SlideShare uma empresa Scribd logo

Security SolutionThe weekly assignment for the course is a compreh.docx

Transferir como DOCX, PDF
K
kaylee7wsfdubill

Security Solution The weekly assignment for the course is a comprehensive assignment. Each week, you will be completing part of this assignment based on the content covered in the week. You will add new content to the report each week to build a comprehensive security solution for an organization. Scenario A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information. The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal, disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security. The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours. The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications. Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure.

Educação
1 de 9
Security Solution The weekly assignment for the course is a comprehensive assignment. Each week, you will be completing part of this assignment based on the content covered in the week. You will add new content to the report each week to build a comprehensive security solution for an organization. Scenario A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information. The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal,
disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security. The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours. The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications.
Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure connection to the home network. In addition, ABC, Inc. wants to implement a computer use policy for its users which explains their responsibilities and the internal and legal implications to users who violate this policy. The intent is to prevent users from indulging in activities which put the company at risk. ABC, Inc. needs to create a charter that describes the following: Hacking Violation of right of ownership Violation of privacy of user's personal data The management of ABC, Inc. decided that adequate security measures must be taken to protect internal data and entrusted Young with the responsibility of creating the security requirements. Young has created the following additional requirements: User authentication must be performed before an employee can logon to the network. The organizational structure is given in Appendix A
. Appendix A : Use the information in the following table to recommend user and group permissions for the organization. Name Role Department/Sub Department Groups David Wong Design Head Design Dsngrp Debbie Howe Database Administrator Information Systems ISgrp Ken Burton Sales and Marketing Head Sales and Marketing SMgrp Jim Lewis Human Resources Head Human Resources HRgrp Tom Wilkins
Network Support Head Information Systems ISgrp Mike Womack Information Systems Head Information Systems ISgrp Diane Frye Inventory Manager Operations ODgrp Jerry Smith Sales Manager Sales and Marketing SMgrp Lee Mitchell Marketing Manager Sales and Marketing SMgrp Ed Young Network Administrator Information Systems ISgrp Sheila Frost Accounts Head
Accounts Accgrp Each department stores its data in separate folders that are shared in a central file server. Measures need to be taken to enable only the users in a department to access the department folder in the central file server. Personnel in a particular department should not be able to access the folder of another department. In addition, a mechanism is required that would record event data on each department folder on the central server. The network administrator will use this data to identify the events that generated security alerts. The computers in the accounts department need to be made secure. Employees in other departments currently use these computers as well. Sensitive data on these computers are accessible to any user who has physical access to the computer. A mechanism needs to be devised by which data belonging to a user on the local machine is accessible to that user only. Young suggests using encryption to secure data on local computers. The OSs installed on the computers need to be updated with the latest patches and fixes. All users in the organization currently use the database. However, only the heads of the departments, the network administrator, and the database administrator should have access to the database. The database administrator should have
full control permissions, the department heads should have modify rights, and the network administrator should have read- only permission on the database. The computers in the marketing department need to be secured when the computers move out of the network. All computers in the organization are run on an outdated OS. The organization has identified that some of the hacking has occurred because computers running on this OS can be accessed from outside the organizational network by using terminal services. The OS needs to be updated and configured to prevent outsiders from accessing the computers. A mechanism is required to check if the computers in the organization are running the latest patches. In addition, a mechanism is required for implementing antivirus in the computers in the organization. You have been hired by this company to suggest ways of securing its technology assets. ABC, Inc. requires you to complete the project and provide detailed recommendations for improving their security in the next five weeks. You will be assigned specific tasks in each of the weeks of this course based on the content covered in the week. As you complete this assignment, you must also realize the importance of describing the implementation of the solution that you propose and explaining how to verify the solution by providing activities to test the security (such as intentionally
using an incorrect password to make sure the system rejects the login attempt). In this week, review the scenario and analyze the security requirements of the organization. On the basis of your understanding, create a 3- to 4-page report in a Microsoft Word document that includes the following: A paragraph summarizing the problems faced by the organization. A list of top five recommendations for implementing better security in the organization and an explanation of how each of these will benefit the organization. Justify the importance in your ranking. Outcomes for your report, such as what implementing your solution will do for the organization; this should be a preliminary report that will evolve as the weeks progress. In addition, respond to the following questions in your report: How does an attack like the one suffered by ABC, Inc. impact consumer confidence in its product? Why would the company wish to remain anonymous during this process? Which basic user policies would you put in place to make sure employees cannot access each other's information? Support your responses with appropriate research, reasoning, and examples. Cite any sources in APA format.
Security SolutionThe weekly assignment for the course is a compreh.docx

