A security professional should understand the vulnerabilities of a CIS before selecting and implementing effective

countermeasures. The vulnerability report is an important tool for identifying, interpreting, and understanding the vulnerabilities.

Consider the following scenario: You are a new security administrator in the credit card division of a multinational bank. Your division deals with personally identifiable information of the bank’s cardholders. To comply with regulations on personally identifiable information, you need to perform monthly network vulnerability scans. The previous security administrator ran frequent vulnerability scans, but had a hard time getting anyone to address the findings. You plan to develop a process for monthly scanning and remediation, including how to handle exceptions when the report shows a false positive or when the business needs more time to address an issue. You have a copy of the latest vulnerability report. Refer to the “Nessus Full Network Scan, Detailed Findings” web resource from the Learning Resources. The report lists server names, vulnerabilities, and the severity of these vulnerabilities. Each vulnerability has an associated Common Vulnerabilities and Exposures (CVE) number. Refer to the Common Vulnerabilities and Exposures website (http://cve.mitre.org) which explains the vulnerabilities in depth.

For this Assignment, create 4- to 6-page summary that summarizes your interpretations of the Nessus report and your recommendations to address the reported vulnerabilities. Cover the following points in your paper: