User Account

All Pages

Identify each of the controls as physical and detective

Assignment Help Computer Engineering
Reference no: EM131990566

Assignment

Scenario based on Actual Attack

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

· After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

· No-Internal-Controls, LLC has a number of PCs configured for employee training

· These training computers use generic logins such as "training1", "training2", etc. with passwords of "training1", "training2", etc.

· The generic logins were not subject to lock out due to incorrect logins

· One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

· Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access

· The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

· The internal network utilized a flat architecture

· An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

· The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

· The attacker installed tools on the compromised host to scan the network and identify network shares

· The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

· Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

· Suggest one or more policies that would help mitigate against attacks similar to this attack

· Suggest one or more controls to support each policy

· Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.

· Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget

· Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.

· Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy

· 3-5 pages in length.

· APA format.. citations, references etc.

Reference no: EM131990566

Questions Cloud

What does this company do to motivate their employees : For this discussion, select a company you would like to use as an example. What does this company do to motivate their employees or squash their good efforts
Define the problem in the scenario that you have chosen : Explain how you will implement the decision made and reflect on whether this option was the most effective.
Describe the results of your assessment of work processes : Describe the results of your assessment of the work processes and key employees to be addressed in your final paper. Discuss how the organization will change.
Explain in your own words the message of each speech : Determine whether you think the killing of Bin Laden has lowered or raised the fear of terrorism in most U.S. citizens.
Identify each of the controls as physical and detective : Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.
How would you market the locations to a prospective client : How would you market those locations to a prospective client? How would you advise the American client regarding the cultural (highlight one or two significant)
Fiscal policy of current australian government : Unemployment during last S years and Its effect on Australian economy and government policy towards reducing unemployment
Where do you see evidence of the all-hazards approach : Where do you see evidence of the all-hazards approach in the plans? Can you tell from the plan which hazards are of most eminent threat in your area?
Analyze and discuss the public perceptions of raytheon : Analyze and discuss the public perceptions of Raytheon and its influence with the Department of Defense.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd