MEMO
[date]
[Your name and course number/section]
[Opening Salutation]:
Overview
In this section, provide a brief overview to establish the purpose of your memorandum. You
should introduce the topics in Parts 1, 2, and 3, below. Remember that you are writing to your
immediate boss to help her address the CEO’s concerns over recent cybersecurity attacks
against the transportation sector. Additionally, your boss has provided you with the results of a
recent pen testing engagement performed by a third party on behalf of Mercury USA.
Part 1: Vulnerability Management (VM) Process Recommendation
In this section, present a recommended VM process for Mercury USA. Highlight the major VM
process components as you learned in your studies. Explain how your recommendation meets
the business needs of Mercury USA. Consider the transportation sector and the overall scenario
in context. The text and questions below represent specifics to focus on while writing the
memorandum. Do not include the specific text of the questions in your final submission.
What are the main elements of a VM process, tailored to Mercury USA and the
transportation sector?
How will you plan for and define the scope of a VM process?
How will you identify the assets involved?
How will you scan and assess vulnerabilities?
What is/are the industry standard scanning tools? Support your findings.
What frequency of scanning do you recommend and why?
How will you report the results of scanning and recommended countermeasures?
Part 2: Vulnerability Scanning Tool Evaluation and Recommendations
After performing an analysis of the vulnerability report provided by the third-party penetration
testers, present your evaluation of the tool and your recommendations here. The text and
VULNERABILITY MANAGEMENT PROCESS MEMO | [Document subtitle]
questions below represent the specifics to focus on while writing your memorandum. Do not
include the specific text of the questions in your final submission.
Identify the scanner used to produce the report. Is the tool open source or commercial?
Do you consider the tool to be industry standard?
What are some advantages to using the tool? Disadvantages?
What is your overall impression of the tool’s output?
Does the tool provide enough reporting detail for you as the analyst to focus on the
correct vulnerabilities? Can you appropriately discern the most critical vulnerabilities?
Do you think mitigations for the vulnerabilities are adequately covered in the report?
Do you think the reports are suitable for management? Explain why or why not.
Would you distribute the report automatically? Explain why or why not.
Would you recommend that Mercury USA use the tool? Explain why or why not.
Part 3: Business Case Example
In this section, provide an example of what could happen if Mercury USA does not implement
your recommendations for a VM process (e.g., data exfiltration, hacker intrusions, ransomware,
etc.). The text and questions below represent the specifics to focus on while writing your
memorandum. Do not include the specific text of the questions in your final submission.
What are some of the outcomes to the business if your example occurred?
How does your recommended VM process address the example you used?
For the tool you evaluated in Part 2 above, do you think the tool will be adequate? Why
or why not?
Closing
In this section, summarize the main points of your argument for a VM process, tool evaluation,
and use the case example to support your recommendations. Keep in mind that you are
addressing the CEO’s concerns over recent cybersecurity attacks against the transportation
sector and how you can help increase Mercury USA’s overall security posture to protect the
organization against attacks, breaches, and data loss.
<Closing Salutation>
<Your Name>
Cybersecurity Threat Analyst
Mercury USA
References
VULNERABILITY MANAGEMENT PROCESS MEMO | [Document subtitle]
Use in-text citations in the body of your memorandum as appropriate. Add all sources you used
here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for
clarification. When using the associated course content, ensure that you cite to the chapter
level.
[1] "Chapter 5: Implementing an Information Security Vulnerability Management
Process", Pearson CompTIA Cybersecurity Analyst (CySA+), 2020. [Online]. Available:
https://www.ucertify.com/. [Accessed: 28- Apr- 2020].
We are a professional custom writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework.
Yes. We have posted over our previous orders to display our experience. Since we have done this question before, we can also do it for you. To make sure we do it perfectly, please fill our Order Form. Filling the order form correctly will assist our team in referencing, specifications and future communication.
1. Click on the “Place order tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
2. Fill in your paper’s requirements in the "PAPER INFORMATION" section and click “PRICE CALCULATION” at the bottom to calculate your order price.
3. Fill in your paper’s academic level, deadline and the required number of pages from the drop-down menus.
4. Click “FINAL STEP” to enter your registration details and get an account with us for record keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
5. From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.
Need this assignment or any other paper?
Click here and claim 25% off
Discount code SAVE25