Unit 3b Case Studies
Case 3B: Coordination between an Information Technology Department and Human Resources Department: A Case Study and Analysis
Based on my observation security at Cenartech is high risk. I base this off of the security practices that are in place. What companies fail to realize is you can protect your network technically but you also have to protect the network physical. There are firewalls in place to protect the network from the outside but no policy to protect the network from the inside. “A security policy is a document that defines the scope of security needed by the organization and discusses the assets that need protection and the extent to which security solution should go to provide the necessary protection.”(Stewart and Chapple …show more content…
After the presenting his case to HR leadership he decided to work on an IT project at the top of the list. He setup virtual private networks (VPN) for the sale staff to have remote access. A VPN is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network. (Stewart and Chapple and Gibson, 2012, p221) He setup the VPN on the financial network. Once the software was loaded on employee’s systems he started to monitor the security logs. He found more incoming connection then what he installed. “When he followed up on a few of the originating IP addresses in the security log, He found that a number of the connections originated from a local cable Internet Service Provider (ISP)” (Whitman and Mattord, 2011, p. 27). The attacker was using shared accounts from employee in the company. When someone would leave they would pass the account down. Accounts were not being deleted or disable. Removing or disabling accounts should be a standard best practice for any system. Accounts need to be deleted as soon someone leaves. (Stewart and Chapple and Gibson, 2012,
Based on my observation security at Cenartech is high risk. I base this off of the security practices that are in place. What companies fail to realize is you can protect your network technically but you also have to protect the network physical. There are firewalls in place to protect the network from the outside but no policy to protect the network from the inside. “A security policy is a document that defines the scope of security needed by the organization and discusses the assets that need protection and the extent to which security solution should go to provide the necessary protection.”(Stewart and Chapple …show more content…
After the presenting his case to HR leadership he decided to work on an IT project at the top of the list. He setup virtual private networks (VPN) for the sale staff to have remote access. A VPN is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network. (Stewart and Chapple and Gibson, 2012, p221) He setup the VPN on the financial network. Once the software was loaded on employee’s systems he started to monitor the security logs. He found more incoming connection then what he installed. “When he followed up on a few of the originating IP addresses in the security log, He found that a number of the connections originated from a local cable Internet Service Provider (ISP)” (Whitman and Mattord, 2011, p. 27). The attacker was using shared accounts from employee in the company. When someone would leave they would pass the account down. Accounts were not being deleted or disable. Removing or disabling accounts should be a standard best practice for any system. Accounts need to be deleted as soon someone leaves. (Stewart and Chapple and Gibson, 2012,