Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems
Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, w...
Main Authors: | , |
---|---|
Other Authors: | |
Published: |
Monterey, California. Naval Postgraduate School
2012
|
Online Access: | http://hdl.handle.net/10945/7410 |
id |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-7410 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-74102015-08-30T16:00:51Z Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems Sabovich, Jason R. Borst, James A. Buettner, Raymond R. Barreto, Albert Cook, Glenn Information Technology Management Business Administration Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, which did not find a willing audience with the U.S. Army. Instead, the Army adopted Microsoft Systems Management Server (SMS), followed by System Center Configuration Manager (SCCM) 2007 to meet this threat. After more than five years, the rollout of SCCM to all organizations within the U.S. Army is still incomplete. This study provides an overview of the threats facing U.S. Army information systems and looks at how the Army has addressed this challenge in the past. Next, the study takes a system engineering approach to identifying an optimal tool for mitigating third-party vulnerabilities and suggests potential alternatives to SCCM. In addition, the study utilizes a cost benefit analysis approach to aid in evaluating the potential Return on Investment (ROI) provided by each tool. The purpose of this study is to answer the question What is the most optimal solution for mitigating vulnerabilities in third-party applications on U.S. Army information systems 2012-07-30T23:16:06Z 2012-07-30T23:16:06Z 2012-06 Thesis http://hdl.handle.net/10945/7410 Monterey, California. Naval Postgraduate School |
collection |
NDLTD |
sources |
NDLTD |
description |
Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, which did not find a willing audience with the U.S. Army. Instead, the Army adopted Microsoft Systems Management Server (SMS), followed by System Center Configuration Manager (SCCM) 2007 to meet this threat. After more than five years, the rollout of SCCM to all organizations within the U.S. Army is still incomplete. This study provides an overview of the threats facing U.S. Army information systems and looks at how the Army has addressed this challenge in the past. Next, the study takes a system engineering approach to identifying an optimal tool for mitigating third-party vulnerabilities and suggests potential alternatives to SCCM. In addition, the study utilizes a cost benefit analysis approach to aid in evaluating the potential Return on Investment (ROI) provided by each tool. The purpose of this study is to answer the question What is the most optimal solution for mitigating vulnerabilities in third-party applications on U.S. Army information systems |
author2 |
Buettner, Raymond R. |
author_facet |
Buettner, Raymond R. Sabovich, Jason R. Borst, James A. |
author |
Sabovich, Jason R. Borst, James A. |
spellingShingle |
Sabovich, Jason R. Borst, James A. Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
author_sort |
Sabovich, Jason R. |
title |
Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
title_short |
Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
title_full |
Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
title_fullStr |
Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
title_full_unstemmed |
Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems |
title_sort |
remediating third-party software vulnerabilities on u.s. army information systems |
publisher |
Monterey, California. Naval Postgraduate School |
publishDate |
2012 |
url |
http://hdl.handle.net/10945/7410 |
work_keys_str_mv |
AT sabovichjasonr remediatingthirdpartysoftwarevulnerabilitiesonusarmyinformationsystems AT borstjamesa remediatingthirdpartysoftwarevulnerabilitiesonusarmyinformationsystems |
_version_ |
1716817655116070912 |