Vulnerability Assessment Plan
Computer Sciences and Information Technology
Vulnerability Assessment Plan
Increased cyber-attacks have inclined organizations to seek a vulnerability assessment plan to define, prioritize and classifying vulnerabilities and risks associated with applications and computer and network systems. Cyber crim8nals exploit the existing vulnerability to gain access to the system and network, thus enabling them to commit cybercrimes at the organization’s expense. In this regard, the identification of vulnerabilities enables organizations to address their vulnerabilities through best practices, cyber solutions, and effective countermeasures. In this case, an e-commerce retailer will have different vulnerabilities that will attract cybercriminals and hackers. The vulnerabilities in e-commerce retailers will be evaluated and established from their different hosts. A vulnerability assessment plan on an e-commerce retailer by evaluating its different pertinent hosts will reveal vulnerabilities associated, thus enabling the adoption of effective measures to counter the vulnerabilities.
1. Hosts to an e-commerce retailer
There are different hosts pertinent to the e-commerce retailer. The various hosts include:
1. A2 Hosting
2. HostGator
3. Bluehost
4. SiteGround
5. InMotion
6. DreamHost
2. Access to the hosts and threats associated with them
A2Hosting
The A2Hosting offers e-commerce hosting and remains to be one of the best e-commerce providers. It has different features that include one-click installations for major e-commerce platforms, multiple SSL certificates and Turbo servers for prompt page loads. The A2Hosting vulnerabilities can be accessed through host-based scans that locate and identify vulnerabilities in network hosts, workstations and servers (Zhang, Yan and Zhang, 2018). In this case, the scan examines ports and services through its advanced visibility and configurations settings. The threats and vulnerabilities associated with A2Hosting include Cloudflare network blocks, spams, and harmful email threats.
HostGator
The HostGator hosting provider has the best support services, and it enables it, clients, to easily transfer files using unlimited file transfer protocol and transfer of file using networks (Abubakari, 2019). The HostGator can be accessed through network-based scans to evaluate possible security risks and threats. The threats associated with HostGator include vulnerable systems on wired or wireless networks.
BlueHost
BlueHost is an almost perfect host since it rarely experiences downtimes. The vulnerabilities associated with BlueHost can be accessed through application scans. The application scans the test website and hosts to detect vulnerabilities associated with them (Le, 2014). The vulnerabilities associated with BlueHost include incorrect configurations in web and network applications and software vulnerabilities.
SiteGround
The SiteGround host provides e-commerce businesses with auto-installation e-commerce apps that improve the site’s speed in the interest of the customers. The hosts can be accessed through the application scans to detect the vulnerabilities in the applications and sites (Sabel, 2019). The SiteGround hosts have a wide range of threats that include malicious attacks on the applications, attacks on the files, spam and virus threats, Cloudflare, and DDoS attacks.
InMotion
The InMotion host offers a wide range of scalability that enables the storage of organizational data and VPS hosting to improve organization operations (Sabel, 2019). The vulnerabilities in the InMotion can be accessed through data scans to identify vulnerabilities and weak points in databases. The vulnerabilities surrounding InMotion include malicious attacks (SQL injection attacks), injection of viruses, malware blackmail schemes, and national sponsored attacks.
3. Reasons for the choice of the hosts
The different hosts’ choice is occasioned by their different features, advantages and disadvantages, and the approach they use in hosting e-commerce operations. In this regard, A2 Hosting has different applications and features that can be used to launch attacks due to vulnerabilities associated with them (Zhang, Yan and Zhang, 201tiple SSL certificates for the users’ choice, turbo servers to enable prompt page loads and various significant e-commerce platforms. Additionally, increased site speed options can be exploited in the interest of hackers and attackers.
HostGator hosts choice is occasioned by the unlimited file transfer protocol (FTP) from computers to networks, unlimited bandwidth and unlimited email accounts subject to vulnerabilities and attacks (Abubakari, 2019). The host has increased uptime that increased the chances of attacks and vulnerabilities.
Bluehost host choice is made from its services associated with dedicated Woo-Commerce hosting plans, regular automatic backups and the privacy domain used in the system (Le, 2014). Additionally, the host offers excellent uptimes, affordable pricing and seamless Word Press integrations.
The choice of SiteGround host arises from auto-installations that make the set up much easier and high speed arising from the Content Discovery Networks (CDNs) (Sabel, 2019). Additionally, the host has automatic Word press updates, free automatic daily backups and searchable knowledge base for help and support.
InMotion is chosen its numerous and efficient features that include one-click installation for e-commerce apps, multiple payment methods and PCI compliant VPS and dedicated plans (Sabel, 2019). Additionally, the host consists of highly and effectively trained customer supports and strong shared VPS plans.
4. Vulnerability assessment plan format
The Vulnerability assessment plan will follow the IT Vulnerability Assessment format. In this case, the format is designed to identify and deal with security, risks, and threats associated with information technology. In this regard, the format can be used to evaluate a single IT asset’s vulnerability, such as the host or website or the assessment of the entire business organization. This approach ensures that risks to a network, firewall, server and specific data are addressed (Nagpure and Kurkure, 2017). The potential threats are listed, such as unauthorized users, former employees and hackers. Moreover, vulnerabilities such as employee access to sensitive data, software bugs or insufficient passwords are mentioned.
The vulnerability assessment plan will be presented in different sections, with each section addressing a specific aspect (Nagpure and Kurkure, 2017). The different sections of the vulnerability assessment plan will include a description of the scope of management plans, roles and responsibilities for parties in the development of the plan, policies guidelines to regulate the plan, methods and processes of ranking risks, and remediation steps to be followed.
Additionally, the format will include an inventory of specified components or any information needed by the businesses. Equally important, the format can be customized to meet the business needs and be made possible to understand by the receiving parties (Nagpure and Kurkure, 2017). In this regard, the plan will be received by the executives and other relevant stakeholders. The report will enable the executives, stakeholders and professionals to understand the vulnerabilities, risks and threats facing their e-commerce operations. The information on vulnerabilities will enable them to adopt the necessary mitigation measures as solutions to eliminating the vulnerabilities.
Conclusion
Ecommerce faces a wide range of vulnerabilities as connected to different hosting services, and thus there is a need to understand and define them to eliminate them in the interest of organizational safety and security. The hosts have different inherent vulnerabilities that arise from their different features, and thus additional security and safety measures need to be incorporated in their operation.
References
Nagpure, S., & Kurkure, S. (2017, August). Vulnerability assessment and penetration testing of Web application. In 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA) (pp. 1-6). IEEE.
Sabel, P. (2019). Development of an E-commerce site for UBM FLOWBOARDS.
Le, T. (2014). A website to sell digital images online: an initial step towards the vast e-commerce world.
Abubakari, S. (2019). Importance of Changing Web Space Requirements: a Case of E-Commerce. Diverse Journal of Computer and Information Sciences, 1(1).
Zhang, L., Yan, Q., & Zhang, L. (2018). A computational framework for understanding antecedents of guests’ perceived trust towards hosts on Airbnb. Decision Support Systems, 115, 105-116.
