Vulnerability process and assessment memo


Mercury USA is a small- and medium-sized business (SMB) in the transportation sector with 400 employees. 

You’ve just been hired by Mercury USA as the first cyber threat analyst on the team and will work within the existing Information Technology department. Mercury USA has an urgent interest in addressing security vulnerabilities.

Judy “Mac” McNamara, the manager of IT services, said the chief executive officer (CEO) recently learned via a mandatory breach disclosure that a competitor was a victim of ransomware. The firm in question lost a significant amount of intellectual property and customer data and is facing expensive litigation, government fines, and loss of customer confidence. These issues are likely to result in bankruptcy.

Thus, executive management would like to prevent Mercury USA’s critical data (e.g., order data, customer lists, sales leads, Payment Card Industry (PCI) compliance for processing credit, proprietary software) from falling into the wrong hands and threatening the survival of the business.

Message from the CEO

The CEO of Mercury USA has recorded a video message for all employees. Watch this video before starting the projects.

As the cyber threat analyst at Mercury USA, you will be expected to identify security-related issues that hackers could use against the company. You will begin by addressing the security vulnerabilities present in the IT infrastructure of the company and develop a way forward that helps to prevent and deter attacks.

You will be completing three projects for this course:  

Part 1:  Vulnerability Process and Assessment Memo—A two- to three-page memorandum outlining the VM process in which you will use a sample vulnerability scan report to assess security posture and develop a recommended VM process (Week 3)

Part 2:  VM Scanner Background Report—A four- to six-page background report to review a commercial scanning tool and provide a recommendation (Week 5)

Part 3:  Presentation to Management—A five- to 10-slide “pitch” to executive management outlining your assessment of Mercury USA’s security posture, the business need, and seeking a decision on purchasing the commercial tool (Week 7