In the sector, there is growing worry about instruments that can do vulnerability assessments effectively and efficiently. In the sector, there is growing worry about instruments that can do vulnerability assessments effectively and efficiently. This argument stems from the fact that the contemporary information and technology business contains a few vulnerability scanners, both commercial and open source (Kim & Feamster, 2013). Indeed, the increased interchange of information via such sources has resulted in the challenge of such information. Questions have been raised about the sensitivity of information stored in Reston, Virginia, as well as the way of data transmission over WAN to New York City, business partners, or subsidiaries (Tenable Network Security, 2015). The aspect demonstrates the importance of increasing network security for every firm. This study aims at providing an executive proposal on improving information security for the Information Assurance Research Corporation, one of the fictitious companies existing in the industry.
Description of the Software and Its Benefits
Nessus is described as commercial instrument information, which is powerful as well as easy to use network security scanner which possesses a broad plugin database whose update is daily. The product is currently the leading brand on a list of the top goods of its kind in the entire industry of information security, whose endorsement has been done by the organizations of professional security like SANS Institute (Tenable Network Security, 2015). Tenable Nessus has gained support from the famous research team in the world and possesses a wider knowledge base of vulnerabilities which has continual updates.
The software measures the security posture of the firm by identifying vulnerabilities and helping to prevent the future attacks and deterring any unknown real-time threats. The benefit of this product is that it will make it possible for a person to remotely assess a particular network and as well determine whether it has been used in an accepted manner. Another advantage is that it will offer the ability to assess the machine for compliance specifications, content policy violations, and vulnerabilities among others locally (Kim & Feamster, 2013). Also, with the Tenable Nessus, the users will have the ability receive the immediate access to manage the scheduled scans from the software web interface for different forms of audits.
Reviews, Case Studies, and Customer Recommendations
Research has been carried out to examine how efficient this software has been in addressing the issues of vulnerability with an industry of information security. No doubt, new vulnerabilities have been made public by researchers and vendors among other sources on a daily basis (Tenable Network Security, 2015). The analysis of the case shows that the company in the case has suspected the infiltration of its network by unauthorized sources.
Thus, the recommendation for Tenable Nessus is based on the fact that it will seek to have the checks for most of the vulnerabilities that have been recently published that are tested and available immediately, within one day of disclosure. Such checks for a particular is referred to as by the Nessus as a plugin. Additionally, if Nessus is installed with an evaluation license, a recommendation would be that it is uninstalled prior to upgrading it to a copy that is fully licensed. Therefore, any policies or scan results established can be exported and as well re-imported into the latest installation (Kim & Feamster, 2013).
Hands-on Experience with the Tool and the Test Results
The Nessus software is the best based on my hands-on experience while using it and the resulting test results. I am certain that the attacks of DoS and those of the organization's defacement of the public website will be managed using Tenable Nessus (Tenable Network Security, 2015). I have used Nessus ProfessionalFeed and found it effective to solve the issues of vulnerabilities of information security for an organization. For instance, it makes it possible for the users make scans of their network, get support, and updates to the database of compliance auditing as well the vulnerability checks.
Cost of the Product
During the deployment of this product, it is important to consider the additional costs that will be incurred. Since this is new software incorporated into an existing network of the company, it will be important to train the executive team on various aspects such as how to use it to check for the attacks and also obtain the test results for analysis. Tenable Nessus training is significant as it will equip the users with the product and technical knowledge that is relevant to them (Tenable Network Security, 2015). The product also will require Nessus Manager and Nessus Cloud which are capable of designating scans to Nessus Agents connected to it.
The Effect of the Software on the Environment
The Tenable Nessus software impacts the production environment which contains a blend of Microsoft and *NIX technologies in several ways while checking for the Denial of Service attacks or any other attack. Such environment involves the technological aspects summarized in Figure 2 below. In a broader positive perspective, this product will cut down the workload of executive staffs who are dedicated to monitoring of the network security of the company, shown in Figure 1. On the other hand, the is fear that production process of the company may be slowed during the installation of the software because of the network protocols involved, but with time, the Denial of Service checks will be faster and thus making the operations of the organization faster. On the other, this product can fail to work effectively for the unsupported systems. This scenario is based on the fact that the software is associated with security robustness which needs to be considered during the implementation (Hunt & Zeadally, 2012). Moreover, there is a necessity for the executive team of the company to note that the unsupported systems are limited in their applications and thus need to be treated carefully (Kim & Feamster, 2013).
Nessus is today's leading product on a list of the top products of its kind in the entire industry of information security. Its endorsement has been done by the professional security firm like SANS Institute is an additional consideration for its deployment in Information Assurance Corporation. Thus, it is strongly recommended that Tenable Nessus should be implemented to address the security vulnerabilities facing the organization such as Denial of Service attacks among others.
Each organization considers cybersecurity an essential and integral component of its operations. Information and Communication Technology teams in organizations today-seasoned, experienced and upcoming- have to develop techniques and systems of dealing with developing challenges in the changing landscape of cybersecurity. Information Assurance is one such company in the world today that has experienced challenges brought by the changing cybersecurity landscape (Carey, Russ, Criscuolo & Petruzzi, 2015). A few years ago, the company faced several Denial of Service attacks. Subsequently, it damaged the reputation of Information Assurance in many ways and greatly. The company could no longer counter the attack successfully. It is for this reason that Information Assurance should put in place adequate systems that can deal with such situations in future. To achieve, the company must carry out penetration testing/evaluation on standardized grounds. This will the Information and Communication Technology teams to detect software and hardware vulnerabilities present in the system (Thorn, 2016).
Conducting a penetration evaluation test will help in ascertaining installed security protocols. The exercise also determines whether the installation was done correctly. Getting proper information on these aspects helps in understanding the security levels of the hardware and software and determining if they are prone to bugs and malware (Nessus Features, 2014). Systems of application put in place by organizations and managed by a team of ICT experts should be well evaluated and tested. This research proposal makes puts Nessus Tenable as the most recommended tool. It is a software security testing gadget in Information and Communication Technology systems with the capacity to keep off system hackers from accessing important resources gained, used and stored by organizations. Information Assurance Company is susceptible to cyber-attacks without this security testing tool. It is common knowledge that the effects of such attacks would detrimental to the business and operations of the company (Carey, Russ, Criscuolo & Petruzzi, 2015).
The Proposed System: Tenable Network Security System
To highlight and address weaknesses in Information Assurance's security system, the company would have to acquire the most appropriate susceptibility testing scanner (Carey, Russ, Criscuolo & Petruzzi, 2015). Acquisition of the best scanner makes it possible for ICT experts to determine whether weaknesses in the system can be exploited by cybersecurity hackers or not. In the process, experts will use the same results to seal any loopholes within the system way before security system hackers get an opportunity to damage the reputation of Information Assurance. Security system hackers have a tendency of putting a malfunction to the normal business processes of organizations, institutions and companies. They do this by stealing important information acquired, used, stored and transferred by the company (Thorn, 2016). It is important to put in mind that Information Assurance is a startup medial research and development company. It has the history of exemplary performance in innovative medical and pharmaceutical products. Automatically, any form of theft would result in unprecedented and detrimental effects from which Information Assurance may never recover.
The Experience, Reviews and Recommendations
To take of Information Assurance's future business needs, the company will have to use the Tenable Network Security System. The system has the capacity to change security technology in a way that no any other network can do (Nessus Features, 2014). The change takes place comprehensively with solutions visible presently and in future. With this, the ICT team of experts will have immense abilities to safeguard Information Assurance. It gets rid of grey areas in security system of any company, makes threats in the system a priority, and minimizes publicity as well as related losses.
Nessus Tenable boasts of more than a million users across the globe and in excess of 20,000 business clients (Thorn, 2016). It is sufficient evidence that business institutions believe in Tenable Network Security System for reliable and trustworthy innovation in security matters. Being a startup medical research and development company, Information Assurance needs to learn from the experience of renowned and reputable companies worldwide that use Tenable Network Security System. Such companies and institutions include the US Depart of Defense, Fortune Global 500 companies, Small-and-Medium Enterprises (SMEs), companies in the energy sector among them Exxon Mobil and BP (Nessus Features, 2014). Other companies are in the fiancé sector, higher education, healthcare as well as many government parastatals.
The management at Information Assurance ought to comprehend that putting in place a totally new ICT system, fast, adequately and installing it fully is not possible considering threats posed in the cybersecurity landscape (Thorn, 2016). Tenable Network Security System and its partners offer services that cut down on vulnerability at the right speed. It will help Information Assurance attain value for its investments. All its partners are certified by government and associations regulatory authorities. Tenable Network Security System puts in place various through which Information Assurance will benefit (Nessus, n.d.). Identified measures include among others fast alternatives of deployment, advisory seminars and routine workshops, scheduled health assessments and client operations. The measures will support Information Assurance on its quest to get total capacities of its investment in the medical research and development. The functioning of Tenable Network Security System supersedes customary installation services that remain primary in nature. The system becomes a partner of the institution, company or organization to ensure that it succeeds. Success is experienced before deployment, during and after.
Impact
Tenable Network Security System brings together sets of testing abilities. Listed among them are scanning exercises that use agents and those that do not. The capabilities will support Information Assurance in testing/scanning more assets often (Tenable Network Security Nessus, n.d.) The system also detects susceptible areas besides isolating configurations that were done improperly. Information Assurance will also have many types of assessments. Among them is susceptibility scanning that evaluates networks, systems of application and applications that are prone to attack. The other form of assessment is configuration auditing. With this in place, Information Assurance will have ICT assets that are certified by relevant bodies to meet set standards. Configurations of audit systems, compliance assessments and standardized content will be up to date (Carey, Russ, Criscuolo & Petruzzi, 2015). Malware detection is another type of assessment offered by Tenable Network Security System. It will also cover infectious software. It also provides precise formats for reports including CSV, XML, HTML and PDF (Tenable Network Security Nessus, 2015). The vulnerability scanner delivered by Tenable Network Security System is the best tool that isolates weaknesses in the entire system. In the process, it will play a significant part in eliminating susceptibilities in addition to dangerous cyber-attacks.
Conclusion
Information Assurance remains a central target for theft courtesy of the type of business it runs. The company invests more in innovation and stands as a prime target. Without a proper ICT system, it can lose valuable, confidential and significant information pertaining to its areas of specialization. It is for this reason that I recommend that the Executive acquires and installs the Tenable Network Security System. From the research I conducted, buying five subscriptions will serve the company considering its stature in the market. ICT experts will effectively use the systems to spot, intervene and correct any security attacks. The team will also get the muscle to assess all remote, mobile, and physical and machines. Information Assurance Company will the expense of ensuring that all members in the ICT department are trained in the Tenable Network Security System. The training will ensure the company gets good value of installing the system. Once completed, every graduate will receive a Nessus Certificate. The cost is fairly affordable and worth the investment.
References
Hunt, R & Zeadally, S. (2012). Network Forensics: An Analysis of Techniques, Tools, and Trends. Computer, 45(12), 36-43.
Kim, H & Feamster, N. (2013). Improving network management with software defined networking. Communications Magazine, IEEE, 51(2), 114-9.
Tenable Network Security. (2015). Tenable Network Security.
