Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Scenario A tire manufacturing company, who wishes to be called ABC, Inc. to prot

ID: 3773532 • Letter: S

Question

Scenario

A tire manufacturing company, who wishes to be called ABC, Inc. to protect its privacy, has recently fallen victim to a cybercrime. The customer information and some of its proprietary technology were compromised in the attack. This company has been in the business for pretty long and enjoys a big market share. If its identity is disclosed, the attack has the potential to cause it to lose customer confidence. Also, some of its competitors are constantly looking for opportunities to hack the company's important strategic and functional information.

The company's head, Dermot Reed, is very concerned about the situation because a recent study shows that some of its competitors have started using its techniques. The source of the attack remains unknown. It could be that an internal, disgruntled, or greedy employee has been involved in the attack or has been revealing important information to its competitors. Moreover, there have been several attempts of hacking in the past that have been unsuccessful, prior to the incident. Ed Young, the network administrator, has requested a budget for a system overhaul to rebuild the infrastructure of the organization with an emphasis on security.

The company does not have anything currently in terms of true security measures. Young is competent but has limited understanding of attack methodologies. The attacks were thwarted mainly due to automated antivirus programs installed on the servers. ABC, Inc. has a network with four servers that cater to around 450 employees. ABC, Inc. keeps track of its data using a MySQL database. However, some of the data is found to be incorrect in its database since somebody has modified it outside of normal business operation hours.

The database server is used for updating the inventory records. The database contains information about quantity of raw materials available, quantity of finished products, price of finished products, etc. Users from across the organization use the database to access different information. Therefore, availability of the server is critical. Young would like a recommendation from you on the fault-tolerance mechanism that can ensure uninterrupted business and security on the database to prevent unauthorized modifications.

Ken Burton, the sales and marketing head is worried about the security of the laptops that the sales and marketing personnel carry with them while traveling. Burton has previously reported that data on these laptops has been leaked or hacked when these laptops are outside the organization network. Burton wants a system by which these computers can be secured while they move out of the organizational network and still maintain a secure connection to the home network.

In addition, ABC, Inc. wants to implement a computer use policy for its users which explains their responsibilities and the internal and legal implications to users who violate this policy. The intent is to prevent users from indulging in activities which put the company at risk. ABC, Inc. needs to create a charter that describes the following:

Hacking

Violation of right of ownership

Violation of privacy of user's personal data

The management of ABC, Inc. decided that adequate security measures must be taken to protect internal data and entrusted Young with the responsibility of creating the security requirements. Young has created the following additional requirements:

Department/Sub Department

User authentication must be performed before an employee can logon to the network. The organizational structure is given in Appendix A.

Appendix A: Use the information in the following table to recommend user and group permissions for the organization.

Each department stores its data in separate folders that are shared in a central file server. Measures need to be taken to enable only the users in a department to access the department folder in the central file server. Personnel in a particular department should not be able to access the folder of another department.

In addition, a mechanism is required that would record event data on each department folder on the central server. The network administrator will use this data to identify the events that generated security alerts.

The computers in the accounts department need to be made secure. Employees in other departments currently use these computers as well. Sensitive data on these computers are accessible to any user who has physical access to the computer. A mechanism needs to be devised by which data belonging to a user on the local machine is accessible to that user only. Young suggests using encryption to secure data on local computers.

The OSs installed on the computers need to be updated with the latest patches and fixes.

All users in the organization currently use the database. However, only the heads of the departments, the network administrator, and the database administrator should have access to the database. The database administrator should have full control permissions, the department heads should have modify rights, and the network administrator should have read-only permission on the database.

The computers in the marketing department need to be secured when the computers move out of the network.

All computers in the organization are run on an outdated OS. The organization has identified that some of the hacking has occurred because computers running on this OS can be accessed from outside the organizational network by using terminal services. The OS needs to be updated and configured to prevent outsiders from accessing the computers.

A mechanism is required to check if the computers in the organization are running the latest patches. In addition, a mechanism is required for implementing antivirus in the computers in the organization.

You have been hired by this company to suggest ways of securing its technology assets. ABC, Inc. requires you to complete the project and provide detailed recommendations for improving their security in the next five weeks. You will be assigned specific tasks in each of the weeks of this course based on the content covered in the week.

As you complete this assignment, you must also realize the importance of describing the implementation of the solution that you propose and explaining how to verify the solution by providing activities to test the security (such as intentionally using an incorrect password to make sure the system rejects the login attempt).

In this week, review the scenario and analyze the security requirements of the organization. On the basis of your understanding, create a 3- to 4-page report in a Microsoft Word document that includes the following:

A paragraph summarizing the problems faced by the organization.

A list of top five recommendations for implementing better security in the organization and an explanation of how each of these will benefit the organization. Justify the importance in your ranking.

Outcomes for your report, such as what implementing your solution will do for the organization; this should be a preliminary report that will evolve as the weeks progress.

In addition, respond to the following questions in your report:

How does an attack like the one suffered by ABC, Inc. impact consumer confidence in its product? Why would the company wish to remain anonymous during this process?

Which basic user policies would you put in place to make sure employees cannot access each other's information?

Name Role

Department/Sub Department

Groups David Wong Design Head Design Dsngrp Debbie Howe Database Administrator Information Systems ISgrp Ken Burton Sales and Marketing Head Sales and Marketing SMgrp Jim Lewis Human Resources Head Human Resources HRgrp Tom Wilkins Network Support Head Information Systems ISgrp Mike Womack Information Systems Head Information Systems ISgrp Diane Frye Inventory Manager Operations ODgrp Jerry Smith Sales Manager Sales and Marketing SMgrp Lee Mitchell Marketing Manager Sales and Marketing SMgrp Ed Young Network Administrator Information Systems ISgrp Sheila Frost Accounts Head Accounts Accgrp

Explanation / Answer

A tire manufacturing company, who wishes to be called ABC, Inc., has fallen victim to a cybercrime. The losses are both direct and indirect, downtime and lost productivity as a costly side-effect of some cyber criminal activity. Top data targets include intellectual property and databases of personal information about employees, partners, suppliers and customers which can be used for identity theft and fraud. Hence, the security issues in front of the organizations are both Technical and Social. So let discuss about the technical problems first, they need to secure database i.e. MySQL database they are using to manage their inventory. Next, the security of the laptops that the sales and marketing personnel carry with them while traveling so, the software running on them, and communication to and from them and the internal company servers will need to be secured. On the other hand, onsite computers need to be made secure by the central server, users in different departments need to only be able to access information on that server and the accounting department needs extra security for sensitive local data because users from other departments sometimes use their devices. On the other side i.e Social Concerns, policies need to be make up and distributed to employees regarding the proper use of information, legal and consequences who not following these policies.

Top Five Recommendations For Implementing Better Security In The Organization And An Explanation-

1. Preventing Data And Information:

            The tire manufacturing company, who wishes to be called ABC, Inc., should preventing any more leaks of either customer data or its proprietary information. Hence, it is not known whather the leaks are coming from an internal source or an external source, a few security vulnerabilities are known to have been exploited. Firstly discuss about the computers in the marketing department, when they move outside the internal networks have been accessed using terminal services. Someone has modified data in the MySQL databases to represent incorrect information. This means that the database can be accessed and modified without any record. These will   be the top priority. Because of the laptops frequently connect to networks outside of the internal one, but they access organizational network, they should be secured. The problems are occurring by t outdated OS that allows non-employees to access them using terminal services. So, the first order of business is updating all of these laptops to prevent outsiders from accessing the network.

2. Outdated OS should be update:

            Secondly, new vulnerabilities are continuously being found in OSes, then creating setting the laptops, as well as other computers on the network, download and install new updates. With the help of anti-virus software it has been installed, as this prevent attacks in the past.

3.Providing by password :

            Third, whenever laptops can be stolen or lost, then it should be policy that all marketing personnel use highly secure passwords and password should expire after some days that should be 40 or 90 or 120 days. The main reason to follow time limit, it should minimize the amount of time to crack the password and if the password has been compromised, it limits the amount of time the hacker will have access to the system.

4.Database Security :

            Fourth, the primary way to do to secure database i.e My SQL is to make sure anytime it is modified a system records when and by whom. This will require a user to be authenticated every time the network is used. After authentication, users will only have permission to access the parts of the database that is relevant to them. Authentication will leave a track that shows exactly who is making changes when they are made. Permissions will prevent users from accessing or making changes to information that is not necessary for them to fulfill their job functions.

5.Policy should be updated and sticky followed:

            Fifth, there may be a possibility that information is being leaked by an employee instead of an outside attacker, then policy should be developed and distributed regarding the proper way that the company’s proprietary information and customer data is to be handled. This policy should be clear about procedures and the consequences, both legal and internal. A summary of this policy should appear as the desktop background of every computer. This summary should link to the full policy. This will make sure employees are reminded of their obligations every time they log on to the network.

            Whenever attack declare as widespread it could have negative impact on ABC, Inc. customer’s confidence because of the customer’s personal information has been stolen. This information could be sensitive. Because they don’t want their private information to be a matter a public record, it could impact their want to do business with ABC, Inc. in the future.

            Hence, ABC, Inc. wishes to remain anonymous during this process because if it becomes know that they have weak security then it negatively impacts customer confidence. However, this could backfire if customers do become aware of the fact that their security has been breached. This may make customers angry that they were not notified as soon as it happened.

            To prevent this would be requiring password based authentication. Every user who logged onto the network need permissions to limit their access to information that is relevant to them. Apart from this, should include logging, or locking, a computer when it is not being used. This will prevent other employees from using a computer that they are not logged into. Also, it should against policy to share passwords with other users for the same reason.

Related Questions

Scenario 3a The Perfectly Competitive Market In a perfectly competitive market,
Question #1129631
Scenario 3— Intellectual Property Professor Cody teaches business law for Fowler
Question #430450
Scenario 3—Securities In 2008, after working at two banks for about eight years,
Question #458748
Scenario 4 (length: as needed) You are in charge of setting the optimal price fo
Question #1138874
Scenario 4 A local community non-profit organization that receives some state fu
Question #379621
Scenario 4 Intangible Assets In 2016, ChiHerbal decided to develop a new type of
Question #2554076
Scenario 4 You are working as a technician in a reputed company in Bahrain. Your
Question #1867931
Scenario 4 You are working as a technician in a reputed company in Bahrain. Your
Question #2088190
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Scenario A rural country hospital facility provides health care services to over
Next
Scenario A1E is a fictitious retail company using www.a1e.com as their main URL.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.