Infosec Scenario


Background:

LHS has just recently acquired RHS and is integrating the infrastructure from RHS.   RHS was previously a software consulting company and their mission was to aid clients in reaching compliance with the Capability Maturity Model (CMM).   RHS has the following information services in place at their current location:

Service/System/Application | Purpose |
E-mail services | administration and operational messaging, also used extensively for customer contact |
Public web server | public relations site |
Intranet web server | for human resources, on-line training courses, ,billboard for company policies, etc. |
Customer Relationship Management (CRM) system | tracks customer information, account status, etc. |
Network services | file and print servers, DNS, DHCP, etc. |
Internet connection | web browsing and general connectivity |
Sales database | sensitive system that stores and processes sales data, projections, etc. |
Human Resources database | used for tracking all essential information about people in the company; salary and benefits, address, home phone, next of kin, etc. |
Finance system | tracks the accounts payable/receivable and budget of the organization |

During acquisition negotiations, you received a report from RHS that detailed their findings of a recent Information Security Audit.   The audit was conducted by an independent contractor, and the following observations were made:

Global Observations
  * Backups not encrypted; backups stored in a secure vault in a separate facility
  * Some files owned by obsolete user accounts
  * Sensitive files found on user systems
  * Inventory of systems on the network is incomplete
  * Evidence that sensitive e-mail has been sent unencrypted
  * Inconsistent host configuration (especially laptops)
  * Not all systems patched to same level
  * Network Map displayed in unsecured areas
  * No reporting policy (or records) for host system security problems or issues
  * No...
  • Ethics Scenarios
    Each team should respond in paragraph form to the questions that follow the scenarios presented below. Any disagreements or complications that occur within the team...
  • Three Scenarios Of Hr Interest
    Labor Relations, Employee Relations & Global Resources: Three Scenarios of HR Interest Scenario One You are a supervisor in a small manufacturing plant...
  • Scenario Building - Harva Method
    will affect the way US companies conduct their business. Step III Future Scenario in 5 years Business technology consulting must be built on the firm...
  • Scenario One Problem Solution
    really affect their place in the market in a positive way. Lisa states in the scenario that the company has the opportunity to "build a new and very flexible model...
  • Ethics Scenarios
    Ethics Scenarios Individual Responses Duty Based (Deontological): 1. We don't always get to work with teammates that are going to be ideally suited...