Security

Scenario: Asset Identification and Analysis- Harry and Mae’s Inc. Case Study

selective focus photography of group of people selecting vinyl record sleeves

For this assignment, we are tasked with conducting an asset identification and analysis on Harry and Mae’s Inc.’s assets; this is a vital first step in the risk assessment process. By carefully extracting each identifiable piece of hardware, software, or other property, I created a chart that lists the asset’s name, description, quantity, cost (both per unit and total), and finally, the cost of all the assets combined. Armed with the data shown below, one can quickly ascertain which assets are more valuable, thus requiring enhanced risk assessments and mitigation procedures. It is important to note that some of the asset costs shown below are estimations due to the limited information we have available to us.

AssetDescriptionQuantityCost (Each)Cost (Total)
InternetComcast Business Services: Fully redundant fiber (100Mbps down and 50Mbps up)1UnknownUnknown
Nexus Core 700 SwitchesNX-OS 5.02$7500$15,000
Cisco ME 3600X Switches2nd layer, located in each building on campus2$8500$17,000
Aruba WAPsAruba Networks Grid125$450$56,250
Dell SonicWall NSA 4600Connect Comcast Internet to the core network2$3200$6,400
Aruba 6000 Mod ControllersServes Aruba WAPs2$1200$2,400
Barracuda Spam and Virus FirewallCore network, forwards mail traffic2$450$900
Cisco 2960-S POE Switches3rd layer, connects Desktop PCs and POE phones with Gigabit copper LANsUnknown$650$650+
FTP ServerEnabled for both internal/external networks and remote situations. Also used as a staging server1$1700$1,700
HP StorageWorks Server (SAN) Email Server (Microsoft Exchange Server 2010 SP3200TByte, provides storage for the HP ProLiant DL380 G7 Servers1$20,000    $20,000    
Web Server (IIS)Internal and external (with public IP address) connections1$1700$1,700
HP ProLiant DL380 G7 ServersVersion 5.1 of VMWare vSphere10$3000+$30,000+
AD Domain ControllerOne account for the entire campus1 AD Account, 2 ControllersUnknownUnknown
First AD Organizational UnitCampus1UnknownUnknown
Second AD Organizational UnitAccounting and Finance Group1UnknownUnknown
Dell OptiPlex 3020 WorkstationsWindows 7, joined to AD400+$450$180,000
POS SystemHosted as a virtual server on VMware vSphere Hypervisor (ESXi) version 5.12$1000$2,000
Off Campus-NAT FirewallNo further data1$500$500
Off Campus-WAPSetup by franchise owner1$450$450
EmployeesNo further data400+UnknownUnknown
Symantec Endpoint ProtectionAll Campus Workstations400+UnknownUnknown
WSUSUpdates Microsoft applicationsUnknownUnknownUnknown
Microsoft Internet Explorer 10Company Standard BrowserUnknownUnknownUnknown
Norton Antivirus SoftwareOff-CampusUnknownUnknownUnknown
Microsoft PPTP VPN Clients(Off-Campus) POS ProcessingUnknownUnknownUnknown
Campus BuildingPhysical Location1UnknownUnknown
Off-Campus BuildingsPhysical Location100+UnknownUnknown
Perimeter FenceCampusUnknownUnknownUnknown
Surveillance CamerasCampusUnknownUnknownUnknown
Smart Card Access SystemsCampusUnknownUnknownUnknown
Security StaffCampusUnknownUnknownUnknown
Security AlarmsCampusUnknownUnknownUnknown
UPSCampus, 36-hoursUnknown  
Security Fire, Water, etc. SensorsCampusUnknownUnknownUnknown
Power GeneratorCampusUnknownUnknownUnknown
(BYOD) Employee Mobile DevicesCampusUnknownUnknownUnknown
Website-  http://www.harryandmae.comHosted on the single web server, public1UnknownUnknown
Website-  http://www.haryandmae.local.Hosted on the single web server, private (pay statements, work performance, vacation time, personal information)1UnknownUnknown
Website-  http://www.HandMScranton.comOwned by franchise owner in Scranton, PA1UnknownUnknown
Company Facebook AccountOwned by franchise owner in Scranton, PA1UnknownUnknown
Company Twitter AccountOwned by franchise owner in Scranton, PA1UnknownUnknown
Company Instagram AccountOwned by franchise owner in Scranton, PA1UnknownUnknown
    Total: $320,150+

Reference

Wheeler, E. (2011). Security risk management: Building an information security risk management program from the ground up. Waltham, MA: Syngress.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s