Vulnerability Assessment Report
Scenario
You are a newly hired cybersecurity analyst for an e-commerce company. The company stores information on a remote database server, since many of the employees work remotely from locations all around the world. Employees of the company regularly query, or request, data from the server to find potential customers. The database has been open to the public since the company’s launch three years ago. As a cybersecurity professional, you recognize that keeping the database server open to the public is a serious vulnerability.
You are tasked with completing a vulnerability assessment of the situation to communicate the potential risks to decision makers at the company. You must create a written report that explains how the vulnerable server is a risk to business operations and how it can be secured.
Assessment Report
System Description
The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections.
Scope
The scope of this vulnerability assessment relates to the current access controls of the system relating to the confidentiality, availability, and integrity of the data on the server and not the physical server and related IT services that are the domain of the cloud service provider. The assessment will cover a period of three months, from June 2024 to August 2024. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system.
Purpose
The database contains the PII of potential customers for the organization. It is used by employees to search for potential customers to contact across various locations in the world. The data access needs to secured so that only employees can view the data. It is possible, although unlikely that customers could alter or delete information from the database. The PII could be stolen or destroyed by hackers at harm to the organization’s reputation and financial interests.
Risk Assessment
| Threat source | Threat event | Likelihood | Severity | Risk |
|---|---|---|---|---|
| Hacker | Obtain sensitive information via exfiltration |
3 | 3 | 9 |
| Employee | Disrupt mission-critical operations | 2 | 3 | 6 |
| Customer | Alter/Delete sensitive information | 1 | 3 | 3 |
Approach
Since the database is hosted by a cloud service provider, the approach was limited to the confidentiality, accessibility, and integrity of the data. Currently the data is publicly accessible. Hackers could steal the PII of the potential customers harming them and causing harm to the organization’s reputation. Employees might disrupt operations accidentally. And, Customers, although rarely, could alter or delete information.
Remediation Strategy
The database should be made read accessible to the organization’s employees only by requiring authentication and authorization controls to include multi-factor authentication to access the database. Least privilege control should be enforced by granting read only privileges to the database for employees. Accounting controls should be established to audit access logs to ensure only authorized access and to detect unauthorized access attempts in the future.