What are the main elements of a VM process, tailored to Mercury USA and the transportation sector?
How will you plan for and define the scope of a VM process?
How will you identify the assets involved?
How will you scan and assess vulnerabilities?
What is/are the industry standard scanning tools? Support your findings.
What frequency of scanning do you recommend and why?
How will you report the results of scanning and recommended countermeasures? Is the tool open source or commercial? Do you consider the tool to be industry standard?
What are some advantages to using the tool? Disadvantages?
What is your overall impression of the tool’s output?
Does the tool provide enough reporting detail for you as the analyst to focus on the correct vulnerabilities? Can you appropriately discern the most critical vulnerabilities?
Do you think mitigations for the vulnerabilities are adequately covered in the report?
Do you think the reports are suitable for management? Explain why or why not.
Would you distribute the report automatically? Explain why or why not.
Would you recommend that Mercury USA use the tool? Explain why or why not.
What are some of the outcomes to the business if your example occurred?
How does your recommended VM process address the example you used?
For the tool you evaluated in Part 2 above, do you think the tool will be adequate? Why or why not?
