case study - assignment jcu - mit

7/31/2019 Case Study - Assignment JCU - MIT

1/4

Case Study (Assignment) MIT

Case studyA small pharmaceutical organization has employed an external contractor to maintain their network and systems. The organization has lack of technical expertise and had given all

authority to the external contractor to implement and maintain their network. Due to the lack of technical expertise, no one from the organization has been overseeing the project.

There are several human resource issues that have now come to light as well as some technicalissues. The contractor has not installed the network as specified and has installed a complexsolution in order to get employment after the contract ends through maintenance. Thefollowing are identified issues:

The current solution uses Windows 2000 as the base server to run terminal sessions for all machines i.e they must login to terminal services to use any application. All of the

applications are installed on the server, and remote access to the terminal services is possible from the contractor site.

The clients run Windows XP

The main database server (Windows 2003) is running a large SQL database (1.3TB) of customer data.

The servers are not purchased by the organization

No licenses (for all software) can be found

The network has been experiencing heavy usage on the weekend, but was not checked

There is no documentation for any of the setup

There is no firewall in existence apart from a very basic NAT at the Internet Gateway.

There is no backup

There is no basic security policies implemented (Eg. Password policy etc.)

There is no documented list of accounts, rights or usernames

The network performance is unacceptable and there are frequent outages

There is no documented policy and all users are not aware of any security policies thatthey have to adhered to

There is no content filtering

All back-end servers are running with default configuration

All systems were not patched since the contractor took over

1 | P a g e


2/4


The servers are located in a room where all users have physical access

No proper logs were maintained

2 | P a g e


3/4


Deliverables

1. What are the risks/threats that this company faces? You are required to document a risk

assessment table.

The risk assessment table should include identified assets, assets impact, vulnerability,vulnerability likelihood, risk-rating factor.

(10 marks)

2. What are the types of attacks that you foresee?

a. Briefly explain each attack and their impact?

(5 marks)

3. What are your solutions (countermeasures) and justifications to this company? Your solution should include the following areas:

Linking business objectives with security Ethical issues in information security management Security training and education Defending against Internet-based attacks Personnel issues in Information security Physical security issues in Information security Other security related areas thats relevant to the case study

(20 marks)

4. What are other future recommendations that you would propose to this organization?

(5 marks)

3 | P a g e


4/4


You should provide 4 parts in a final report. For submission instructions, follow:

Submission Instructions

The report should be set out in the following manner:

Report should contain 2500-3500 words

11 point Times New Roman

1.5 line spaced

Margins set to 2.5 cm

Justification block justified

Footer Should contain your JCU StudentID and Full Name (8 point type) and a Page

Number The report should contain an index and have appropriate headings and sub headings

The style of the report is a business report and as such it is expected that you present a professional report in both format and style

4 | P a g e

case study - assignment jcu - mit

Documents