You recently started in a new position at the Celinsky Automotive Group (CAG) as a cybersecurity vulnerability analyst (CVA). The CAG is a chain of 25 dealerships across four Southern

Project 2: Vulnerability Assessment Report

You recently started in a new position at the Celinsky Automotive Group (CAG) as a cybersecurity vulnerability analyst (CVA). The CAG is a chain of 25 dealerships across four Southern states. The 25 dealerships and the CAG headquarters facility are networked with the full range of domain services provided via ActiveDirectory (file shares, shared printers, lightweight directory access protocol, SharePoint, MS365, etc.). Your manager has provided you with a recent scanner output run by the IT department and has asked for your analysis and input on the scanner findings.

 

Using the scanner output report, Advanced Scan (Single Host), analyze the findings revealed by the scanner. Although typical scanner output would include multiple tens or even hundreds of hosts, you will focus only on the single host contained within the linked scanner output.

 

Remember the context of a ransomware scenario (if needed, review the scenario within Unit I).

 

Your assessment must include the following information:

 

·        Provide an executive summary in narrative form that provides an overview of the scanner output. Remember the business/mission of the CAG, and ensure your summary is written at the appropriate level.

·        Provide a technical assessment targeted at the IT department of the vulnerabilities in the scanner output.

·        Provide details on the remediation actions that you recommend for the top three vulnerabilities from the scanner output.

·        Discuss the potential impacts that can result from not addressing the vulnerabilities revealed in the scanner output.

·        Identify any applicable legal or statutory considerations that organizations must follow to protect information systems and data.

·        Research the state breach notification laws for your state using the Security Breach Notification Laws website. Include your state and a brief description of your state’s laws regarding breach notifications. Ensure you address of your state requires breach notification for ransomware infections.

·        Provide your recommendation on how CAG should approach vulnerability disclosures and where CAG personnel would report ransomware infections. Justify your reasoning.

 

Your paper must be at least four full pages in length. Adhere to APA Style when creating citations and references for this

assignment.

 

Textbook Reference

Grama, J. L. (2022). Legal and privacy issues in information security (3rd ed.). Jones and Bartlett.

https://online.vitalsource.com/#/books/9781284231465