Security

Scenario: Harry and Mae’s Inc. Case Study- Executive Summary

man wearing white dress shirt sitting on chair while using gray Dell ThinkPad laptop

Dear Harry and Mae’s Inc.’s I.T. Staff and Executives,

As requested, I have compiled an Executive Summary of the situation on Harry and Mae’s identified risks and my recommendations. In this report, you will find an overview section that describes my risk analysis, how it was formulated, and the scope of the investigation. I also included how I performed my analysis in determining your critical assets and locating and identifying your threats and vulnerabilities. Finally, I will summarize my findings with a synopsis of found risks, their rankings, and my recommendations for mitigating them.

Executive Summary

In my analysis and risk review of your organization, I utilized the information provided to me about your software and hardware, security policies, known errors, and the troubles you have had in my goal of deciphering what areas of your organization are at the most significant risk to the continuance of your business operations. In my findings, I have identified several potential dangers that will undoubtedly increase the possibility of data breaches or loss, malicious attacks, or common user-error scenarios. As you have seen in my previous documents, I have not only listed all the problem areas, but I have ranked and prioritized them as well.

Per my asset value, vulnerability value, likelihood, and risk exposure chart, the following threats should be prioritized: Cisco ME 3600X switches’ poor password policies, Aruba WAPs’ accessibility in the prevention of malicious attacks, Aruba 6000 Mod Controllers’ default settings and enabled guest account, HP StorageWorks Server’s lack of antivirus, updates, and policies, IIS web server’s inadequate authentication measures, HP ProLiant DL380 G7 servers’ lack of updates and policies, A.D. domain controllers’ enabled default and improper basic/admin settings, each A.D. organizational units’ enabled default and improper basic/admin settings, your use of Windows 7 and insufficient Windows authentication and virus settings, P.O.S. systems’ poor system policy and authentication settings and lack of encryption and training, lack of employee training and education, lack of uniform and updated antivirus (as well as poor access control of the software), and improper settings, updates, and maintenance for your company’s various websites.

In my review, I categorized each of the abovementioned threats with their likelihood to occur, as well as their potential dangers. It is my opinion that these should be immediately remedied before the rest of my identified risks are mitigated. At the present moment, several things need to happen to ensure your organization is up-to-date with the latest security software, hardware, policies, and procedures. First, a complete review of your processes for updating your numerous software and security policies should be performed and ensure that a continuous plan is both created and enforced to conduct audits of all systems you manage; as most of my found threats are policy or software update-based, I feel that this would be the ideal solution.

Per your response to my findings, if you chose to move forward with my task of eliminating or mitigating the various threats I have identified, I can begin to outline how this project will be completed, as well as the cost to do so. I am confident in my abilities to keep the entire project under cost and completed on time. By performing the actions that I have recommended, Harry and Mae’s Inc. will be prepared for the uncertain world of tomorrow. Please let me know if you have any questions or concerns about my found threats or the processes to secure them.

Thank you,

William Donaldson, Teckzor Inc.

References

Wheeler, E. (2011). Security risk management: Building an information security risk management program from the ground up. Waltham, MA: Syngress.

Eppler, M. (2008). Envisioning Risk. A Systematic Framework for Risk Visualization in Risk Management and Communication. Retrieved November 5, 2020, from http://www.knowledge-communication.org/pdf/envisioning-risk.pdf.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s