Lake Point Consulting Services (LPCS) provides security consulting and assurance services to over 500 clients across a wide range of enterprises in more than 20 states. A new initiative at LPCS is for each of its seven regional offices to provide internships to students who are in their final year of the security degree program at the local college.
Predish Real Estate and Auction (PREA) buys and sells high-end residential and commercial real estate across a multistate region. One of the tools that PREA offers is a sophisticated online website that allows potential buyers to take virtual tours of properties. However, PREA’s site was recently compromised by attackers who defaced the site with malicious messages, causing several customers to threaten to withdraw their listings. PREA’s senior management has demanded a top-to-bottom review of their security by an independent third party. LPCS has been hired to perform the review, and they have contracted with you to work on this project.
1. The first task is to perform a vulnerability assessment of PREA. Create a PowerPoint presentation for the president and his staff about the steps in a vulnerability assessment. List in detail the actions under each step and what PREA should expect in the assessment. Your presentation should contain at least 10 slides.
2. One of the activities recommended by LPCS is to perform a penetration test. However, the IT staff is very resistant to the idea and has tried to convince PREA’s senior management that it is too risky and that a vulnerability scan would serve the same purpose. PREA has asked you for your opinion of performing a penetration test or a vulnerability scan. Create a memo that outlines the differences and what your recommendation would be.