Scribd Logo
Upload

Welcome to Scribd!

  • Executive Report - Cyber Security Testing

    Uploaded by

    ghofranah12
    2 views6 pages

    Original Title

    Executive Report - Cyber security testing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views6 pages

    Executive Report - Cyber Security Testing

    Uploaded by

    ghofranah12

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Cyber Security Vulnerabilities Scanning

    Summary report

    Prepared by
    Information Security – Risk Department

    This document is classified as "Confidential” and remains the propriety of (Organization Name) only. If
    you are not the intended recipient of this document then you should not copy/use for any purpose, nor
    disclose its contents to any person. You should contact (Organization Name) to take the appropriate
    action.
    Introduction

    As a part of Cyber security program for ( Organization Name), and to fulfill (regulatory
    body name) requirements, (Organization Name) has conducted cyber security scanning
    for all (Organization Name) network . Even though (Organization Name) has conducted a lot
    of security scans before, this type of scanning considered the most aggressive and
    deepest one.

    Vulnerability management is an ongoing exercise, as newly vulnerabilities have


    been discovered continuously, and much more sophisticated hacking techniques
    and capabilities to be developed.

    This scan has been conducted (date/year), results have been verified by IT
    department administrators, efforts already done during gaps closure and still in
    progress to mitigate the reported vulnerabilities, however some vulnerabilities
    mitigation plans are either relevant to upgrade/replacement projects or applying
    needed patches/updates.

    As the vulnerability scanning should be carried out regularly, next scanning run, as
    scheduled will be (date), a comparison progress report will be provided accordingly.

    Cyber Security Scanning - Summary Report Page | 2


    1. Vulnerabilities summary:
    # of Vulnerabilities
    Category
    Critical High Medium Low

    AIX/Redhat 289 1115 1356 186

    Windows Servers 670 5527 2300 326

    Network Devices 22 249 263 240

    Workstations 2223 10924 1543 178


    (samples)

    ATMs (samples) 21 406 91 6

    Total 3225 18221 5553 963

    2. Overall Dashboard

    Low, 936, 3%

    Medium, 5553, 20%


    Critical, 3225, 12%

    High, 18221, 65% Critical

    High

    Medium

    Low

    Hereunder are the detailed dashboards for each category.

    Cyber Security Scanning - Summary Report Page | 3


    Category Dashboard

    Low, 186, 6%
    Critical, 289,
    10%

    AIX/Redhat
    Medium, 1356,
    46% High, 1115, 38%

    Low, 326, 4% Critical, 670, 7%

    Medium, 2300,
    Window 26%
    s
    Servers High, 5527, 63%

    Critical, 22, 3%
    Low, 240, 31%

    Medium, 263,
    34%
    Networ
    k High, 249, 32%
    Devices

    Cyber Security Scanning - Summary Report Page | 4


    Low, 178, 1%

    Medium, 1543,
    10%
    Critical, 2223,
    Workstations 15%
    (samples)

    High, 10924,
    74%

    Low, 6, 1%
    Critical, 21, 4%

    Medium, 91,
    17%
    ATMs
    (samples)

    High, 406, 78%

    Cyber Security Scanning - Summary Report Page | 5


    3. Remediation Plan /IT feedback
    Category Plan /Feedback
     AIX servers are related to (App name), currently in the phase of
    validating the impact of remediation with the service and once
    we get feedback from all concerned technical team ,will put a
    AIX/Red hat
    plan for the applicable one.

     False positive were initially identified 10-12 %.


     Some Vulnerabilities need a windows updates which is a
    continuous operation tasks.
     Some of the vulnerabilities require restarting after the
    Windows Servers remediation which should be arranged by application owner.
     The applicable remediation which does not need any downtime
    is already started and will provide the result before (date).

     60-70% were closed already and remaining are needs major


    Core Router/ Switches which will need a major upgrade with
    Network Devices downtime.
     The false positive were approximately between 10%-15%.

     The false positive percentages are between 10-20%.


     Windows 10 upgrade project which is already started with Jabal
    Workstations (Samples) Amman as a pilot branch and this will solve 80% of the
    vulnerabilities

     35% of the issue is related to adobe flash player, which needs


    further deep inspections to avoid impact on application itself.
     Currently ATM support team is engaged in installing PCI
    ATMs (Samples) requirement and new certified BWAC5.3 on all ATMs, around
    60% are done now and this should minimize some of the points
    in this report.
     False positive for ATM machines is around 10%.

    Cyber Security Scanning - Summary Report Page | 6

    You might also like