Operating Systems Vulnerabilities in Chevron (Windows and Linux)

Congratulations, you are the newly appointed lead cybersecurity engineer with your company in

the oil and natural gas sector. This is a senior ­level position. You were hired two months ago

based on your successful cybersecurity experience with a previous employer.

Your technical knowledge of cybersecurity is solid. However, you have a lot to learn about this

company's culture, processes, and IT funding decisions, which are made by higher

management.

You have recently come across numerous anomalies and incidents leading to security

breaches. The incidents took place separately, and it has not been determined if they were

caused by a single source or multiple related sources. First, a month ago, a set of three

corporate database servers crashed suddenly. Then, a week ago, anomalies were found in the

configuration of certain server and router systems of your company.

You immediately recognized that something with your IT resources was not right. You suspect

that someone, or some group, has been regularly accessing your user account and conducting

unauthorized configuration changes.

You meet with your leadership to discuss the vulnerabilities. They would like you to provide a

security assessment report, or SAR, on the state of the operating systems within the

organization. You're also tasked with creating a non­technical narrated presentation

summarizing your thoughts.

The organization uses multiple operating systems that are Microsoft­based and Linux­based.

You will have to understand these technologies for vulnerability scanning using the tools that

work best for the systems in the corporate network.

You know that identity management will increase the security of the overall information systems

infrastructure for the company. You also know that with a good identity management system,

the security and productivity benefits will outweigh costs incurred. This is the argument you must

make to the stakeholders.

There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:

Security Assessment Report (SAR): This report should be a 7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

Nontechnical presentation: This is a set of 8 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.



The audience for your security assessment report (SAR) is the leadership of your organization, which is made up of technical and nontechnical staff. Some of your audience will be unfamiliar with operating systems (OS). As such, you will begin your report with a brief explanation of operating systems fundamentals and the types of information systems.

After reviewing the resources, begin drafting the OS overview to incorporate the following:



-Explain the user's role in an OS.

-Explain the differences between kernel applications of the OS and the applications installed by an organization or user.

-Describe the embedded OS.

-Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture.



You just summarized operating systems and information systems for leadership. In your mind, you can already hear leadership saying "So what?" The organization's leaders are not well versed in operating systems and the threats and vulnerabilities in operating systems, so in your SAR, you decide to include an explanation of advantages and disadvantages of the different operating systems and their known vulnerabilities.

Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:

Explain Windows vulnerabilities and Linux vulnerabilities.

Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.

Explain the motives and methods for the intrusion of the MS and Linux operating systems;

Explain the types of security awareness technologies such as intrusion detection and intrusion prevention systems.

Describe how and why different corporate and government systems are targets.

Describe different types of intrusions such as SQL PL/SQL, XML, and other injections

You will provide leadership with a brief overview of vulnerabilities in your SAR.



Then provide the leadership with the following:



Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.

Include a description of the applicable tools to be used, and the limitations of the tools and analyses, if any. Provide an explanation and reasoning of how the applicable tools to be used, you propose, will determine the existence of those vulnerabilities in the organization’s OS.

Include the projected findings from using these vulnerability assessment tools.

In your report, discuss the strength of passwords, any Internet Information Services' administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities.



such as MBSA. Then make a recommendation for using these types of tools (i.e., MBSA and OpenVAS), including the results you found for both.



Remember to include these analyses and conclusions in the SAR deliverable:



After you provide a description of the methodology you used to make your security assessment, you will provide the actual data from the tools, the status of security and patch updates, security recommendations, and offer specific remediation guidance, to your senior leadership.

You will include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting the risk, transferring the risk, mitigating the risk, or eliminating the risk.

Include your SAR in your final deliverable to leadership.



Please, in-text citations and references are very important in this paper. The last paper you wrote for me was awesome. Keep it up. Thank you.