User Account

All Pages

Suggest a policy that would help mitigate against attacks

Assignment Help Other Subject
Reference no: EM131405773

Assignment

The following scenario is based on an actual attack deconstructed at a seminar I attended last year. The names and locations have been removed to preserve the privacy of the organization in question.

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical sales company in the Midwest of the US employing around 150 personnel. It has grown over the past decade by merging with other pharmaceutical sales companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as "training1", "training2", etc. with passwords of "training1", "training2", etc.

The logins were not subject to lock out due to repeated incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none of the IT staff were aware of the legacy remote access

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type. Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget.
All Questions are worth 3 points each - 12 points total for the assignment. Assignment is due on January 29th, at 11:59 am, EsT.

Question 1:

Suggest a policy that would help mitigate against attacks similar to this one in the future. Justify your choice in one paragraph.

Question 2:

Good policies begin with an overview section that summarizes the policy for senior management. Write a summary paragraph for the Board that explains what the policy intends to do and how. Do not attempt to write a full policy, simply summarize it for the Board.

Question 3:

Suggest at least two different controls to support your policy and explain how they will support the policy. Identify each of the controls as physical, administrative, or technical and as preventative, detective, or corrective. Justify why you classified them the way you did.

Question 4:

Suggest an employee position to be responsible for your policy and what metrics they might use to measure compliance with the policy.

Reference no: EM131405773

Questions Cloud

Expain the selected companys specific practices or policies : Bus 322- Examine the selected company's specific practices or policies. Speculate on the major influences that these practices or policies have on individual and organizational outcomes.
Defend two organizational changes : Management has reviewed your work from two weeks ago about how the employees' low job motivation may affect the company internally and externally and determined that there is sufficient evidence to support an organizational change. It has asked yo..
Write null and alternative hypotheses : Write null and alternative hypotheses about the relationship between the two variables in this situation. Make your hypothesis statements specific to this situation.
Calculate the value of the chi square statistic for testing : Calculate the value of the chi-square statistic for testing the null hypothesis of no relationship between sex and handedness.
Suggest a policy that would help mitigate against attacks : Suggest a policy that would help mitigate against attacks similar to this one in the future. Justify your choice in one paragraph. Write a summary paragraph for the Board that explains what the policy intends to do and how.
What is the myth of amoral business : What is the Myth of Amoral Business? If business operates within the law, does it thereby automatically operate morally? Most moral judgements in business are made on such generally accepted rules as.
Explain whether each of the given is possible : Explain whether each of the following is possible.- A relationship exists in the observed sample but not in the population from which the sample was drawn.
What can be concluded about chi square test of relationship : The Minitab output for a chi-square test of the relationship follows. Based on this output, what can be concluded about the relationship?
When confronted with disciplinary problems from employees : When confronted with disciplinary problems from employees, the supervisor should. When conducting an investigation, the supervisor should interview.

Reviews

Write a Review

Other Subject Questions & Answers

  Divinity of jesus and doctrine of trinity

What proof is there that supports that Jesus is God? I do not quite understand how the Trinity fits into this discussion. How do critics e.g., non-Christians react to the Doctrine of the Trinity? Provide evidence for your position.

  Analyze the main point of the article you chose

"Psychology Today Article" Please respond to the following: From the e-Activity, analyze the main point of the article you chose. Propose further research that should be done in this area

  How the work of each individual has built upon the work

Select and read at least one article from this week's Learning Resources for at least five individuals listed above.Consider how the work of each individual has built upon the work of earlier pioneers in the informatics field.Assess the areas of gro..

  Discuss legal and ethical practice

legal and ethical practice

  What is preferable as an engine of success in society

You can tackle the general question over what is preferable as an engine of success in American society government or business, private sector or public. Select a policy issue as your case study

  Effects of computerized physician order entries

What are the major Effects of Computerized Physician Order Entries on Medication Errors? Give a detailed analysis.

  Description of current management challenges

Description of current management challenges and the current functions, roles, and skills. Descriptions of supervisory challenges which may include, but are not limited to, motivation and performance evaluation

  Write a summary paper about the article whos afraid of eva

Write a summary paper about the article "Who's Afraid of EVA?" by Andrew Makar, PMP.

  Advertising propaganda for sociology students

Find out two examples of advertising in any media and examine how they relate to the propaganda techniques. Describe the ads. Do not assume that "everyone" has seen them.

  Paper on the history and developement of jazz in los angeles

A 10-12 page paper on the history and developement of Jazz in Los Angeles. Include things such as famous venues, historic performances, and important musicians involved in the city

  Study of gender and communication

What does the seven-part communication model do for the study of gender and communication? In what parts of the model can you identify gender and its influence?

  Identify the risks and benefits of extracting

Identify the risks and benefits of extracting or using one type of nonrenewable and one type of renewable energy resource a forest ecosystem, or in areas near that ecosystem.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd