User Account

All Pages

Identify each of controls as physical-administrative

Assignment Help Other Subject
Reference no: EM132345140

The following scenario is based on an actual attack deconstructed at a seminar I attended earlier this year. The names and locations have been removed to preserve the privacy of the organization in question.

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as "training1", "training2", etc. with passwords of "training1", "training2", etc.

The generic logins were not subject to lock out due to incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

Suggest one or more policies that would help mitigate against attacks similar to this attack

Suggest one or more controls to support each policy

Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.

Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget

Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.

Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy

3-4 pages in length.

APA format.. citations, references etc...

Reference no: EM132345140

Questions Cloud

Identify and explain the control problems : To be eligible for volume discounts, the Parks and Recreation Department orders the candy for all three pools. Sandy Wells is responsible for ordering.
What is the purpose of legislation and regulation : What is the purpose of legislation, regulation and industry codes applicable to financial management? The response paper should be in APA format.
Systems link to the culture of an organization : In what way do the service delivery systems link to the culture of an organization? Please use references.
What are amazon business continuity planning : Briefly describe how continuity planning has prepared Amazon to deal with the threats such as: internal threats, theft, unintentional
Identify each of controls as physical-administrative : Identify each of controls as physical, administrative or technical and preventative-detective or corrective. Suggest one or more controls to support each policy
Develop at least one example of boundaries exhibited : Develop at least one example of boundaries exhibited by Walmart and at least one example of framing that led the company to where it is today.
Define and explain games theory : Define and explain Games Theory. Its Applications and Limitations Business Strategic Management.
Staff performance and provide feedback and coaching : Why it is so important to continuously monitor staff performance and provide feedback and coaching
Recommend changes to the proposed training program : What do you think of this? Is it likely that hotel staff will be able to learn how to handle unhappy customers from just listening to a presentation?

Reviews

Write a Review

Other Subject Questions & Answers

  Why do not police departments increase their applicant pool

Many police officer positions require the applicant to have a college degree even though the tasks of a police officer rarely call upon college course material.

  Reflection on diversity

Choose one of the following topics to discuss. Reflect upon your chosen topic in a one- to two-page essay, double-spaced, in APA format. Make sure to include a title page.

  What rights or duties do the parties have

Should healthcare professionals treat an individual for an illness when that individual has convicted of a terrible crime?

  The demographics of henrietta lacks

Describe the demographics of Henrietta Lacks. Provide a summary of the researcher's actions.

  Which concepts from text does it mention cover or depend on

In addition to the link, write a paragraph of at least 125 words describing the article and how it relates to the material from the textbook.

  Price plays a role in the perception of value received

Price plays a role in the perception of value received. How do you think value should be determined? Explain your answer.

  Provide awareness for these types of fraud techniques

Identify and describe at least two forms of fraud techniques from your research. Include the identity of the government agencies that provide awareness for these types of fraud techniques.

  Explain theory plays an important role in science

What is the main difference between descriptive and experimental research approaches?

  Develop specific goals for yourself for the next year

Write a story of what your life will look like in 5 years. Develop specific goals for yourself for the next year to help make this vision a reality.

  Positive corporate culture

In your own words, write a paragraph which explains your understanding of a positive corporate culture. Include an introductory sentence and a conclusion.

  Identify ways in which pleadings can be brought

Identify ways in which pleadings can be brought in court in a civil matter in court

  Why states are moving toward legalization of marijuana

Why states are moving toward legalization of marijuana to varying degrees, while the federal government remains entrenched in a strict anti-marijuana policy.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd