Description:
Elizabeth Chan is the CEO of a 1 year old electronics company. The company designs, develops and manufactures the Micro Midget Widget - this is Elizabeth's own invention and it is a small but important component in a wide range of complex video and other specialised hardware. Elizabeth is an engineer but she has no modern technical understanding of IT security issues. Elizabeth has had no problems with IT Security until very recently when the Company's network was subject to a series of attacks. In the period of 3 days, the company's website was defaced, a serious virus infected the company e-mail and large quantities of data were corrupted. Elizabeth's IT security risk management concerns are wide ranging. She needs to determine whether the same hackers are likely to hack the company again. She believes the recent attacks suggest the hackers were interested in either proprietary theft of sensitive information for personal and/ or financial gain or, to disrupt the affected company in such a way as competitors have an edge. There is also an evidence of a previous disgruntled employee planning for revenge against Elizabeth. Elizabeth has become very worried about cyberterrorism and is concerned that she may inadvertently allow her unprotected system to be the launch pad for a major denial of service attack on the Australian NII. She is also very concerned about becoming a victim of e-crime. She believes that her company ought to develop a Forensic Readiness plan so as to be prepared for possible action against the hackers who have been attacking her company. Since the company is relatively new she can build whatever security controls and purchase whatever new hardware you recommend.
Task:
1. Based on the above information, use your own imagination to come up with a company structure.
2. Identify the risks the company currently facing and how these risks can be managed. Your discussion can be categorized under the broad categories of people, process and technology. .
Describe the types of attack which might be made against company's database, possible reasons for attack, and some methods which may be used to secure the database.
3. Your client wants to add some E-Commerce functionality to her business and to use mobile wireless devices to help in this process. Give details of the basic IT security controls that she will need for the wired network and also provide two alternatives to deal with the security of his wireless network.
4. Draw a basic system architecture for the company including your security controls - it is a simple LAN, some databases, a mail server and a web server and a small wireless network.
5. Illustrate the legal and ethical issues will your client face if the data in her databases or files is lost or damaged?
6. Provide details of the broad categories of Federal and South Australian criminal legislation can be used to prosecute hackers and computer criminals in South Australia.
7. Advise how your client can ensure her organisation is forensically ready for possible action against intruders to company network.
8. Analyse the company's existing Information security policy. Evaluate the gaps and provide an overview of suitable security policy for your Client.