-

 Week 2: Vulnerability Management Activities and Vulnerability Assessment Tools.

This week's reading material covered various topics like Service Level Agreements (SLA), vulnerability scanning tools, Common Vulnerability Scoring Systems (CVSS), and vulnerability feeds. In addition, there are various other topics discussed in the chapter reading that are just as important and play an essential role in the cybersecurity analyzing process as the four main discussion topics.

As a cybersecurity analyst, you should never always expect to be hundred percent on point all the time because there is no hundred percent right or wrong, especially in the computer networking infrastructure. However, this doesn't mean that as a cybersecurity analyst, you shouldn't give it all the effort you know you are capable of. We live in an information age that requires us to adapt to the content of transformation occurrences.

As I stated in my discussion post, we live in a comparative world, and private security companies, or any companies, must be upfront with their customers (clients) if they want to succeed in the information age. That is where the Service Level Agreement (SLA) plays a vital role between the companies and their customers. SLA transpired more often in IT than in other business industries. An SLA is a contract that can exist within a company (say, between a business unit and the IT staff) or between the organization and an outside provider (Chapman & Maymi, 2021).

Many scanning tools are available these days for protecting, preventing, and monitoring network activities. One primary purpose for scanning a network "is to get more details about the target network or device by poking around and taking note of the target's responses." The list of some scanning methods used in this process are:

  • Port Scanning – is a computer program designed specifically for probing a host (workstation, etc.) or, for that matter, a server to determine which networking ports are available (open).
  • Web App Vulnerability Scanning – unlike port scanning, this is an automated tool that can be used specifically for scanning web applications to check for vulnerabilities.

There are many other scanning tools available that are just as important as the two I have listed, and searching the web will provide you with a list of those other tools. The term "vulnerability feed" is something that you will want to take very securely as a cybersecurity analyst. There are different vulnerability feed cycles that vary depending on the network infrastructure functionality. The updated cycle or process can range from an hour to weeks depending on the situation, and "through they eventually tend to converge on the vast majority of known vulnerabilities." There will be a situation where you may have one feed cycle that shows a "threat significantly before another." The bottom line is that, with vulnerability feed, you have the options of hourly, daily, weekly, monthly, or even quarterly cycles. Moreover, it is a plus for having the capability of noticing and responding immediately to a vulnerability.

 

 

 

Reference:

Chapman, Brent; Maymi, Fernando. CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002) (p. 63, 81). McGraw Hill LLC. Kindle Edition. Retrieved: June 21, 2023.

Comments

Post a Comment

Popular posts from this blog

-
Image
 Hybrid Cloud and Multi-Cloud Networking Objectives: Hybrid Cloud and Multi-Cloud Networking, The Different Between Virtual Private Network and Direct Connect. 1.       Hybrid Cloud and Multi-Cloud Networking The purpose for this blog article is to discuss some helpful tips regarding hybrid cloud and multi-cloud networking, and the differences between VPN (Virtual Private Network) and Direct Connect – the important role both methods play in connecting network. A hybrid cloud is a network infrastructure that exists in two different places – on-prem and in the cloud. Like hybrid clouds is multi-cloud which is a network infrastructure that’s dedicated to two or many different platforms like, AWS (Amazon Web Service), GCP (Google Cloud Platform), or Microsoft Azure and Salesforce. With all these different platforms, one could wonder about the notable complexity in making these different network services and tools to communicate to and assist each other. The question then is, so why wil
Week One: Safety and Professionalism
-
 Threats to Cloud Security.   Cloud computing is on the rise and becoming popular in the public and business enterprises sector. Many CSPs (Cloud Service Providers) like, Microsoft Azure, AWS (Amazon Web Service), and GCP (Google Cloud Platform) are offering their clients and users the opportunity to migrate the operations to the cloud by subscribing services () that fits their operation needs. There are many activities involved with migrating to the cloud that are important for the public and business enterprises to understand before making such leap (migrate). Speaking of migrating, the term security is one of the most critical aspects that concerns cybersecurity team members, and all proper measures must be taken seriously. The uprising of cyber threats to cloud computing increases by the day just as cloud computing becomes more and more popular. The following are lists of threats to cloud security: 1.       Data Breach - regardless of whether data is accessible throu
Week One: Safety and Professionalism
-
BSIT 400 - Cloud Computing and Governance.  Migration to the Cloud Technology has transformed and revolutionized our ways of achieving and accomplishing dreams and goals since its existence. The introduction of cloud computing has taken it even further. The purpose for this week three blog topic is center around “Migration to the Cloud.” There are a variety of contents and activities involved with cloud migration, and it’s imperative for one to fully understand all these contents and activities involved for a smooth transition. Some of these contents are but not limited to, Migration Planning, Migration Execution, Deployment Testing and Validation, Cloud Agility, and Planning for Problem. This week three blog is going to focuses on the following contents and activities: 1.       Migration Planning a.        Cloud Migration Phases – this activity involved completing the most important phases contents which are Planning, migrating, validating, and managing. These migration phases
Week One: Safety and Professionalism