Vulnerability Management: Protecting Transportation Sector from Cyber Threats with Nessus, Exams of Computer Science

The importance of vulnerability management for transportation sector businesses, particularly in light of increasing it integration and the threat of ransomware attacks. The document recommends nessus as a vulnerability scanning tool and provides details on the cost and implementation process. Real-world examples of ransomware attacks on logistics companies are also included.

Typology: Exams

2022/2023

Available from 04/04/2024

TopGradeRemy
TopGradeRemy 🇺🇸

5

(2)

1.9K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Vulnerability Management and Scanner Evaluation
CMIT 421 6383
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Vulnerability Management: Protecting Transportation Sector from Cyber Threats with Nessus and more Exams Computer Science in PDF only on Docsity!

Vulnerability Management and Scanner Evaluation

CMIT 421 6383

AGENDA

Mercury USA Business Needs

Our Security Posture

Our VM Process

The Need For A Good Scanner

2: OUR SECURITY POSTURE

▪ A recent scan revealed that our system’s vulnerabilities are a

big threat.

▪ We can easily lose confidential data or be hit by a ransomware

attack.

▪ Real world examples in ways that affect our business:

▪ (^) NotPetya ransomware attacks caused logistics companies billions of dollars [1]. ▪ (^) FedEx and Maersk each lost $300 million from the ransomware [2].

3: OUR VM PROCESS

4B: THE ASK

▪ The first step would be to build capacity to scan and patch our

systems.

▪ Purchase Nessus:

▪ (^) $2960 [3] ▪ (^) At least 2 technicians (System Admin and Network Admin) ▪ (^) External pen-testing company on retainer ▪ (^) No high threat level vulnerabilities

SUMMARY

▪ Ransomware attacks have become common in transportation

▪ An internal scan of our system reveals how vulnerable we are

▪ We need to implement a VM process to manage cybersecurity

risks

▪ Purchasing the vulnerability scanning tool in the Nessus license

is the first step to creating a strong cybersecurity system.

REFERENCES

[1] A. Greenberg, "The Untold Story of NotPetya, the Most Devastating Cyberattack in History", Wired , 2020. [Online]. Available: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. [Accessed: 6 - October-2022]. [2] Slaby, James R. "Ransomware Still Threatens The Transportation & Logistics Industry". Acronis.Com, 2018, https://www.acronis.com/en- eu/articles/ransomware-logistics/#:~:text=The%20recent %20wave%20of%20crippling,players%20to%20reevaluate%20those %20priorities.&text=FedEx %20clocked%20its%20operating%20losses,TNT%20systems%20by%20%2475M. [3] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: https://www.tenable.com/products/nessus. [Accessed: 6 - October-2022]. [4] Bagyalakshmi, G., et al. "Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools." IEEE Access 6 (2018): 57144-57151. [5] Rahalkar, Sagar. "OpenVAS." Quick Start Guide to Penetration Testing. Apress, Berkeley, CA, 2019. 47 - 71. [6] Foreman, Park. Vulnerability management. CRC Press, 2019.Palmaers, Tom. "Implementing a vulnerability management process." SANS Institute Reading Room (2013). [7] Nessus. "Getting Started (Nessus Compliance Checks)". Docs.Tenable.Com, 2020, https://docs.tenable.com/nessus/compliancechecksreference/Content/GettingStarted.htm. [Accessed: 6 - October-2022]. 10