User Account

All Pages

Develop a server malware protection policy

Assignment Help Business Management
Reference no: EM13802216

The infectious company, Grocery Stores, Inc. has just been breached by what was first thought to be a remote attacker who infected the supermarket chain with a server based malware program. However, after a security assessment was performed, it was confirmed that it was an inside job. Apparently, a new and sophisticated plan was developed by a disgruntled employee. The attacker slipped malware onto servers at all of the company's 200 grocery stores. The malware appears to have snatched card data from customers as they swiped their credit cards through the checkout counter machine and transferred the card data overseas.

Scenario description

You've been hired as an information security administrator for Grocery Stores, Inc. Your duty is to assess the situation and determine the best course of action to take to ensure that the security breach is contained and eradicated. You will need to interview key staff members and decide how which member(s) can best assist you in eliminating this risk.

What is Your Role in this scenario?

The fact that the malware was not the ordinary kind of key logger program that might capture keyboard presses as a customer logs into their online bank account, but was instead software programmed to lift credit card data as it was being transmitted to the servers at Gregory Stores, Inc, suggests that the malware program had to be written specifically to target our stores and deployed from inside the company network. It seems almost too much of a coincidence to believe that remote hackers would have a chance to infect every server with the appropriate malware by using traditional security flaws such as a misconfigured firewall, or even an out-of-date antivirus application. We have over 20 network administrators throughout multiple branch offices and satellite locations. Security was set up so that each network administrator had the same security access and privileges to each location. In hindsight, I believe that while having redundant or equal security privileges for all network administrators can be a good thing; it can also be a major security hole. That is because the administrators have access to the entire system and not just their local area network.

The possibility that the security breach of Grocery Stores, Inc. was performed by an employee is very disturbing. We must review our current employee hiring policies and procedures to insure that we are performing the appropriate background checks and monitoring our employees to make sure that valuable customer data is both secured and protected from external threats and internal employees. We can't have our I.T. professional circumventing the system because they have elevated privileges that give them unfettered access to valuable company data. We must review the current job descriptions and duties of all personnel who have access to customer data and only give access where appropriate. Also, during the termination and/or transfer process, we need to be sure that we have done the steps necessary to disable security access so that we do not have any rogue accounts.

The recent security breach at Grocery Stores, Inc. indicates to us that our security policies and procedures need serious scrutiny and oversight. However, even if we were found compliant with all security controls and financial protection measures, the fact remains that we were hacked. A major concern at many corporations is the potential for a man-in-the-middle attack, where an attacker can install a sniffer program and pull out the data as it flows through. You can reduce the risk of this type of attack by encrypting the data at the time it transverses the network. I also want to review the training policies and procedures of our personnel to make sure that everyone understands the rules, is complying, and that there are punitive measures in place to reduce the risk of incidents like these from happening again

The security breach at Grocery Stores, Inc. has caused major damage to the reputation and trust that our customers and stakeholders have in this organization. This cannot be tolerated; security of our valuable data is paramount. As CEO of this company, I am responsible for insuring security of our critical data and compliance. Security must be an important concept to every employee from top to bottom. We must demonstrate adequate internal controls of business records and information security. We need a layered security program so that if one defense is unsuccessful, the attacker must poke through other defenses. Even with a layered security program, there's no guarantee that the company can prevent every attack from succeeding. Good security requires constant care and it doesn't take much for a vulnerable opening to develop. We will do everything possible now and review for potential updates monthly in the future.

Based on your assessment of the security breach and interviewing the staff in the scenario, develop a server malware protection policy that accounts for the concerns of the stakeholders involved in mitigating the risk of a malware attack; network security controls that prevent the infiltration of viruses, worms, and/or malware; and reducing the chances that the attack originates from an internal source.

 

Reference no: EM13802216

Questions Cloud

Assignment on hypothesis identification article analysis : Individual Assignment: Hypothesis Identification Article Analysis
Determine the velocity with which the first ball : What angles could you fire the cannonball to sink the pirate ship - determine the velocity with which the first ball
Deposits in the banking system and money supply increase : You take $1000 you had kept under your mattress and deposit it in your bank account. If this $1000 stays in the banking system as reserves and if banks hold reserves equal to 20 percent of deposits, by how much does the total amount of deposits in th..
How far should a person go to tamper with their own body : How far should a person go to tamper with their own body chemistry, biology, and/or physical characteristics to be perfect?
Develop a server malware protection policy : Based on your assessment of the security breach and interviewing the staff in the scenario, develop a server malware protection policy that accounts for the concerns of the stakeholders involved in mitigating the risk of a malware attack; network ..
Provide at least two convincing reasons : Identify one of the theories and provide at least two convincing reasons why the theory you have chosen is the best one to explain the mystery.
How far does the water travel with your thumb : How much heat is lost per unit area and unit time if the ambient air temperature is 0oC - How far does the water travel with your thumb over the end of the hose
Assignment on nuclear power : Assignment Nuclear Power
Rough draft of final paper on ethics theory : Rough Draft of Final Paper on Ethics Theory

Reviews

Write a Review

Business Management Questions & Answers

  Examine the process of forecasting financial statements

Examine the process of forecasting financial statements and make at least one recommendation for improving the accuracy of forecasts. Provide specific examples to support your response.

  Need for job evaluationin every organization different

need for job evaluationin every organization different employees perform different tasks necessary to carry on the

  How is the word myth utilized popularly

How is the word myth utilized popularly? For instance what does the statement It's a myth mean? In contrast how is the word myth used in the academic context?

  Show the three levels of product

Show the three levels of product and any accompanying features that might be present at each level.

  Illustrate what it is doing with ge products

Which of the forms of business is Apex engaged in with respect to illustrate what it is doing with GE products?

  Describe the essential services

Describe the essential services provided within the scope of Public Health

  Interpersonal masterybased on the relevant theory of the

interpersonal masterybased on the relevant theory of the new science to leadership. provide a powerful metaphor on

  Review eastman kodaks values

Explain company's overall operations and strategy are aligned to support those values and achieve the mission.

  Problem solving decision model

Conflict resolution specialist for the parties, how would you use the problem solving and decision model (PSDM) to help the parties resolve their conflict?

  Facilitating socialization

Write a paper that describes the process by which you were socialized into a new institution - Facilitating Socialization

  Developing effective and efficient control

developing effective and efficient control measureselaborate on developing control measures to ensure that processes

  Analyze your communication skills

Analyze your communication skills and what assessment did you use to analyze your skills? Do you have communication gaps?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd