Question

In: Computer Science

You have joined a company as a security consultant, discuss the vulnerabilities of the company’s data...

You have joined a company as a security consultant, discuss the vulnerabilities of the company’s data and systems and propose a plan to protect company assets.

Solutions

Expert Solution

First let us know the work of security consultant:

The work is to conduct information security management reviews and information security management system assessments.

The vulnerabilities of the compamy's data and systems are:-

1. Angry or Dissatisfied Employees

  The members of the company with IT with knowledge of and access to networks,data centers and admin accounts can cause severe damage.

2.Careless Or Uniformed Employees

Employees who are not trained in security best practices and also have weak password,visit unauthorised wesites and or click on links in suspicious emsils or open email pose an enormous security threat.

3. Mobile Devices

Using mobile by the employees to share data,access company information,or neglect to change mobile passwords.

4. Third Party Service

  Because of more complexity in company they go for outsources and vendors to support and maintain systems.These third party usually dont follow security practices,like they use default password to connect to their clients.

5. Cloud Appications

It is a internet based programme where some or all of the processing logic and data storage processed in the cloud.Sometimes these cloud appications are vulnerable because of the hackers.

Plans to protect the company asset

1.The first step is to identify the previleged accounts and credentials immediately and terminate those which are no longer in use or are connected to employees that are no longer at the company.

2.Train the employees on cybersecurity best practices.

3.Encryption is necessary,even if individual employees hasnot taken personal precautions to lock their phone.But IT department can look over upon it and to be extra safe can implement OTP,RFID and finger print etc.

4.BYOD Policy ,employees are better educated on device expectations and companies better monitor email and documents downloaded to company or empoyee owned services.

5.Implement mobile security that it protect corporate data and access corporate systems and ensures corporate content stay encrypted under ITs control.


Related Solutions

You have joined a company as a network security analyst. Your CTO came to know you...
You have joined a company as a network security analyst. Your CTO came to know you are a graduate from MIT Melbourne/Sydney and successfully completed a VPN unit. Therefore, you have been asked to develop a security plan for your customers and remote managers for their Internet access to the business. You need to analyse the following cases and recommend the solutions for the question quen-1) You want to assist customers in building trust with your company. Discuss with your...
As a penetration tester and security consultant, you have been engaged by a company to assist...
As a penetration tester and security consultant, you have been engaged by a company to assist them in selecting an Intrusion Detection System (IDS) for their infrastructure. They're considering installing a signature or anomaly based IDS product. They've asked you to provide a concise analysis of the strengths and potential weaknesses of each of the IDS types. Discuss and explain the strengths and weaknesses of each type of IDS and any considerations they should make in selecting one over the...
A company recently hired you as a consultant to estimate the company’s WACC. You have obtained...
A company recently hired you as a consultant to estimate the company’s WACC. You have obtained the following information. (1) The firm's noncallable bonds mature in 20 years, have an 8.00% annual coupon, a par value of $1,000, and a market price of $1,050.00. (2) The company’s tax rate is 40%. (3) The risk-free rate is 4.50%, the market risk premium is 5.50%, and the stock’s beta is 1.20. (4) The target capital structure consists of 35% debt and the...
You have recently joined Star Technical Solutions as an information security officer. The company has been...
You have recently joined Star Technical Solutions as an information security officer. The company has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, you want to use another protocol which offers stronger security than SSL. Which protocol is similar to SSL but offers stronger security? Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form. b) One of...
You have recently joined Star Technical Solutions as an information security officer. The company has been...
You have recently joined Star Technical Solutions as an information security officer. The company has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, you want to use another protocol which offers stronger security than SSL. Which protocol is similar to SSL but offers stronger security? Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form.
You have recently joined Royal Security Services as an information security intern. Your supervisor has asked...
You have recently joined Royal Security Services as an information security intern. Your supervisor has asked you to research two network firewalls. In this regard, you have to create a table by comparing features of firewalls in terms of filtering methods (stateless or stateful filtering), additional features these firewalls support (IDS, content filtering, etc.), and the cost of each firewall. Which one you would recommend to your supervisor? Justify your answer. please give answer in tabular form
You have been hired as a security consultant for a law firm. Which of the following...
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm? A) Wireless Network B) Employees C) Authentication procedures D) Lack of data encryption
You have been hired as a security and data analyst for a company operating an online...
You have been hired as a security and data analyst for a company operating an online social media platforman. You are tasked to work on a project to identify possible threats related to fake user accounts (so called sibyls ). How can you get started on the project? Try to break it down using the the six phases of the CRISP-DM process. Start your analysis by explaining briefly what the goal of each phase of CRISP-DM is. Use bullet structured...
You have just joined a company as a new staff accountant. Your company is in an...
You have just joined a company as a new staff accountant. Your company is in an acquisition mode (acquiring 5 to 10 smaller companies each of the last 4 years). You are excited to hear that you are going with an acquisition team to facilitate another acquisition (Company X). You have been instructed to sit down with Company X’s controller and explain some pre-acquisition (before the acquisition is finalized) accounting expectations. Expectations for Company X before the acquisition is finalized....
1. Daves Inc. recently hired you as a consultant to estimate the company’s WACC. You have...
1. Daves Inc. recently hired you as a consultant to estimate the company’s WACC. You have obtained the following information. (1) The firm's noncallable bonds mature in 20 years, have an 8.00% annual coupon, a par value of $1,000, and a market price of $1,150.00. (2) The company’s tax rate is 40%. (3) The risk-free rate is 4.50%, the market risk premium is 5.50%, and the stock’s beta is 1.20. (4) The target capital structure consists of 35% debt and...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT