USA: +1(669)289-8683 
Sign in
You should link your analysis to the kinds of organizational functions and data associated with a transportation company (e.g., protecting order data, customer lists, sales leads, Payment Card Industry (PCI) compliance for processing credit, proprietary software, etc.) and provide your recommendation if Mercury USA should purchase the Nessus tool. This report should be four to six pages in length and include a title/cover page. Include in-text citations and a reference page with three quality sources in a citation style of your choice.
https://learn.umgc.edu/content/enforced/602243-027…
For this assignment, you are asked to provide your supervisor, Judy, with a technical evaluation of a vulnerability scanner. By documenting your results in an effective background report, you are showing how you use your technical knowledge to convey your ideas to others in a professional setting. Your ability to express your findings using the right mix of technical detail in a business context is an important workplace skill.
The following evaluation criteria aligned to the competencies will be used to grade your assignment:
- 1.3.1: Identify potential sources of information that can be used to develop and support ideas.
- 1.4.1: Produce grammatically correct material in standard academic English that supports the communication.
- 10.1.1: Identify the problem to be solved.
- 12.2.1: Identify systems for the risk assessment.
- 12.3.1: Select controls.
- 13.2.1: Evaluate vendor recommendations in the context of organization requirements.
VM Scanner Background Report
CMIT 421 Threat Management and Vulnerability Assessment
Introduction
Provide an introduction that includes what you intend to cover in the background paper. Ensure you are
specific and define your purpose clearly.
Part 1: Nessus Vulnerability Report Analysis
In this section, analyze and interpret the results of the report to give your boss a clear picture of
the Mercury USA’s potential vulnerabilities.
As you analyze the report, address the following points:
•
Is it appropriate to distribute the report as is, or do you need to interpret the report,
attach meaning before sending to management? Explain why or why not.
What is your overall impression of the tool’s output? Is it easy to interpret, wellorganized, include enough detail, too much detail?
Does the tool provide enough reporting detail for you as the analyst to focus on the
relevant vulnerabilities for Mercury USA?
Name the three most important vulnerabilities in this system for Mercury USA. Why are they
the most critical?
How does the report provide enough information to address and remediate the three most
important vulnerabilities?
•
•
•
•
Take Note: Judy has asked you to provide a screenshot to help her understand what the Nessus report
looks like.
Screenshot Instructions
•
•
•
•
•
•
•
Open Lab 4.5.x, “Conducting Vulnerability Scans” within the uCertify Pearson CompTIA
Cybersecurity Analyst (CySA+) content
After Step 25, click on the scan “General Scan”
Click the Report button dropdown and choose HTML
In the “Generate HTML Report” dialog, click the Generate Report button
Open the report from the browser’s download bar at the bottom of the screen
Click the Show Details button
Take a full window screenshot that includes the date/time of the report and the date/time
area of the VM’s taskbar (refer to the example below)
Note: This portion of the background paper also helps determine that your submission is unique.
Thus, you must include the specific screenshot as seen below or your project will not be accepted.
Part 2: The Business Case
Keep these issues in mind as you address the two questions below:
•
•
•
Think back to the video from Mercury USA’s CEO. What were his main areas of concern?
What is the industry/function of the organization?
What kinds of data might be important to the organization?
What is your assessment of the Mercury USA’s overall current security posture? What information in the
vulnerability scans supports your assessment?
Based on the vulnerabilities present in the reports and the information available about them, what
threats might an adversary or black hat hacker try to use against the organization to exfiltrate data or
hold it for ransom?
Part 3: Nessus Purchase Recommendation
State your case for your recommendation of the Nessus commercial vulnerability scanner. Be
sure to address the following questions:
•
•
•
•
•
Do you think the overall presentation and scoring features are adequate for technical
professionals?
How can this tool help Mercury USA comply with regulatory and standards requirements?
What is the cost to license the tool? Does the usability, support, and efficacy of the tool warrant
the cost?
Do you think the Nessus report is understandable/suitable for management? Explain why or
why not.
Would you recommend that Mercury USA purchase the tool? Provide your rationale for this
recommendation.
Conclusion
Provide a conclusion of at least a paragraph summarizing your analysis of the Nessus
vulnerability report, your purchase recommendation, and why your purchase recommendation
is beneficial for employees, management, and the organization.
References
Use in-text citations in the body of your memorandum as appropriate. Add all sources you used
here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for
clarification. When using the associated course content, ensure you cite to the chapter level. An
example IEEE citation is provided below for your reference.
[1] “Chapter 5: Implementing an Information Security Vulnerability Management
Process”, Pearson CompTIA Cybersecurity Analyst (CySA+), 2020. [Online]. Available:
https://www.ucertify.com/. [Accessed: 28-Apr-2020].