Recomendados

IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docx
Mikealay Desta
 
Ass3201 cyber securityassignment
Ass3201 cyber securityassignmentAss3201 cyber securityassignment
Ass3201 cyber securityassignment
harinathinfotech
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
 
Software Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docxSoftware Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docx
whitneyleman54422
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.com
amaranthbeg112
 

Recomendados

IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docx
Mikealay Desta
 
Ass3201 cyber securityassignment
Ass3201 cyber securityassignmentAss3201 cyber securityassignment
Ass3201 cyber securityassignment
harinathinfotech
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
 
Software Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docxSoftware Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docx
whitneyleman54422
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.com
amaranthbeg112
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
amaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.com
amaranthbeg92
 
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
jeanettehully
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_Finalversion
Mamoon Ismail Khalid
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
shyamuop
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
shyamuopfive
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
at MicroFocus Italy ❖✔
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Gross, Mendelsohn & Associates
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
amaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
amaranthbeg55
 
Cain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxCain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docx
RAHUL126667
 
Cyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comCyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.com
robertlesew8
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
amaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
amaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comCyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.com
Davis12a
 
CYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comCYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.com
donaldzs9
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.com
Baileyaby
 
Seeking a complete Excel spreadsheet with cell equations, and answer.docx
Seeking a complete Excel spreadsheet with cell equations, and answer.docxSeeking a complete Excel spreadsheet with cell equations, and answer.docx
Seeking a complete Excel spreadsheet with cell equations, and answer.docx
kaylee7wsfdubill
 
see the attachmentA. Describe each of the three components in th.docx
see the attachmentA. Describe each of the three components in th.docxsee the attachmentA. Describe each of the three components in th.docx
see the attachmentA. Describe each of the three components in th.docx
kaylee7wsfdubill
 

Mais conteúdo relacionado

Semelhante a Security SolutionThe weekly assignment for the course is a compreh.docx

Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
jeanettehully
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
at MicroFocus Italy ❖✔
 
Cain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxCain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docx
RAHUL126667
 

Semelhante a Security SolutionThe weekly assignment for the course is a compreh.docx (20)

Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.com
 
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docxRunning head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
Running head SECURITY ANALYSIS REPORT1SECURITY ANALYSIS REPO.docx
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_Finalversion
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Cain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxCain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docx
 
Cyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comCyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.com
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Cyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comCyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.com
 
CYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comCYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.com
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.com
 

Mais de kaylee7wsfdubill

Security of Health Care RecordsWith the increase of health informa.docx
Security of Health Care RecordsWith the increase of health informa.docxSecurity of Health Care RecordsWith the increase of health informa.docx
Security of Health Care RecordsWith the increase of health informa.docx
kaylee7wsfdubill
 
see attachment1. A key objective of change control in configura.docx
see attachment1. A key objective of change control in configura.docxsee attachment1. A key objective of change control in configura.docx
see attachment1. A key objective of change control in configura.docx
kaylee7wsfdubill
 
Security and Privacy in the 21st CenturyRead the following article.docx
Security and Privacy in the 21st CenturyRead the following article.docxSecurity and Privacy in the 21st CenturyRead the following article.docx
Security and Privacy in the 21st CenturyRead the following article.docx
kaylee7wsfdubill
 
See discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docxSee discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docx
kaylee7wsfdubill
 
See attached file or belowSuppose that there are two (.docx
See attached file or belowSuppose that there are two (.docxSee attached file or belowSuppose that there are two (.docx
See attached file or belowSuppose that there are two (.docx
kaylee7wsfdubill
 
see attached fact sheetObviously, Michelle is upset and would l.docx
see attached fact sheetObviously, Michelle is upset and would l.docxsee attached fact sheetObviously, Michelle is upset and would l.docx
see attached fact sheetObviously, Michelle is upset and would l.docx
kaylee7wsfdubill
 
Section 5 Controlling RiskThis final section combines all of the .docx
Section 5 Controlling RiskThis final section combines all of the .docxSection 5 Controlling RiskThis final section combines all of the .docx
Section 5 Controlling RiskThis final section combines all of the .docx
kaylee7wsfdubill
 
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docx
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docxSection 1–Organizational DescriptionAssignment Length 2–3 pages.docx
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docx
kaylee7wsfdubill
 
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docxSection 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
kaylee7wsfdubill
 
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docxSection 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
kaylee7wsfdubill
 

Mais de kaylee7wsfdubill (20)

Seeking a complete Excel spreadsheet with cell equations, and answer.docx
Seeking a complete Excel spreadsheet with cell equations, and answer.docxSeeking a complete Excel spreadsheet with cell equations, and answer.docx
Seeking a complete Excel spreadsheet with cell equations, and answer.docx
 
see the attachmentA. Describe each of the three components in th.docx
see the attachmentA. Describe each of the three components in th.docxsee the attachmentA. Describe each of the three components in th.docx
see the attachmentA. Describe each of the three components in th.docx
 
See the questions belowA. As you choose a culture or cultu.docx
See the questions belowA. As you choose a culture or cultu.docxSee the questions belowA. As you choose a culture or cultu.docx
See the questions belowA. As you choose a culture or cultu.docx
 
Security of Health Care RecordsWith the increase of health informa.docx
Security of Health Care RecordsWith the increase of health informa.docxSecurity of Health Care RecordsWith the increase of health informa.docx
Security of Health Care RecordsWith the increase of health informa.docx
 
see attachment1. A key objective of change control in configura.docx
see attachment1. A key objective of change control in configura.docxsee attachment1. A key objective of change control in configura.docx
see attachment1. A key objective of change control in configura.docx
 
See attached document for additional guidance How are your two phi.docx
See attached document for additional guidance How are your two phi.docxSee attached document for additional guidance How are your two phi.docx
See attached document for additional guidance How are your two phi.docx
 
Security PaperResearch one of the following topicsA couple of t.docx
Security PaperResearch one of the following topicsA couple of t.docxSecurity PaperResearch one of the following topicsA couple of t.docx
Security PaperResearch one of the following topicsA couple of t.docx
 
Security and Privacy in the 21st CenturyRead the following article.docx
Security and Privacy in the 21st CenturyRead the following article.docxSecurity and Privacy in the 21st CenturyRead the following article.docx
Security and Privacy in the 21st CenturyRead the following article.docx
 
See attached file. Your work should be submitted in a Word docume.docx
See attached file. Your work should be submitted in a Word docume.docxSee attached file. Your work should be submitted in a Word docume.docx
See attached file. Your work should be submitted in a Word docume.docx
 
See discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docxSee discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docx
 
See attached file or belowSuppose that there are two (.docx
See attached file or belowSuppose that there are two (.docxSee attached file or belowSuppose that there are two (.docx
See attached file or belowSuppose that there are two (.docx
 
Security Support Responsibilities Please respond to the following.docx
Security Support Responsibilities Please respond to the following.docxSecurity Support Responsibilities Please respond to the following.docx
Security Support Responsibilities Please respond to the following.docx
 
see attached fact sheetObviously, Michelle is upset and would l.docx
see attached fact sheetObviously, Michelle is upset and would l.docxsee attached fact sheetObviously, Michelle is upset and would l.docx
see attached fact sheetObviously, Michelle is upset and would l.docx
 
Security Monitoring  Please respond to the followingConsidering.docx
Security Monitoring  Please respond to the followingConsidering.docxSecurity Monitoring  Please respond to the followingConsidering.docx
Security Monitoring  Please respond to the followingConsidering.docx
 
Section 5 Controlling RiskThis final section combines all of the .docx
Section 5 Controlling RiskThis final section combines all of the .docxSection 5 Controlling RiskThis final section combines all of the .docx
Section 5 Controlling RiskThis final section combines all of the .docx
 
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docx
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docxSection 1–Organizational DescriptionAssignment Length 2–3 pages.docx
Section 1–Organizational DescriptionAssignment Length 2–3 pages.docx
 
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docxSection 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
Section 1 MS Project Exercise1. Develop a multilevel work breakdo.docx
 
Second Wave Feminism, gained strength during the 1970s. For this .docx
Second Wave Feminism, gained strength during the 1970s. For this .docxSecond Wave Feminism, gained strength during the 1970s. For this .docx
Second Wave Feminism, gained strength during the 1970s. For this .docx
 
Search the Internet for pertinent information that supports the inte.docx
Search the Internet for pertinent information that supports the inte.docxSearch the Internet for pertinent information that supports the inte.docx
Search the Internet for pertinent information that supports the inte.docx
 
