User Account

All Pages

About the company security problems

Assignment Help Operation Management
Reference no: EM131269691

Module 7 Team Module Summary Discussion Case: What are you going to do about the company’s security problems?

You are the new IT manager at InvestCo, a small securities firm, and three days after you started your new job the secretary to the CEO was tricked into giving the CEO’s password over the phone to someone she thought was in the IT department. Luckily she quickly discovered that she had been tricked and had the CEO immediately change his password. When asked, the secretary said she knew the CEO’s password because it was the same one that he used for his Facebook account. You’ve been told that as far the IT staff can determine, the hacker probably did not use the stolen password before the CEO’s password was changed. However, if the thief had gotten in, he would potentially have had access to the extensive data that the company keeps on its clients. The CEO is very concerned about the potential liability and loss of customers if the client data had been stolen. Now it is your task to reexamine the firm’s policy on employee and customer account passwords, craft a new security and data retention policy, and to make a recommendation to the CEO.

InvestCo holds, trades and manages stock and bond portfolios for clients. There is an existing security and password policy that has been in place for 3 years. Some longer-term employees remember the security training that occurred back then, but there has been no training since the old policy was put in place. The password policy was strengthened two years ago so that passwords had to be longer, couldn’t be reused and had to be changed monthly. Following that change, an intern was hired to help reset passwords when employees and clients couldn’t remember their password.

Due to the financial nature of the company’s business, your recommendation must make the security of financial data paramount. But your recommendations must take usability and accessibility by employees and customers into account. A very secure but inaccessible system would be bad for business, but so would a very accessible but insecure system. So your task is to identify the problems with the existing security at InvestCo. Then craft a security policy and implementation and maintenance plan that addresses those problems while striking a balance between security and accessibility.

Begin by reading an article named Kill the Password, by Mat Honan

Learn about the technology of passwords by reading the following websites:

Hashing Wikipedia page(Links to an external site.) (Links to an external site.)

Salting Wikipedia page(Links to an external site.) (Links to an external site.)

Multi-factor Authentication Wikipedia page(Links to an external site.) (Links to an external site.)

Password Managers Wikipedia page(Links to an external site.) (Links to an external site.)

Learn about many of the ways passwords are compromised on the following websites or online articles:

Phishing Wikipedia page(Links to an external site.) (Links to an external site.)

Key Loggers Wikipedia page(Links to an external site.) (Links to an external site.)

Dictionary Attach Wikipedia page(Links to an external site.) (Links to an external site.)

Brute Force Attack Wikipedia page(Links to an external site.) (Links to an external site.)

Social Engineering Wikipedia page(Links to an external site.) (Links to an external site.)

How Passwords are Cracked(Links to an external site.) (Links to an external site.)

Aggressive Password Policies(Links to an external site.) (Links to an external site.)

People Using Common Passwords(Links to an external site.) (Links to an external site.)

Million Recently Compromised Passwords For Sale Online(Links to an external site.) (Links to an external site.)

Passwords From Hacked Game Site Dumped Online(Links to an external site.) (Links to an external site.)

Learn about alternative policies to consider by reading the following online articles:

Google Looks to Kill the Password Using the Ring on Your Finger(Links to an external site.) (Links to an external site.)

Stanfords Password Policy Shuns One Size Fits All Security

(Links to an external site.) (Links to an external site.)

Question 1: Chose a password policy to present to your boss the CEO. In your recommendation be sure to address how it improves security and or accessibility. How would your recommended policy have helped the recent security breach? Identify at least one negative factor related to your recommended

Stay with the current policy but have everyone change his or her password. Send the CEO’s secretary to training on recognizing social engineering. Teach everyone how to craft better passwords

Move to an aggressive password policy where strong passwords are required, weak passwords are prohibited, and users are required to change their password frequently. Provide everyone with a password manager so that people stop hoarding passwords, passwords are compliant with the new aggressive rules, and strong passwords become disposable.

Keep the current password policy but add in multi-factor authentication for every login. The additional factors may include an RSA token or a smartphone app, as well as the potential for biometrics, and location based limitations (logins only at known locations)

Craft your own password policy. Provide details.

