Reference no: EM132811438
Assignment Brief
VibeTel is a small to medium company that provides telecommunication services like (calls, text messages, video, and file sharing) to their customers. The company has a staff capacity of 150 and have two remote sites in UK and the US. VibeTel has 25 staffs working on site in both UK and USA, the rest of the employees work remotely. They have a moderate customer base of2000 that use their telecommunication services.
VibeTel has network and computing infrastructures on site, and due to the pandemic, the staff connect remotely and share files for busviness purposes. There are servers onsite that host files and they have some cloud subscription. Their servers host confidential information like User ID, address, phone number, card details,and confidential user information.Their staff normally use any device at home to connect and do their jobs. They connect via mobile, desktop, laptops etc. For those working on site, both building in US and UK have no barriers but physicalsecurity checks by onsite security agent.
The company's servers and network devices are located on the general office area, and they can beaccessed by everyone. The staff do not have any guidelines on how togenerate and use passwords, some of them are using their pet's name and favourite coffeeshop as password. The staff in addition use their personal gadgets in office to do work related activities. There is only one wireless network where all staff and visitors use. Both onsite and online staff use emails and Voice over IP (VoIP) phones to communicate with customers for troubleshooting purpose or account related updates.As the office is international, the head of IT in both countriesshould be grounded on laws governing data privacy and security.They seldom follow and implement these government policies in handling users' data in both countries.
The company have no interest in investing into perimeter firewalls or virtual firewall services. They are satisfied with the Service Provider's (SP) security serviceslike (packet filtering and inspection,malware detection and antispyware).In addition, some of the services they pay the SPare cloud space, reliable internet connection and priority on real-time services like voice and streaming data.Staffreceive several bogus texts, emails and phones from strangers persuading them to click a link for several reasons mostly malicious.To quickly share and save files, staff sometimes save customers' details in USB sticks and hard drives, the computers onsite all allow the use of external USB drive. Network admin and IT administrators find it difficult to track staff activity in the organisation, sometimes staffdeny doing certain operations and the IT teams are finding it difficult to trace which staff account access certain files or carry out an operation. Staffs occasionally use torrent sites to download movies and games.
Produce a security report for VibeTelthat analyses the possible threats and vulnerabilities that exist in their infrastructure and the way they do business. Provide mitigation strategiesthat will increase the security posture of the organisation towards maintainingconfidentiality, integrity, and availability. Your solution should take in consideration awareness to government and policy guidance in cybersecurity and use threat modelling methods in analysing the given network topology.
Description: Demonstrate and illustrate understanding of the various threats and vulnerabilities that exist in data and information systems.
To apply threat modelling tools and methods in identifying and evaluating threats and risks.
Analysis and critique on how you arrive at your mitigation strategy. Demonstrate knowledge of government policies and regulatory guidance.
Assess and evaluate the impact of threats with hierarchical or numerical representation in computing and network environments.
Articulate and fluent presentation of work with great clarity and coherence. This also includes the structure and outline of the work. Clear support of arguments with credible and reputable evidence.
Hint on report writing style and format (3000 words)
Threat and vulnerabilities
• Individual
• Business
• Communications
• Infrastructure
Risk Assessment (Impact)
Threat modelling
• Data Flow Diagram (DFD)
Threat Mitigation Strategy
Summary and Conclusion
References
Attachment:- Assessment Brief.rar