Assignment : Computer Security
Background
Zoom Printing (ZP) is a smalldesign and printing company residing in Perth, Western Australia. ZP currently employs ten people - none of whom hasany IT expertise or literacy.
There are plans to expand the number of employees to at least 20.The boss's 17-year-old niece was responsible for all computer and network related matters for the past two years.
ZP has recently won a financially rewarding 2-year contract, making them responsible for printing highly confidential Government documents. ZP are progressively moving online and have just published a simple catalogue online using Weebly.
In recent months, employees have noticed; computers progressively operating slower,and random malware inspired popups are being displayed. The following list contains an overview of the current situation within ZP:
• The SOE consists of a mix of Windows 7/10 laptops. Some laptops have been purchased specifically for ZP and others are brought in/taken home each day by the employees.
• None of the laptops contains any security software.
• Patch/update levels across laptops is unknown with each workstation encompassing varying desktop configurations. The last time any known updates were applied was November 2016.
• Internet access is via ADSL using a D-Link DSL-2740B wireless router.
• A QNap TS-412 NAS is used to backup workstation data (at each employee's discretion) using WinSCP. The username/password for the NAS admin account is zoom/zoom.
• A Windows 2000 Server was previously operational in the organisation but a power surge resulted in hardware no longer functioning.
• Each employees receives on average 40-100 spam messages each day.
• In July 2017 - two workstations succumbed to a ransomware attack and ZP paid the ransom.
• There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cyber security conscious behaviours.
• Employees can access each other's computers and email accounts.
• Confidential data is emailed/stored without using any cryptographic techniques.
• Last week an employee found a USB flash drive in the car park and plugged it into their computer. Since then, the employee has claimed that the computer appears to have "a mind of its own".
Task
You have been hired to advise on the cyber security issues and develop a range of recommendations to ensure ZP can fulfil current and future contractual obligations.
The employees are comfortable, and reluctant to change their current cyber security behaviour. Many of the employees believe that the company is functioning correctly and does not need a new cyber security operational model. ZP's manager is committed to addressing the cyber security issues and culture of the workplace and has allocated a sum of $250,000 to achieve the goal.
The manager has requested that you compile a small, succinct report addressing the top eight (8) cyber security related issues. In producing your solution, you should address the following requirements:
• Why the chosen cyber security issue is being included within the "top 8"?
• An explanation/demonstration of the potential consequences of the identified issue.
• A detailed explanation/demonstration of how you propose to address the issue.
• Why is your chosen solution better than alternative approaches?
• A detailed breakdown of the cost in addressing the selected issue.