significantly increased the day-to-day efficiency of almost every part of our

Intrusion Detection Systems – IDS should be installed that contain the capabilities to monitor the network and send alerts if odd or different behavior is observed.

Technology can also be used to be a security guard on the company’s network. “In every network today, we have the ability to capture detailed performance and event log data on just about every network device, system, or application that, in turn, provides us vital information about what is happening on our network” (Hale, n.d.). Intrusion Detection Systems (IDS) and Log Monitoring are used to identify potential unauthorized use of the network, systems or devices.

Security is a standout amongst the most difficult and complex issue in Information Technology (IT) today. Security causes millions of dollars loss to the different organizations every year. Even if 99% of all assaults result from known vulnerabilities and flawed misconfigurations, an answer is most certainly not direct. With a crowd of networks, operating system and application related vulnerabilities, security specialists are getting the opportunity to be logically aware of the need to review and direct potential security dangers on their network and systems. This requires a more effective and insightful way to deal with sustaining the project. Vulnerability Assessment (VA) is the procedure of identifying, quantifying, measuring and organizing dangers connected with system and host-based network to reduce its risk to the system. Vulnerability Assessment (VA) tools permit customization of security strategy, computerized examination of vulnerabilities, and formation of reports that helps to discover security vulnerability.

Navigating vulnerable unpatched client-side workstations through the Internet super highway can lead to computer security

(IDS) use different methods because each one need to specific method. (IDS) can be identified threats but cannot deterring.[4] National Institute of standards and Technology (NIST) organization provides guidance document on Intrusion Detection Systems [5]. we can classify intrusion detection systems into three different categories