Based on the given case study, the author, as an independent auditor brought in by Dalton, Walton, & Carlton’s management performs the task of conducting an audit of their entire IT infrastructure, organization, and processes.
In this case I will conduct a survey among the employees and management as the result of survey will actually reflect the vulnerabilities in the firm. I will put up the question regarding vulnerabilities in the survey paper. Apart from survey I will consult with IT system administrator of the company, he is the responsible for all confidential data and user authority of PC’s in the office premise. I will check the system administrator computer first before consulting with him as may be he is not fulfilling the duties in a proper manner.
List at least three vulnerabilities described in the case. Include the severity and likelihood of compromise for each identified vulnerability.
Free access of data- the main vulnerable point in the organization is the free data access among the unauthorized users and even vendors of the company. The employees have no security for their computers and data.
No updates of software’s and decentralization of wireless network- The company employees are using outdated software’s and PC’s , especially the antivirus software’s are not updated due to that the data destroyed instantly.
Employee’s dissatisfaction- employees are messy and fed up with the organization management, hence they are going to the rivals company.
Include the severity and likelihood of compromise for each vulnerability identified.
There are various severities and compromises are occurring due to several vulnerabilities in this architect firm. The firm s losing its important data from the PC’s and employees are facing the problem of steeling the office equipments from the firm premise. The employees are not able to secure their official data because vendors are allowed to access their PC’s. The higher level managers are disturbed during their working due to outdated software and antivirus program in their PC’s. These are the likelihood comprises that the employees are facing in this firm.
List known or assumed safeguards in place that reduce the vulnerability's impact or likelihood.
Include a list of any assumptions you are making.
Appoint an experienced IT system administrator- the company management can appoint an experienced and discretion IT system administrator, who should be able to manage the server and data authority procedures. A discretionary system administrator will make the strict rules for the data protection.
Need to heed on the organization infrastructure - The organization management must improve the infrastructure of the company as well as the make amendments in the rules and regulations of the company.