Question 2: In the security breach described in the first paragraph there are several types of security problems. Using the list below, identify how each item in the list shows up in the case.

Employee training problems

Employee/company operating process and procedure problems

Need for client security procedures

Need for a password policy for clients

Need for a better password policy for employees

Need for a data retention policy

Need for a data access policy

Need for Intrusion detection/prevention measures

Reference no: EM131269691

Questions Cloud

About the future for the new partnership : Recently, you attended an alumni gathering online. A friend from your days at your university proposes you form a partnership to offer consulting services. As a dedicated follower of this class, you recognize a number of issues that you must address ..
What is the purpose of a directory in a distributed database : What is the purpose of a directory in a distributed database? Where should the directory be located?
What are vegetarian options for protein sources : On another note, why are beans and peas unique foods? What are vegetarian options for protein sources? What is an example of a meal that you would normally eat, where you are getting all of the nutrient requirements that the food pyramid recommen..
Calculate the lower amt amount on qualified dividends : Combine this new information about the Incisor family with the information from Chapters 1-5 and complete a revised 2015 tax return for Ivan and Irene. Be sure to save your data input files since this case will be expanded with more fax informatio..
About the company security problems : What are you going to do about the company’s security problems? You are the new IT manager at InvestCo, a small securities firm, and three days after you started your new job the secretary to the CEO was tricked into giving the CEO’s password over th..
Current example and apply the sleepe dimensions : 1. Why would a sport manager utilize the SLEEPE principle when dealing with player misconduct or brushes with the law? 2. Provide a current example and apply the SLEEPE dimensions (include your research source).
What is a multidimensional database : Under what circumstances would a company build data marts from an enterprise data warehouse? Build an enterprise data warehouse from data marts?
Inclusion initiatives undertaken by your selected company : You can then do the following work which can be posted to this thread upon completion utilizing the 'edit' function. Review the diversity/inclusion initiatives undertaken by your selected company(Procter & Gamble). Write a minimum 500-word analysi..
How many benefit periods were used during this calendar year : Jane Doe is an 83-year-old patient who only has Medicare Part A insurance. After reviewing the following information, answer the questions regarding her listed hospitalizations. How many benefit periods were used during this calendar year? Were any..

Reviews

Write a Review

Operation Management Questions & Answers

  Book review - the goal

Operations Management is about a book review. Title of the book is "Goal". This book has been written by Dr. Eliyahu Goldartt. The book has been appreciated by many as one of those books which offers an insight into the operations and strategic capac..

  Operational plan in hospitality enterprise

Operational plan pertaining to a hospitality enterprise is given in detail in the solution. The operational plan is an important plan or preparation which gives guidelines regarding the role and responsibilities of each and every operation at all lev..

  Managing operations and information

Recognise the importance of a strategic approach to the development and deployment of organisational information systems. Demonstrate an understanding of the importance of databases and their integration to the organisation's overall information mana..

  A make-or-buy analysis

An analysis of the holding costs, including the appropriate annual holding cost rate.

  Evolution and contributor of operations management

Briefly explain Evolution and contributor of Operations management.

  Functions and responsibilities of an operations manager

A number of drivers of change have transformed the roles, functions and responsibilities of an operations manager over recent years. These drivers have not only been based on technological innovations but also on the need for organisations to develop..

  Compute the optimal order quantity

Compute the Optimal Order quantity of DVD players. Determine the appropriate reorder point.

  Relationship to operations practice in the organisation

Evaluate problems in operations and identify approaches to overcoming them. Critically evaluate operating plans and identify areas for improvement. Justify, implement and evaluate changes to operations in line with modern approaches.

  A make or buy analysis

Develop a report for Figi Fabricating that will address the question of whether the company should continue to purchase the part from the supplier or begin to produce the part itself.

  Prepare a staffing plan

Prepare a staffing plan showing the change of your unit from medical/surgical staffing to oncology staffing.

  Leadership styles in different organizations

Ccompare the effectiveness of different leadership styles in different organizations

  Risk management tools and models

Be able to understand the concept of risk, roles and responsibilities for risk management and risk management tools and models.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd