Step 1: Define the OS
After reviewing those resources, begin drafting the OS overview to do the following:
1. Explain the user’s role in an OS.
2. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.
3. Describe the embedded OS.
4. Describe how the systems fit in the overall information system architecture, of which cloud computing is an emerging, distributed computing network architecture.
Step 2: Review OS Vulnerabilities
Based on what you gathered from the resources, compose the OS vulnerability section of the SAR. Be sure to:
· explain Windows vulnerabilities and Linux vulnerabilities;
· explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices;
· explain the motives and methods for intrusion of the MS and Linux operating systems;
· explain the types of security awareness technologies, such as intrusion detection and intrusion prevention systems;
· describe how and why different corporate and government systems are targets; and
· describe different types of intrusions such as SQL PL/SQL, XML, and other injections.
· Step 3: Prepare for the Vulnerability Scan
· description of the methodology you propose to assess the vulnerabilities of the operating systems, including an explanation of how this methodology will determine the existence of those vulnerabilities in the your company’s OS
· A description of the applicable tools to be used and any limitations of the tools and analyses, including an explanation of how your proposed applicable tools will determine the existence of those vulnerabilities in your company’s OS
· The projected findings from using these vulnerability assessment tools
In your report, discuss the strength of passwords, any Internet Information Services’ administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches, as they relate to OS vulnerabilities.
Step 4: Create the Security Assessment Report
Remember to include analyses and conclusions in the SAR deliverable as follows:
1. After you provide a description of the methodology you used to make your security assessment, provide the actual data from the tools, the status of security and patch updates, security recommendations, and specific remediation guidance for your senior leadership.
2. Include any risk assessments associated with the security recommendations, and propose ways to address the risk either by accepting it, transferring it, mitigating it, or eliminating it.