You have been engaged by the Board of Directors as an independent security consultant to Clangers Holdings PLC. Clangers Holdings PLC (The Company) is a multinational group company with its headquarters in Coventry. The Company has cornered the market in the manufacture and distribution of cute knitted and stuffed animals that whistle when you talk to them. The company operates wholly owned subsidiary companies in Italy, France, India and Australia in addition to its main area of operation: the United Kingdom. Each subsidiary company maintains its own (Windows- based) computer system and all accounts and management data and information is stored and processed locally. This information includes, but is not limited to: HR records of employees, payroll records, corporate financial information, confidential management information e.g. minutes of meetings of the Board of Directors, customer accounts, customer profiles, sales and purchase ledgers, stock records.
Mrs. Soup-Dragon, director of Clangers Holdings PLC is responsible for IT systems and security throughout the group. You work colleague has recently met with Mrs. Soup-Dragon to discuss a number of security issues. He has summarised the key points below and provided some questions in respect of these points, all of which you must answer:
1. The Company is considering centralising its back office operations by moving its data storage to a server farm located and maintained in the USA. All processing will be carried out via SQL-based web services secured under SSL with password-based authentication. This will:
enable rapid exchange of information between senior staff throughout the organisation,
ensure that records can be accessed by staff away from the company locations (e.g. travelling salespeople)and
protect records against local disasters.
Questions: What legal issues might arise for the company in respect of the existing system for processing and storage of information? Are there any additional considerations in respect of the plans to centralise operations? How might the vulnerability profile for the organisation change under the centralisation plans? (7 marks each, total 21 marks) (500 words maximum)
1
2. Mrs Soup-Dragon would like you to test the security of the private networks in all of its global operations. She is concerned that network security throughout the organisation is not sufficiently robust. However, she does not want you to access management, HR or payroll information.
Questions: How would you ensure that your investigations are consistent with Mrs. Soup-Dragons requirements? What are the legal implications if you were to obtain access to the private information identified above? What strategies would you suggest to Mrs. Soup-Dragon to reduce the possibility of access to private data during the course of your investigations? (10 marks each, total 30 marks) (650 words maximum)
3. It has been observed that the Companys private network in France has been suffering major performance issues recently. A number of computers are very slow and there appears to be a considerable amount of network traffic. However, the Companys IT team has been unable to identify the reason behind these problems. It has been observed that a competitor company: Iron Chicken SARL has been taking customers and staff from the Company.
Questions: What might be the cause of this problem? Could the performance of the competitor company be linked to this and if so, how? How can the organisation mitigate these problems? How might you make use of these problems as part of your own investigations? (7 marks each, total 28 marks) (600 words maximum)
4. Following a recent systems audit it has been reported to the Directors that a number of computers within the organisation are old. Indeed, some of them are running Windows XP although the majority of computers are less than three years old and running Windows 7 or Windows 8.
Questions: What security issues arise from this? What actions would you recommend to the Company to combat the security issues? How might you make use of these security issues as part of your investigation into the security of the organisations private networks? (7 marks each, total 21 marks) (500 words maximum)
In responding to these questions you can make use of diagrams and examples if appropriate. Remember to reference any source literature for your answers. Marks will be deducted for exceeding the word counts specified above.
0 comments:
Post a Comment