You have just finished defining the vulnerabilities an OS can have. Soon you will perform vulnerability scanning and vulnerability assessments on the security posture of your organization's operating systems. But first, consider your plan of action. Read these two resources to be sure you fully grasp the why's and how's of vulnerability assessments and security updates:
- Vulnerability assessments
- Patches
Then provide the leadership with the following:
- Include a description of the methodology you used to assess the vulnerabilities of the incorporate operating systems.
- Include a description of the applicable tools used, and the limitations of the tools and analyses, if any.
- Include the projected findings from using these vulnerability assessment tools.
In your report, discuss the strength of passwords, any IIS administrative vulnerabilities, SQL server administrative vulnerabilities, and other security updates and management of patches.