case study - assignment jcu - mit
TRANSCRIPT
-
7/31/2019 Case Study - Assignment JCU - MIT
1/4
Case Study (Assignment) MIT
Case studyA small pharmaceutical organization has employed an external contractor to maintain their network and systems. The organization has lack of technical expertise and had given all
authority to the external contractor to implement and maintain their network. Due to the lack of technical expertise, no one from the organization has been overseeing the project.
There are several human resource issues that have now come to light as well as some technicalissues. The contractor has not installed the network as specified and has installed a complexsolution in order to get employment after the contract ends through maintenance. Thefollowing are identified issues:
The current solution uses Windows 2000 as the base server to run terminal sessions for all machines i.e they must login to terminal services to use any application. All of the
applications are installed on the server, and remote access to the terminal services is possible from the contractor site.
The clients run Windows XP
The main database server (Windows 2003) is running a large SQL database (1.3TB) of customer data.
The servers are not purchased by the organization
No licenses (for all software) can be found
The network has been experiencing heavy usage on the weekend, but was not checked
There is no documentation for any of the setup
There is no firewall in existence apart from a very basic NAT at the Internet Gateway.
There is no backup
There is no basic security policies implemented (Eg. Password policy etc.)
There is no documented list of accounts, rights or usernames
The network performance is unacceptable and there are frequent outages
There is no documented policy and all users are not aware of any security policies thatthey have to adhered to
There is no content filtering
All back-end servers are running with default configuration
All systems were not patched since the contractor took over
1 | P a g e
-
7/31/2019 Case Study - Assignment JCU - MIT
2/4
Case Study (Assignment) MIT
The servers are located in a room where all users have physical access
No proper logs were maintained
2 | P a g e
-
7/31/2019 Case Study - Assignment JCU - MIT
3/4
Case Study (Assignment) MIT
Deliverables
1. What are the risks/threats that this company faces? You are required to document a risk
assessment table.
The risk assessment table should include identified assets, assets impact, vulnerability,vulnerability likelihood, risk-rating factor.
(10 marks)
2. What are the types of attacks that you foresee?
a. Briefly explain each attack and their impact?
(5 marks)
3. What are your solutions (countermeasures) and justifications to this company? Your solution should include the following areas:
Linking business objectives with security Ethical issues in information security management Security training and education Defending against Internet-based attacks Personnel issues in Information security Physical security issues in Information security Other security related areas thats relevant to the case study
(20 marks)
4. What are other future recommendations that you would propose to this organization?
(5 marks)
3 | P a g e
-
7/31/2019 Case Study - Assignment JCU - MIT
4/4
Case Study (Assignment) MIT
You should provide 4 parts in a final report. For submission instructions, follow:
Submission Instructions
The report should be set out in the following manner:
Report should contain 2500-3500 words
11 point Times New Roman
1.5 line spaced
Margins set to 2.5 cm
Justification block justified
Footer Should contain your JCU StudentID and Full Name (8 point type) and a Page
Number The report should contain an index and have appropriate headings and sub headings
The style of the report is a business report and as such it is expected that you present a professional report in both format and style
4 | P a g e