In this activity, I conducted a vulnerability assessment for a small business. A vulnerability assessment is the internal review of an organization’s security systems. I evaluated the risks posed by a publicly accessible database server and outlined a remediation plan to secure it.
I’m a newly hired cybersecurity analyst at an e-commerce company. The company stores customer and analytics data on a remote MySQL database server that’s been open to the internet since our launch. Recognizing that public access to this server is a serious vulnerability, I was tasked with assessing and communicating the risks to decision makers.
I reviewed that the server hosts customer and marketing data which is critical for our business operations. I noted that any compromise of this data could result in financial loss, reputational damage, and regulatory penalties. I also recognized that unauthorized changes to the database could disrupt services and undermine customer trust. Therefore, I conducted this assessment to identify vulnerabilities and recommend controls that would secure our assets.
| Threat source | Threat event | Likelihood | Severity | Risk |
|---|---|---|---|---|
| External attacker | Exfiltrate customer data via the open port | 3 | 3 | 9 |
| Insider (employee) | Disrupt database availability by deleting tables | 2 | 3 | 6 |
| Third-party customer | Alter or corrupt business records | 1 | 3 | 3 |
I followed NIST SP 800-30 Rev. 1 guidelines to structure my risk assessment process. I analyzed threat sources and events based on the server’s public exposure and technical configuration. I assigned likelihood scores by considering historical attack data and the ease of network access. I evaluated severity by estimating the potential impact on operations, data confidentiality, and customer trust.
I recommended implementing the principle of least privilege to ensure users have only the permissions they need. I suggested enforcing multi-factor authentication to add a second factor for all database logins. I advised encrypting all traffic with TLS to protect data in transit from interception. I also proposed restricting access to the database by configuring firewall rules or requiring connections through a secure VPN. Finally, I recommended setting up automated alerts and regular security audits to detect and respond to anomalous activity.
By completing this assessment, I documented the server’s configuration and scope, identified and scored key risks, and proposed targeted controls to mitigate them. Applying these recommendations will significantly strengthen the organization’s security posture by reducing exposure and improving detection capabilities.