ITM455 Interactive Case Activity 1
C-Bay Task 1: Operational Issues & Security Policy Review
Team Members: Richmond Ignacio, Veronica Perez
Task: Using the COBE Problem Solving approach, review the meeting notes about the organization’s current list of 24 problems/symptoms.
A). Consolidate these problems/symptoms into the top 5 categories that reflect actionable security topics the company should address in its policy.
B). Then review the security policy draft and see if that topic is addressed in the new policy.
C). If the topic area is not included, make a note to add some content related to your identified problem area.
D.) Summarize the state of C-Bay’s current security policy draft vs what they need to add.
Note: Some items may be purely business issues (non-technical issues) and should be consolidated into a separate category.
Resources: (C-Bay Website):
Read: Welcome & Orientation Letter, Executive Summary,
Work with: Meeting Notes (list of issues), Security Policy Draft
Item Analysis: (add lines as needed)
Problem/Symptom
Topic Area
Alternative Solutions
Addr Y/N
Policy Section
Content Needed
Example:
Spike in calls to customer support
Business
n/a n/a n/a n/a DOS Attacks
Networking
Two or More Authentication controls, Install firewall and configure and restrict traffic, Proper anti-virus in place, e-mail distributed
Y
6.0 E-mail policy
Procedure Policy, Control access, trafic motinutering
Consultants can access server remotely
Security
limited authorization, log all connections via SSH and FTP, create new user accounts for each individual
Y
1.3 Policy, 1.5 Individual Access Control
Temporary users- make sure to disable account one access is not required
Employees that Left company- Access to network passwords, etc.
Policy/System
Disable unused account and take them out of system.
Y
3.24 Host Security
IT immediately revoke all computer, network, and data access
Password standards
System/ Programming
Change default system and make character requirements guidelines.
Y
3.2.4 Host Security, 5.3 Policy, 7.3 Policy
N/A Upper and lower case letters, state no dictionary word, time out of system win not in use.
Slow server response time
Networking/ Operational
Use one-time execution certain information of server, clear out unnecessary information taking up memory space
Y
2.1 Purpose,
2.2 Scope,
2.3.1 Ownership and Responsibilities, 2.3.3
Existing performance and data, evaluate with automated web application monitoring solutions
Anti-virus protection standards
Operating System
Automatic Updates for the system
N/A
N/A policy needed
No security audit records
Security
Conduct regular audits and update systems
Y
2.3.4 Compliance, 3.2.1, General Security
Yes, physical locations to store data, put policy in place to address problem and future ones
No response to emergency threats or malicious attack
Policy
Procedure Response for the vulnerabilities
N/A
N/A
Development of an emergency action plan
Bandwidth Issues with Employees
Policy/
Management/ Administration
Restrictions on Web used
N/A
N/A
Employees training and plan review
Summary:
C-Bay policy has some security protocols in order to protect the system, in case of attacks, network and server failure, and inappropriate use of equipment or network. It also has written guidelines, and procedures to keep data secure and updated. The policy is still being developed, and needs
