Security
Solution
The weekly assignment for the course is a comprehensive assignment. Each week, you will be completing part of this assignment based on the content covered in the week. You will add new content to the report each week to build a comprehensive security solution for an organization.
Scenario
A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information.
The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal, disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security.
The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours.
The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications.
Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure.
Security SolutionThe weekly assignment for the course is a compreh.docx
1. Security
Solution
The weekly assignment for the course is a comprehensive
assignment. Each week, you will be completing part of this
assignment based on the content covered in the week. You will
add new content to the report each week to build a
comprehensive security solution for an organization.
Scenario
A tire manufacturing company, who wishes to be called ABC,
Inc. to protect its privacy, has recently fallen victim to a
cybercrime. The customer information and some of its
proprietary technology were compromised in the attack. This
company has been in the business for pretty long and enjoys a
big market share. If its identity is disclosed, the attack has the
potential to cause it to lose customer confidence. Also, some of
its competitors are constantly looking for opportunities to hack
the company's important strategic and functional information.
The company's head, Dermot Reed, is very concerned about the
situation because a recent study shows that some of its
competitors have started using its techniques. The source of the
attack remains unknown. It could be that an internal,
2. disgruntled, or greedy employee has been involved in the attack
or has been revealing important information to its competitors.
Moreover, there have been several attempts of hacking in the
past that have been unsuccessful, prior to the incident. Ed
Young, the network administrator, has requested a budget for a
system overhaul to rebuild the infrastructure of the organization
with an emphasis on security.
The company does not have anything currently in terms of true
security measures. Young is competent but has limited
understanding of attack methodologies. The attacks were
thwarted mainly due to automated antivirus programs installed
on the servers. ABC, Inc. has a network with four servers that
cater to around 450 employees. ABC, Inc. keeps track of its
data using a MySQL database. However, some of the data is
found to be incorrect in its database since somebody has
modified it outside of normal business operation hours.
The database server is used for updating the inventory records.
The database contains information about quantity of raw
materials available, quantity of finished products, price of
finished products, etc. Users from across the organization use
the database to access different information. Therefore,
availability of the server is critical. Young would like a
recommendation from you on the fault-tolerance mechanism that
can ensure uninterrupted business and security on the database
to prevent unauthorized modifications.
3. Ken Burton, the sales and marketing head is worried about the
security of the laptops that the sales and marketing personnel
carry with them while traveling. Burton has previously reported
that data on these laptops has been leaked or hacked when these
laptops are outside the organization network. Burton wants a
system by which these computers can be secured while they
move out of the organizational network and still maintain a
secure connection to the home network.
In addition, ABC, Inc. wants to implement a computer use
policy for its users which explains their responsibilities and the
internal and legal implications to users who violate this policy.
The intent is to prevent users from indulging in activities which
put the company at risk. ABC, Inc. needs to create a charter that
describes the following:
Hacking
Violation of right of ownership
Violation of privacy of user's personal data
The management of ABC, Inc. decided that adequate security
measures must be taken to protect internal data and entrusted
Young with the responsibility of creating the security
requirements. Young has created the following additional
requirements:
User authentication must be performed before an employee can
logon to the network. The organizational structure is given in
Appendix A
4. .
Appendix A
: Use the information in the following table to recommend user
and group permissions for the organization.
Name
Role
Department/Sub Department
Groups
David Wong
Design Head
Design
Dsngrp
Debbie Howe
Database Administrator
Information Systems
ISgrp
Ken Burton
Sales and Marketing Head
Sales and Marketing
SMgrp
Jim Lewis
Human Resources Head
Human Resources
HRgrp
Tom Wilkins
5. Network Support Head
Information Systems
ISgrp
Mike Womack
Information Systems Head
Information Systems
ISgrp
Diane Frye
Inventory Manager
Operations
ODgrp
Jerry Smith
Sales Manager
Sales and Marketing
SMgrp
Lee Mitchell
Marketing Manager
Sales and Marketing
SMgrp
Ed Young
Network Administrator
Information Systems
ISgrp
Sheila Frost
Accounts Head
6. Accounts
Accgrp
Each department stores its data in separate folders that are
shared in a central file server. Measures need to be taken to
enable only the users in a department to access the department
folder in the central file server. Personnel in a particular
department should not be able to access the folder of another
department.
In addition, a mechanism is required that would record event
data on each department folder on the central server. The
network administrator will use this data to identify the events
that generated security alerts.
The computers in the accounts department need to be made
secure. Employees in other departments currently use these
computers as well. Sensitive data on these computers are
accessible to any user who has physical access to the computer.
A mechanism needs to be devised by which data belonging to a
user on the local machine is accessible to that user only. Young
suggests using encryption to secure data on local computers.
The OSs installed on the computers need to be updated with the
latest patches and fixes.
All users in the organization currently use the database.
However, only the heads of the departments, the network
administrator, and the database administrator should have
access to the database. The database administrator should have
7. full control permissions, the department heads should have
modify rights, and the network administrator should have read-
only permission on the database.
The computers in the marketing department need to be secured
when the computers move out of the network.
All computers in the organization are run on an outdated OS.
The organization has identified that some of the hacking has
occurred because computers running on this OS can be accessed
from outside the organizational network by using terminal
services. The OS needs to be updated and configured to prevent
outsiders from accessing the computers.
A mechanism is required to check if the computers in the
organization are running the latest patches. In addition, a
mechanism is required for implementing antivirus in the
computers in the organization.
You have been hired by this company to suggest ways of
securing its technology assets. ABC, Inc. requires you to
complete the project and provide detailed recommendations for
improving their security in the next five weeks. You will be
assigned specific tasks in each of the weeks of this course based
on the content covered in the week.
As you complete this assignment, you must also realize the
importance of describing the implementation of the solution that
you propose and explaining how to verify the solution by
providing activities to test the security (such as intentionally
8. using an incorrect password to make sure the system rejects the
login attempt).
In this week, review the scenario and analyze the security
requirements of the organization. On the basis of your
understanding, create a 3- to 4-page report in a Microsoft Word
document that includes the following:
A paragraph summarizing the problems faced by the
organization.
A list of top five recommendations for implementing better
security in the organization and an explanation of how each of
these will benefit the organization. Justify the importance in
your ranking.
Outcomes for your report, such as what implementing your
solution will do for the organization; this should be a
preliminary report that will evolve as the weeks progress.
In addition, respond to the following questions in your report:
How does an attack like the one suffered by ABC, Inc. impact
consumer confidence in its product? Why would the company
wish to remain anonymous during this process?
Which basic user policies would you put in place to make sure
employees cannot access each other's information?
Support your responses with appropriate research, reasoning,
and examples.
Cite any sources in APA format.