Case Project Assignment: Read the following Case Study and answer the questions at the end in paragraph form.
XYZ Security Auditors was hired to determine if he could gain access to the network servers of a department store chain that contained important proprietary information. The chief information system officer (CISO) of the department store chain boldly proclaimed that breaking into the servers by the auditor would be "next to impossible" because the CISO "guarded his secrets with his life." The auditors were able to gather information about the servers, such as the locations of the servers in different areas and their IP addresses, along with employee names and titles, their email addresses, phone numbers, physical addresses, and other information.
The auditors also learned that the chief executive officer (CEO) had a family member who had battled through lupus which does not have a cure. As a result the CEO became involved in lupus fundraising. By viewing the CEO's entry on Facebook, he was also able to determine his favorite restaurant and sports team.
The auditors then called the CEO and impersonated a fundraiser from a lupus charity that the CEO had been involved with before. They stated that those individuals who made donations to this year's charity event would be entered into a drawing for prizes, which included tickets to a game played by the CEO's favorite sports team and gift certificates to area restaurants, one of which was the CEO's favorite.
The CEO was very interested in the fake charity event, the auditors said that they would email him a PDF document that contained more information. When the CEO received the attachment he opened it, and a backdoor was installed on his computer without his knowledge. Auditors were then able to retrieve the company's sensitive material. (When the CISO was later informed of what happened, he called it "unfair"; the auditors responded by saying, "A malicious hacker would not think twice about using that information against you.")
Now pretend that you are an employee of that company and that it is your job to speak with the CISO and CEO about the security breach.
What would you say to them? Why?
What recommendations would you make for training and awareness for the company?
Write a letter to the CISO and CEO explaining the breach and what steps are taken to prevent this from happening in the future.
Case Project: Choose one of the following threats, use the Internet to research and answer the questions, and write a one-page paper on your research: DoS Attacks, Arbitrary/Remote Code Execution Attacks, Injection Attack Defenses, Zero-Day Attacks, Buffer Overflow Attacks.
• How do these attacks commonly occur?
• How are the vulnerabilities discovered?
• What are the defenses to protect against these attacks?
• What are some of the most well-known attacks that have occurred?