This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic

This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic
Framework Findings and Recommendations Scoring Guide Performance Level Ratings Meets Expectations Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met. Near Expectations Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment, one or more of the most critical goals were not met. Below Expectations Performance was consistently below expectations in most essential areas of the assignment, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. Criteria Below Expectations Near Expectations Meets Expectations Earned The student comprehensively presents an overview of why the report is being written. 0 pts – 6 pts 7 pts – 9 pts 10 pts The student comprehensively presents a description of the system and the framework governing the enterprise. Subject knowledge is excellent. 0 pts – 6 pts 7 pts – 9 pts 10 pts The student clearly presents the results of the assessment with extensive details, including the major gaps found and recommended remediation. 0 pts – 13 pts 14 pts – 19 pts 20 pts The student provides a detailed, high-level diagram that represents the current state of the system. The student uses appropriate graphic elements to make visual connections that contribute to the understanding of concepts and relationships. 0 pts – 13 pts 14 pts – 19 pts 20 pts The student provides an equal detailed diagram depicting the proper end state. The student uses appropriate graphic elements to make visual connections that contribute to the understanding of concepts and relationships. 0 pts – 13 pts 14 pts – 19 pts 20 pts Required components are present, including: Overview System Overview Assessment Methodology Security Assessment Results Non-Conforming Controls Authorization Recommendations Appropriate Diagrams and Screenshots 0 pts – 6 pts 7 pts – 9 pts 10 pts Prose is largely free of mechanical errors. The writer uses a variety of effective sentence structures, figures of speech, and industry terminology. 0 pts – 6 pts 7 pts – 9 pts 10 pts TOTAL /100 Instructor Feedback © 2018. Grand Canyon University. All Rights Reserved.
This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic
CYB-535 Security Assessment Report Template System Assessment Report For: {System Name} Version: Date: Prepared By: Overview Purpose Scope Applicable Laws and Regulations The following laws and regulations are applicable: Applicable Standards and Guidance The following standards and guidance are applicable to the organization: System Overview System Name General System Description and Purpose Security Categorization Assessment Methodology Performed Tests Identification of Vulnerabilities Consideration of Threats Performed Risk Analysis Document Results This section should include any relevant screenshots. Security Assessment Results Non-Conforming Controls Authorization Recommendations © 2018. Grand Canyon University. All Rights Reserved.
This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic
Stephen 5 Security Risk in the Oil and Gas Industry Sean “Yogi” Stephen CYB 535 November 25, 2020 Security Risks in the Oil and Gas Industry The oil and gas industry, like any other industry, is a target of Network/IT threats including, data theft, Identity theft, denial of service, spyware, and viruses, among others. “Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same period last year” (Coble). The threats sometimes are not limited to external attacks but also include internal factors like system failure, misconfiguration, and natural disasters, among other causes. These double-sided instances necessitate the inclusion of redundancy, failovers, failure domain, and backup analysis in the development of low-risk network designs for organizations. However, network designs have not been able to stop the attacks on networks/IT systems. Still, a properly designed structure can reduce or make it difficult for attackers to successfully carry out attacks. A threat is an intention suggestive of a malicious action against a person or a thing. In information technology, the danger is an action targeted at the vulnerability of a system to alter its operation mode or disrupt its process flow. Risk is the susceptibility of a strategy to a threat. In order words, chances are the possibilities for a network to be successfully attacked. IT systems are hosts to information that are valuable to an organization. Most times, information hosted on the system can be useful to order people or could be a means to blackmail the organization hosting it, and unauthorized users deploy actions to access or utilize hosted information. To this end, organizations employ stringent procedures to ensure that it is difficult for information in their network are not accessible by an unauthorized user, and services of their IT infrastructure are not easily disrupted. “Any activity in the oil and gas sector is subject to risks caused by threats and vulnerabilities” (Winther). The vulnerability of the oil and gas industry are evident in past events. Attackers get more sophisticated in their attacks, assessing and accessing every vulnerability the system has. “A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days” (Buurma, and Sebenius). Attackers deployed a phishing attack in a mail, through which they were able to gain administrative access to the firm’s information technology system. This attack exposes the inadequate awareness of oil and gas firms’ employees on cyber-attack. The oil and gas industry, recently, has been using standard IT Systems component like PCs and Windows Operating System products with known vulnerabilities in automation and process control systems, against the previous proprietary systems. The use of these products exposes the system to the vulnerabilities associated with these components. Hosting and management of production data are exposed to attacks, as remote access to information on the internal networks is being enabled. Employees’ access to critical information servers during operations and maintenance, and workplace arrangement due to the COVID-19 pandemic, has necessitated remote access by employees to the information servers, exposing the servers to possible attacks. Oil firms do not enforce adequate security measures/procedures in vendors and contractors which allows for the inclusion of vulnerable technologies in the building of industrial control systems, ICS. The inclusion of the vulnerable component is mostly without adequate security model to prevent cyber-attacks. Inadequate data network security management culture exposes the sector to the ever-increasing sophistication in cyber-attacks. The use of vulnerable software, aging control system without security model, and inadequate physical security of data infrastructure, expose the sector to threats too. The oil and gas industry has been reputable for the use of proprietary technologies in their automation and control system, and access to their information systems was mostly internal, or on a strict tunneling standard. The oil and gas industry has been integrating standard technology systems in their process control and automation systems through the services of their contracting organizations, without a proper security model against the possible attacks associated with these technologies. Works Cited Buurma, Christine, and Alyza Sebenius. “Bloomberg – Are You A Robot?”. Bloomberg.Com, 2020, https://www.bloomberg.com/news/articles/2020-02-18/ransomware-shuts-u-s-gas-compressor-for-2-days-in-latest-attack. Coble, Sarah. “Attacks Against Oil and Gas Industry on The Rise”. Infosecurity Magazine, 2020, https://www.infosecurity-magazine.com/news/attacks-against-oil-and-gas/. Winther, Trond. “Cyber Security Vulnerabilities for the Oil and Gas Industry – DNV GL”. DNV GL, 2020, https://www.dnvgl.com/oilgas/download/lysne-committee-study.html.