SEC 280 Week 5 and 6 Case Study

SEC 280 Week 5

You have just been hired as an Information Security Engineer for a large, multi-international corporation. Unfortunately, your company has suffered multiple security breaches that have threatened customers’ trust in the fact that their confidential data and financial assets are private and secured. Credit-card information was compromised by an attack that infiltrated the network through a vulnerable wireless connection within the organization. The other breach was an inside job where personal data was stolen because of weak access-control policies within the organization that allowed an unauthorized individual access to valuable data. Your job is to develop a risk-management policy that addresses the two security breaches and how to mitigate these risks.

SEC 280 Week 6

Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning.