search

Security Risk Assessment Report

Created during Google's Cybersecurity Course based on fictional information

Based on the vulnerability assessment report at the bottom of this page (not written by me), I selected three hardening tools/methods to implement to reduce vulnerabilities.

Part 1: Select up to three hardening tools and methods to implement

The company should implement firewall maintenance, MFA, and employee training.

Part 2: Explain your recommendations

The Cybersecurity Analyst found four major vulnerabilities in the company: employees share passwords, the admin password is the default password, the firewalls have no rules set up to filter traffic, and MFA is not used.

Without firewalls being set up and maintained, they are not helping secure a network. Implementing firewall maintenance will help ensure that common attacks are thwarted. It will go a long way in stopping easily preventable data breaches. Without a firewall, there are a lot of possible ways to breach the company. A firewall limits the amount of possible data breaches drastically.

The company has trouble with passwords in general. Ideally, the solution would be for individuals to practice individual security. This would involve education and teaching employees the importance of creating strong passwords and not sharing passwords. While training is not a guarantee of safe practices being followed, not having training practically guarantees safe practices will not be followed.

At the same time, to account for the difficulty in convincing people to behave differently, required MFA should be implemented. With MFA, weak passwords will have a buffer. Even if they are discovered through brute force attacks, the 2FA will help prevent unauthorized access. Secondly, with MFA, employees who are used to sharing passwords with each other will be less likely to do so, because it’s far more cumbersome to share a password when you also have to be ready to give them a code or such from a 2FA. People generally do what is easiest. 2FA will cut down on password sharing because it will no longer be the easiest solution.

Written by Google as part of their Cybersecurity Course
PreviousCybersecurity Incident Report: Website RedirectionNextAIG Shields Up: Cybersecurity Job Simulation

Last updated