User Account

All Pages

Suggest one or more controls to support each policy

Assignment Help Other Subject
Reference no: EM132282384

The following scenario is based on an actual attack deconstructed at a seminar I attended earlier this year. The names and locations have been removed to preserve the privacy of the organization in question.

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as "training1", "training2", etc. with passwords of "training1", "training2", etc.

The generic logins were not subject to lock out due to incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

Suggest one or more policies that would help mitigate against attacks similar to this attack

Suggest one or more controls to support each policy

Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.

Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget

Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.

Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy

3-4 pages in length.

APA format.. citations, references etc...

Reference no: EM132282384

Questions Cloud

Describe what a firm could do to minimize risk : Explain the difference between permanent and temporary working capital, and describe what a firm could do to minimize risk.
Primordial areas of the brain that control basic drives : If pheromones have been scientifically proven to have a profound effect on the primordial areas of the brain that control basic drives, should we encourage "phe
How a risk assessment methodology process can be used : How a risk assessment methodology process can be used to assess risk at a maximum security facility.
Social-cognitive personality theories support : Freud's theory often supports the idea that personality is fixed, whereas social-cognitive personality theories support the idea that personality
Suggest one or more controls to support each policy : Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access
What are some methods to avoid procrastination : What are some methods to avoid procrastination and help manage the distractions
Relationship between an apple and a banana : Someone asks me: what is the relationship between an Apple and a banana? I answer him: these are fruits. What memory allowed me to find the answer to this quest
Storytelling addressing stereotype vs archetype : How might I or another student understand the difference in storytelling addressing stereotype vs. archetype?
What is the smart method for goal setting : What is the SMARTs method for goal setting? Describe each step in your response.

Reviews

Write a Review

Other Subject Questions & Answers

  Explain code of ethics for your jacksonville sheriffs office

Describe the code of ethics for your The Jacksonville Sheriffs Office. What does current field research suggest for improving the ethical challenges you have noted?

  Describe the legal and ethical parameters

Describe the legal and ethical parameters related to administering and interpreting assessment tools. Identify the sanctions and educational requirements.

  What opposing forces make the creation of health policy

Discuss what you feel is the single most important issue and/or factor in creating, formulating, evaluating and analyzing health care policy in the US.

  A conclusion that summarizes your points and presents an

your presentation needs a format to harness your thoughts and put them into a plan. the outline is a way of doing that.

  Write summary of the concepts of the life course perspective

what is the comprehensive summary of the concepts and presuppositional assumptions of the life course perspective! including an overview

  What are the three most important issues child development

what are the three most important issues child development professionals will need to address for young children and

  Identify the most accurate sentential counterpart

Identify the most accurate sentential counterpart to the natural language proposition. "Either Redbook increases circulation or both Glamour hires models and Cosmo raises its price." R = "Redbook increases circulation"; G = "Glamour hires models";..

  What motivated you to engage in this project

What approach did you apply to the situation? What type of leadership would you classify yourself as in this situation? What motivated you to engage in this project?  How did you challenge yourself and others

  What items your career portfolio need to include in general

What items does your career portfolio need to include in general? What (if any) additional items will you need to include for your particular career field and job search?

  Large amount of discretion when making arrests in cases

Officers have a large amount of discretion when making arrests in cases. What is situation-based police discretion? What are the four different types of actions police officers may take in relation to juveniles they encounter?

  Discuss the factors that influence teen pregnancy

Describe the physiological factors that produce hunger.2) Discuss the factors that influence teen pregnancy and risk of sexually transmitted infections.

  What do you think the egyptian government needs to do

What do you think the Egyptian government needs to do in order to get the economy growing again and to attract foreign capital?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd