Your boss, Judy “Mac” McNamara, thought you did a great job on your Vulnerability Management Process recommendation and analysis of the OpenVAS vulnerability report. However, the boss doesn’t think the free OpenVAS tool will provide the high-level presentation reporting and support needed by Mercury USA. Now, Judy would like you to evaluate the leading commercial vulnerability scanner, Nessus.
Fortunately, Judy had asked someone in the IT department to install and configure a 30-day evaluation copy of Nessus. She hands you a recent Nessus report from IT that has a few more systems added, and with a wry smile adds, “It looks like there’s some really bad stuff in there!”
Judy would like you to provide an analysis of the report. You decide to highlight what you think the company should address first and how you would mitigate some of the top threats.
In addition, Judy wants to know your thoughts on Nessus, since it’s expensive. You now realize that you need to ensure due diligence has been performed before making a purchase recommendation to executive management.
Project 2: VM Scanner Background Report—A four- to six-page background report to review a commercial scanning tool and provide a recommendation
