User Account

All Pages

How each policy suggest will help mitigate similar attacks

Assignment Help Management Information Sys
Reference no: EM132322922

Assignment: Read through the following scenario complete the following case study:

Background: No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

• After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

• No-Internal-Controls, LLC has a number of PCs configured for employee training

• These training computers use generic logins such as "training1", "training2", etc. with passwords of "training1", "training2", etc.

• The generic logins were not subject to lock out due to incorrect logins

• One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

• Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access

• The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

• The internal network utilized a flat architecture

• An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

• The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

• The attacker installed tools on the compromised host to scan the network and identify network shares

• The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

• Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions: You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

• Suggest at least two policies that would help mitigate against attacks similar to this attack

• Suggest at least two controls to support each policy (so a minimum of 4 controls)

• Identify each of the controls as either physical, administrative, or technical and either preventative, detective, or corrective (so one control might be a physical, preventive control)

• Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget

• Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.

• Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy.

Reference no: EM132322922

Questions Cloud

Prepare dissertation by creating an annotated bibliography : The purpose of this assignment is to prepare you for the dissertation process by creating an annotated bibliography. One of the core competencies necessary.
What is the correct value for the product of tf : In a corpus of N documents, one document is randomly picked. The document contains a total of T terms and the term "data" appears K times.
Analytics vidhya delhi hackathon : Solve the equation according to the sentence "I am planning to visit New Delhi to attend Analytics Vidhya Delhi Hackathon".
Percentage of the total statements : What percentage of the total statements are correct with regards to Topic Modeling?
How each policy suggest will help mitigate similar attacks : Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy.
Where has the technologies helped : Where has the technologies helped and where has it been a hindrance. Is a help to one a hindrance to another and vice/verse.
Find the probability that a given user is transmitting : CIT-606 Fundamentals of Networking Assignment, Nile University, Egypt. Find the probability that a given user is transmitting
What are the seven leftmost bits of the 23 bit mantissa : Encode -10 5/8 into 32 bit IEEE floating point binary. What are the seven leftmost bits of the 23 bit mantissa?
Define impact of the biometrics access control system : Research how the U.S. Department of Homeland Security is testing the privacy impact of the Biometrics Access Control System at the Transportation Security Lab.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Summarize your experience developing a project plan

Summarize your experience developing a project plan for the access control system.Which aspects did you find the easiest, and which were the most challenging

  Information systems security

The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls geared towards protecting medication and funds located on the premises.

  What are the benefits associated with an outsourcing effort

Write a 3-5 page paper that discusses the various aspects of outsourcing the IT function from an organization. What are the benefits associated with an outsourcing effort

  Does social media have a place in the business world

Does social media have a place in the business world? How would you use social media to promote your business? If you wouldn't use social media, what online strategies would you employ?

  How would you incorporate these into your working life

In a brief 1-2 paragraph reflection, explain why a professional organization had a policy such as this. How would you incorporate these into your working life

  Describe the software development methodologies

Explain how a business user could be involved in the core activities of building an information system.

  What are the advantages of using erp

As an IT manager, discuss how your company will use Enterprise Resource Planning (ERP) to integrate the various functions of an entity.

  How organization manages components of its it infrastructure

What has this organization done to gain and sustain an advantage over their competitors? Describe in detail how this organization manages the components of its IT infrastructure

  Evaluate technology trends available to market product

Evaluate technology trends available to market product in Canada for Walgreens - That and the introduction of newer products to Canada should bring in some business to Walgreens

  What type of data marts would you suggest setting up

Regional managers are responsible for inventory management, procurement of inventory, sales, and marketing for their particular region.

  Develop a project communication plan

Develop a project communication plan to describe how stakeholders and managers will be kept informed regarding project progress. This will include the form of communication (status reports, meetings, etc.), frequency, and specific project mileston..

  How social media impacts your nonprofit

How social media impacts your nonprofit? Individuals or groups you are serving, volunteers, donors, general public, local community, government, foundations, board members, etc.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd