Posted: September 8th, 2022

MEMO

[date]
[Your name and course number/section]
[Opening Salutation]:
Overview
A sturdy vulnerability administration course of includes the collaboration of safety elements that are vital in a corporation. The considerations of Mercury USA that includes safety of buyer data, proprietary enterprise information and harmful load and different hazardous supplies throughout transportation. The primary half provides advice for the vulnerability administration course of for Mercury USA. It is going to spotlight the main VM course of elements and suggestions that meet the enterprise wants of Mercury USA. The second half describes the vulnerability scanning instruments Assessments and the suggestions. Lastly, the outcomes of not implementing the advice of a VM course of might be mentioned.
Half 1: Vulnerability Administration (VM) Course of Suggestion
The principle goal of the Vulnerability administration course of in Mercury USA might be to detect and remediate the vulnerability via well timed options. The vulnerability administration course of in Mercury USA includes preparation, vulnerability scan, definition of remediating actions, the implementation of the actions and the rescan.
In planning of the method, the preparation is beneficial to start out with a small scope which begins out with a small variety of techniques, for Mercury and the transportation sector. Safety officer must be concerned in making an settlement of the techniques to be included and people to be excluded from the vulnerability administration course of. Different property embody the working system, machine, community and the bodily location. The preliminary vulnerability scans are subsequent within the course of and may make the most of a variety of reporting choices visualize outcomes by creation of a lot of reviews. The dangers confronted by Mercury USA and its transportation sector might be recognized coupled with the severity of the recognized vulnerabilities.
The vulnerability scans must be run quarterly in yearly for low dangers property and as soon as per thirty days for high-risk property. Hackers are continually scanning the exterior property every day and make reviews on the vulnerability of the group. There may be want for the group to have an automatic Assessment that establish vulnerability on techniques, community and purposes for weaknesses. The trade normal scanning instruments embody, Comodo cWatch, OpenVAS, Nexpose Group and Nikto scanners.
Half 2: Vulnerability Scanning Software Analysis and Suggestions
Exterior scans had been carried out by a third-party penetration tester utilizing the free instrument Open Vulnerability Scanner (OpenVAS) that was allowed to evaluate the safety orientation and community of Mercury USA. I think about Open Vulnerability Scanner (OpenVAS) to be an trade normal instrument. As an exterior scanner, it affords the benefit of offering a free open-source vulnerability Assessment instrument, it has the frequent vulnerability and publicity protection and it’s constructed to be an all-in-one scanner. Nonetheless, it helps much less working system, it doesn’t supply coverage managements and in comparison with different trade normal scan instruments it has a smaller frequent vulnerability and publicity. The instrument output is detailed and analytical within the identification of vulnerability. The instruments present sufficient reporting particulars that target the right vulnerabilities. The report clearly identifies essentially the most vital vulnerabilities. The report ample gives mitigations for every vulnerability which makes the reviews appropriate for administration. I might suggest using the instrument and the automated distribution of the report for Mercury USA.
Half three: Enterprise Case Instance
An instance of a enterprise case the place the corporate didn’t implement the advice of a VM course of is Marriott Worldwide. The dangers of the group had been nonetheless excessive even with a good firewall and antivirus software program and an intrusion detection system. The issue of a misconfigured firewall was a serious vulnerability as an antivirus catcher identified viruses and trojan horses. The enterprise expertise information exfiltration, hacker intrusions and ransomware within the system and community of the group susceptible sections. The VM course of beneficial establish all main vital vulnerabilities to the safety and supply mitigations for every in an in depth method and could be utilized mechanically and recurrently to be protected regularly.
Closing
In conclusion, the vital elements of the VM course of is the vulnerability scans and the important thing ingredient is the instrument of analysis adopted by the corporate. Following the enterprise case, you will need to implement the mitigations beneficial for coping with vulnerability for Mercury USA and cybersecurity assaults towards the transportation sector. The implementation of extra safety instruments and common safety scans will improve the general safety of Mercury USA that shield the group towards assaults, breaches and information loss.


Cybersecurity Risk Analyst
Mercury USA

References
Prime 10 vulnerability Assessment scanner. (2020, October 9). cWatch Weblog. Retrieved from https://cwatch.comodo.com/weblog/website-security/top-10-vulnerability-assessment-scanning-tools/
Farris, Okay. A., Shah, A., Cybenko, G., Ganesan, R., & Jajodia, S. (2018). Vulcon: A system for vulnerability prioritization, mitigation, and administration. ACM Transactions on Privateness and Safety (TOPS), 21(four), 1-28.
Kasprzyk, R., & Stachurski, A. (2016). An idea of standard-based vulnerability administration automation for IT techniques. Pc Science and Mathematical Modelling, (three), 33-38.

Order | Check Discount