University Computer Network Vulnerability Management using Nmap and Nexpose

Over the past few years, the advancement of technology in universities have led to rise in the number of vulnerabilities in University computer Network (UCN). To ensure robustness and hardness of UCN, an efficient Vulnerability Management System is required. The focus of current work is on the importance of vulnerability management in a UCN. A plethora of tools are used for vulnerability scanning and assessment. This paper also focuses on the implementation of vulnerability scanning tools on UCN. Assessment of scan results is done to identify vulnerabilities in the network that need to be resolved on priority basis. Based on the scan results obtained after scanning the network using scanning tools, the decision can be taken to mitigate the vulnerabilities on priority basis. Vulnerability Management in a UCN is a stepwise procedure that needs to be implemented to keep the network secure. An effective VM framework is important and inevitable to prevent cyber security breaches in a UCN as it regularly checks for new vulnerabilities on and also provide solutions to remediate or resolve the vulnerabilities. The scanning tools used for the current work were Nmap and Nexpose. Nmap was used for information gathering of network and Nexpose was used for scanning the network for vulnerability detection.

CVSS: Ubiquitous and Broken

The Common Vulnerability Scoring System is at the core of vulnerability management for systems of private corporations to highly classified government networks, allowing organizations to prioritize remediation in descending order of risk. With a lack of justification for its underlying formula, inconsistencies in its specification document, and no correlation to exploited vulnerabilities in the wild, it is unable to provide a meaningful metric for describing a vulnerability's severity, let alone risk. As it stands, this standard compromises the security of America?s most sensitive information systems.

INFLUENCE OF PUBLIC PRIVATE PARTNERSHIPS ON PERFORMANCE OF PROJECTS IN THE HOSPITALITY INDUSTRY IN KENYA

Purpose: The purpose of the study was to examine influence of public private partnerships on performance of projects in the hospitality industry in Kenya. Methodology: This research study adopted a descriptive research design approach. The study preferred this method because it allowed an in-depth study of the subject. The target population was the 215 classified establishments in the hospitality industry spread over different locations in Kenya. The Hotels and Restaurants Authority (HRA) under the Ministry of Tourism is charged with the responsibility of classification. This classification brings about categories such as 5 star, 4 star, 3 star, 2 star and 1 star approved with continuous control on the quality of services offered. Structured and semi structured questionnaires were used to collect data. Data gathered from the questionnaires administered was analyzed by the help of Ms Excel and SPSS version 22, while output was presented inform of frequency tables and charts. The study used both descriptive and inferential statistics to show the relationship between variables. Results and conclusion:The coefficient of determination also called the R2 was 0.634. R2 value of 0.634 means that 63.4% of the corresponding variation in performance of projects in the hospitality industry can be explained or predicted by (government protocol, proof of concept, value for money and vulnerability management) which indicated that the model fitted the study data. The results of regression analysis revealed that there was a significant positive relationship between dependent variable and independent variable at (β = 0.634), p=0.000 <0.05). The findings of the study indicated that government protocol, proof of concept, value for money and vulnerability management have a positive relationship with performance of projects in the hospitality industry in Kenya. Policy recommendation: Finally, the study recommended that institutions should embrace public private partnerships so as to improve performance of projects in the hospitality industry and further researches should to be carried out in other institutions to find out if the same results can be obtained.

Vulnerability Exposure Driven Intelligence in Smart, Circular Cities

In this paper we study the vulnerability management dimension in smart city initiatives. As many cities across the globe invest a considerable amount of effort, resources and budget to modernise their infrastructure by deploying a series of technologies such as 5G, Software Defined Networks and IoT, we conduct an empirical analysis of their current exposure to existing vulnerabilities. We use an updated vulnerability dataset which is further enriched by quantitative research data from independent studies evaluating the maturity and accomplishments of cities in their journey to become smart. We particularly focus on cities that aspire to implement a (data-driven) Circular Economy agenda which we consider to potentially yield the highest risk from a vulnerabilities exposure perspective. Findings show that although a smarter city is attributed with a higher vulnerability exposure, investments on technology and human capital moderate this exposure in a way that it can be reduced.

Vulnerability Management Models Using a Common Vulnerability Scoring System

Vulnerability prioritization is an essential element of the vulnerability management process in data communication networks. Accurate prioritization allows the attention to be focused on the most critical vulnerabilities and their timely elimination; otherwise, organizations may face severe financial consequences or damage to their reputations. In addition, the large amounts of data generated by various components of security systems further impede the process of prioritizing the detected vulnerabilities. Therefore, the detection and elimination of critical vulnerabilities are challenging tasks. The solutions proposed for this problem in the scientific literature so far—e.g., PatchRank, SecureRank, Vulcon, CMS, VDNF, or VEST—are not sufficient because they do not consider the context of the organization. On the other hand, commercial solutions, such as Nessus, F-Secure, or Qualys, do not provide detailed information regarding the prioritization procedure, except for the scale. Therefore, in this paper, the authors present an open-source solution called the Vulnerability Management Center (VMC) in order to assist organizations with the vulnerability prioritization process. The VMC presents all calculated results in a standardized way by using a Common Vulnerability Scoring System (CVSS), which allows security analysts to fully understand environmental components’ influences on the criticality of detected vulnerabilities. In order to demonstrate the benefits of using the the open-source VMC software developed here, selected models of a vulnerability management process using CVSS are studied and compared by using three different, real testing environments. The open-source VMC suite developed here, which integrates information collected from an asset database, is shown to accelerate the process of removal for the critical vulnerabilities that are detected. The results show the practicability and efficacy of the selected models and the open-source VMC software, which can thus reduce organizations’ exposure to potential threats.