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docxSection 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) directs the SE.docx
 

Último

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Security SolutionThe weekly assignment for the course is a compreh.docx

  • 1. Security Solution The weekly assignment for the course is a comprehensive assignment. Each week, you will be completing part of this assignment based on the content covered in the week. You will add new content to the report each week to build a comprehensive security solution for an organization. Scenario A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information. The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal,
  • 2. disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security. The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours. The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications.
  • 3. Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure connection to the home network. In addition, ABC, Inc. wants to implement a computer use policy for its users which explains their responsibilities and the internal and legal implications to users who violate this policy. The intent is to prevent users from indulging in activities which put the company at risk. ABC, Inc. needs to create a charter that describes the following: Hacking Violation of right of ownership Violation of privacy of user's personal data The management of ABC, Inc. decided that adequate security measures must be taken to protect internal data and entrusted Young with the responsibility of creating the security requirements. Young has created the following additional requirements: User authentication must be performed before an employee can logon to the network. The organizational structure is given in Appendix A
  • 4. . Appendix A : Use the information in the following table to recommend user and group permissions for the organization. Name Role Department/Sub Department Groups David Wong Design Head Design Dsngrp Debbie Howe Database Administrator Information Systems ISgrp Ken Burton Sales and Marketing Head Sales and Marketing SMgrp Jim Lewis Human Resources Head Human Resources HRgrp Tom Wilkins
  • 5. Network Support Head Information Systems ISgrp Mike Womack Information Systems Head Information Systems ISgrp Diane Frye Inventory Manager Operations ODgrp Jerry Smith Sales Manager Sales and Marketing SMgrp Lee Mitchell Marketing Manager Sales and Marketing SMgrp Ed Young Network Administrator Information Systems ISgrp Sheila Frost Accounts Head
  • 6. Accounts Accgrp Each department stores its data in separate folders that are shared in a central file server. Measures need to be taken to enable only the users in a department to access the department folder in the central file server. Personnel in a particular department should not be able to access the folder of another department. In addition, a mechanism is required that would record event data on each department folder on the central server. The network administrator will use this data to identify the events that generated security alerts. The computers in the accounts department need to be made secure. Employees in other departments currently use these computers as well. Sensitive data on these computers are accessible to any user who has physical access to the computer. A mechanism needs to be devised by which data belonging to a user on the local machine is accessible to that user only. Young suggests using encryption to secure data on local computers. The OSs installed on the computers need to be updated with the latest patches and fixes. All users in the organization currently use the database. However, only the heads of the departments, the network administrator, and the database administrator should have access to the database. The database administrator should have
  • 7. full control permissions, the department heads should have modify rights, and the network administrator should have read- only permission on the database. The computers in the marketing department need to be secured when the computers move out of the network. All computers in the organization are run on an outdated OS. The organization has identified that some of the hacking has occurred because computers running on this OS can be accessed from outside the organizational network by using terminal services. The OS needs to be updated and configured to prevent outsiders from accessing the computers. A mechanism is required to check if the computers in the organization are running the latest patches. In addition, a mechanism is required for implementing antivirus in the computers in the organization. You have been hired by this company to suggest ways of securing its technology assets. ABC, Inc. requires you to complete the project and provide detailed recommendations for improving their security in the next five weeks. You will be assigned specific tasks in each of the weeks of this course based on the content covered in the week. As you complete this assignment, you must also realize the importance of describing the implementation of the solution that you propose and explaining how to verify the solution by providing activities to test the security (such as intentionally
  • 8. using an incorrect password to make sure the system rejects the login attempt). In this week, review the scenario and analyze the security requirements of the organization. On the basis of your understanding, create a 3- to 4-page report in a Microsoft Word document that includes the following: A paragraph summarizing the problems faced by the organization. A list of top five recommendations for implementing better security in the organization and an explanation of how each of these will benefit the organization. Justify the importance in your ranking. Outcomes for your report, such as what implementing your solution will do for the organization; this should be a preliminary report that will evolve as the weeks progress. In addition, respond to the following questions in your report: How does an attack like the one suffered by ABC, Inc. impact consumer confidence in its product? Why would the company wish to remain anonymous during this process? Which basic user policies would you put in place to make sure employees cannot access each other's information? Support your responses with appropriate research, reasoning, and examples. Cite any sources in APA format.