Module 6: Vulnerabilities
Module 6 Team Activity
Overview
Student teams continue to build a description of the operating environment for their sector-based organization, describing how they would use vulnerability scanning and/or penetration testing to evaluate threat potentials.
Objectives
| Module 6 Learning Objective # | Revised Bloom’s Taxonomy | Team Activity Objectives |
|---|---|---|
| 6.5 | Understand | Identify vulnerability assessment techniques and tools, such as CSET, Nessus, and other assessment tools. |
| 6.6 | Understand | Explain the differences between vulnerability scanning and penetration testing. |
Assignment
Having identified threats that would be likely to impact your sector-based organization in the Module 5 Team Activity, consider how you would use vulnerability scanning and/or penetration testing to evaluate additional threat potentials. What tools would you use, and how could they impact the availability of a real-time control and/or SCADA system?
Look for passive penetration tools and tests that will not take the control and/or SCADA systems down.
Assignment Options
Option 1: Write a 2-page abstract summarizing your team’s rationale for using vulnerability scanning and/or penetration testing. What tools would your team use, and how could these decisions impact the availability of a real-time control and/or SCADA system?
Option 2: Prepare 2–3 presentation slides summarizing your team’s rationale for using vulnerability scanning and/or penetration testing. What tools would your team use, and how could these decisions impact the availability of a real-time control and/or SCADA system?
Grading Criteria Rubric
- Content
- Evidence of teamwork
- References
- Use of American Psychological Association (APA) style in writing the assignment
Grade Points: 100
