Wilkes University The Assets and Vulnerabilities Case Description Table

User Generated

nalbar

Business Finance

Wilkes University

Description

Hello every thing is in the file( just please Make sure to use simple English )

Unformatted Attachment Preview

Assignment # 2 Individual Work Total points 5 Submission date: Oct 20,2020 Late submission is not acceptable ABC Insurance Company Virtualization Case Study 1. Case Learning Objectives • Identify the vulnerabilities involved in implementing a new technology. • Determine the likelihood for a potential vulnerability. • Determine the adverse impact resulting from a successful threat exercise of vulnerability. • Formulate a cost benefit analysis on adopting a new technology. • Assess risk level according to the likelihood of a vulnerability being exploited, and the impact of the vulnerability. • Recommend risk mitigation strategies for controlling risks. • Evaluate the risk mitigation strategies. 2. Case Description ABC Insurance Company is one of the largest insurance companies in U.S. It has several branches/agents across the nation. Their branches can communicate with the central company headquarters and with each other through computer network. Customer information and company sensitive data has to be protected at all times. ABC Insurance Company has database servers, J2EE application server, and web application server for its employers to access. It allows the customers to access insurance policy information, purchase, and change or cancel insurance policies online, and other services. The customers include individual policy holders and business policy holders. The company employees and the customers need login accounts to access the company servers. The company adopts the JRA architecture for the log-in capability. This infrastructure has many components. Many of the components consist of active directories, web servers, and databases. Each of the JRA architectures has a Business to Enterprise connection which is internal, Business to Customers which is individual policy customers and Business to Business which is business customers with the insurance company. These connections are called realms. Each realm is located at a different physical location. ABC Insurance Company holds customer information which is a valued asset to the company. The company has to ensure that this information is confidential to have the customers’ trust. The company has to protect the customers’ insurance policies which are the drive for the company's success. Agents’ login credentials and data needs to be secure too. A problem with ABC Insurance Company is the amount of hours needed to maintain the architecture. ABC Insurance Company wants a different way to implement this architecture. It was suggested to virtualize the JRA architecture. Virtualization can enable processes to share resources more efficiently. This would have different operating systems, web servers, and databases run on a virtual machine. Each realm would run on one machine as a virtual realm. This would cut down component costs, and cut down manpower to maintain the architecture. Two or more realms can run on one machine if they face the same kind of risks. 3. Case Discussion Questions and Their Mappings to Bloom’s Taxonomy Table 1: Mapping of Virtualization case discussion questions to Bloom’s Taxonomy. Virtualization Case Discussion Questions Cognitive Level 1. List in a table the assets and vulnerabilities associated Level 4 – Analysis with the assets when implementing virtualization. (Hint: List possible virtual server products, the price for each virtual server and its software license, threats to each type of virtual server. Thorough research is expected for this question). 2. For each vulnerability identified in Question 1, Level 4 – Analysis determine the likelihood that the vulnerability could be exploited. (Hint: reference [1], Section 3.5, pg. 21). 3. Determine the adverse impact resulting from a Level 4 – Analysis successful threat exercise of vulnerability. (Hint: reference: [1], Section 3.6, pg. 21) 4. Determine the risk level of the vulnerabilities based on NIST methodology (reference [1], Section 3.7, pg. 23-25. Level 4 – Analysis 5. Conduct cost benefit analysis on virtualization. Level 4 – Analysis 6. Propose strategies and methods to mitigate the risks for Level 5 – Synthesis virtualization. Be as specific and practical as possible. 7. Form justifications to convince CISO that virtualization is the correct way to go or virtualization has too much risk and it is not worth implementing in ABC insurance company. Level 6 – Evaluation 4. References [1] NIST Special Publication 800-30, http://csrc.nist.gov/publications/nistpubs/80030/sp800-30.pdf [2] Whitman, M.E. and Mattford, H.J. Principles of Information Security 3rd Edition, Thomson Course Technology, 2009
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

1

Assignment Name and Number
Name and NSU email
Professor’s Name
Class Name and Number
Date

VIRTUALIZATION

2
The Assets and Vulnerabilities

Assets

Vulnerabilities

Sensitive data

No encryption

The J2EE application server

SQL injection attacks, cross-site request
forgery (CSRF)

Customers accounts

Weak passwords that can be easily cracked

Web application

Phishing scam, brute force attacks, and SQL
injections

Database server

Injection attacks, bugs

Customer sensitive information

lack of encryption of the data

Virtual Server Products
Product

Price

Possible threat

Vmware vSphere

Per license $ 3595, per year

Unauthorized access through

support $ 755

authorized users, internal
threats from authorized users,
hacking, system intrusion.

Red Hat Virtualization

Premium version $ 1499

Unauthorized access through
authorized users, internal
threats from authorized users,
hacking, system intrusion.

Proxmox VE

Premium version $ 796 per

Unauthorized access through

year

authorized users, internal

VIRTUALIZATION

3
threats from authorized users,
hacking, system intrusion.

Citrix Hypervisor

Premium version $ 1525

Unauthorized access through
authorized users, internal
threats from authorized users,
hacking, system in...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags