1 / 5100%
1
Running Head: KICKOFF AGENDA
ISE 510 : Final Project Milestone 1
Carlos Delapaz
SNHU
September 1,2019
2
KICKOFF AGENDA
Limetree Inc. is a research and development organization which is involved in
multiple research projects with the federal government as well as private corporations in
areas such as biotechnology, healthcare, and different cutting-edge industries. In recent times,
the firm has experienced a security breach incident and it believes the incident took place
because of the existence of some security vulnerabilities.
The objective is to conduct a kickoff meeting relating to the security breach analysis
so that necessary details and information can be captured suitable recommendations can be
made. A kickoff agenda has been developed for the meeting and each of the items that would
be covered has been thoroughly described as they would be of paramount importance for the
risk assessment.
Kickoff Agenda Topics relevance
A wide range of elements would be captured in the kickoff meeting which would be
of high relevance to strengthen the security quality of the IT infrastructure. The office
environment of Limetree would shed light on various areas from where threats could arise in
the internal setting. The security relating to vital organizational information and the control
over sensitive information or documents would provide an insight into how the employees
function to improve the security of the IT system.
The agenda item relating to the use of external hardware devices would reflect
whether the employees are careful with the devices or not. Their approach towards IT
security could be understood. Similarly, the knowledge on voicemail PINs would showcase
the personal security stance which the employees are taking in Limetree. The item on how the
firm secures the backup of the system would highlight its approach towards the quality of the
security system. The agenda item on implemented computer access system would shed light
on the current security approach of the firm. The network environment of Limetree would
shed light on the vulnerabilities that could arise in the unpredictable setting. Ultimately, the
3
KICKOFF AGENDA
use of licensed or pirated software would reflect, the firm’s approach to using authentic
software to strengthen IT security.
Kickoff Agenda Topics
A kickoff meeting has been planned to collect additional information on Limetree
Inc.’s security environment. The fundamental agenda of the meeting would be to get a
thorough insight into the security infrastructure of Limetree Inc. Some of the core
components that would be covered in the kickoff agenda include the office environment of
Limetree, the security level of employee, financial and client information and control over
sensitive documents, the use of external hardware devices, the access of voicemails, and the
backup of the system.
These are some of the core elements that would form a vital part in the meeting as
they would shed light on how the firm currently handles and manages the sensitive
organizational information on Limetree Inc. In addition to this, there is the need to focus on
other vital elements which could influence the vulnerability as well as the security posture of
the organization such as the implemented computer access system, the network environment
of Limetree, the use of licensed or pirated software.
As the effectiveness of the Information Technology security of the firm depends on a
wide range of factors and elements, an integrated knowledge of the existing security posture
would be necessary. So in the kickoff meeting, all the highlighted items would be covered as
they would help to identify the main areas where loopholes exist and which empower cyber
attackers or online criminals to gain an upper hand against the Limetree Inc. organization.
Office environment of Limetree
The proper knowledge of the office environment is one of the fundamental agenda
items which would help to identify the main categories of vulnerabilities that the firm is
likely to face. In the current times, it is facing numerous security vulnerabilities including
4
KICKOFF AGENDA
personally identifiable information, network, and system security, implemented password and
pin security, inappropriate disposal of documents, secure storage cabinet key and many
more. Information of the entity environment would help to ascertain the main security
concerns that could arise due to the ineffective management of the environment.
Network environment –
The network environment which comprises of servers, routers and firewalls is
necessary. An effective network environment would prevent unauthorized users from getting
access into the system. The knowledge of the quality of the firm’s network environment
would help to design suitable measures so that security could be enhanced.
Security of the employee, financial and client information
The proper security of information relating to the employees or clients must be
disposed of carefully and tactfully. In the organizational setting, documents containing
sensitive information were disposed in trashcans instead of being shredded. There was a
need to capture additional information on how the firm was handling sensitive data. The firm
did not have proper control over the sensitive documents that it intended to discard which
increased its level of vulnerability in the technology-driven times.
Use of external hardware devices
It was observed that there were two Portable Device Assistants and a storage device
which were kept under a work desk. Similarly, there were other hardware devices such as a
flash drive and CDs that had not been kept in a secure manner. The inappropriate placement
of various external hardware devices must be included in the kickoff agenda ad it can have a
major impact on the security posture of the research and development firm.
Access to voicemails
The employees were very careless while setting the PINs of their voicemails as they
were generally using the last four digits of their phone extension. In the meeting, there is a
5
KICKOFF AGENDA
need to focus on this item as it would help to identify other similar areas where employees
have carefully set security codes or pins.
Backup of the system
At the present times, the network administrator was responsible to maintain the
backup of the system on a day to day basis. But these backups could be kept in an unsecured
manner. So there is the need to get a detailed idea on how the security of the daily backup
system information is maintained in the organizational setting.
Implemented computer access system –
There were multiple computer systems in Limetree Inc. that were not locked. For
example, three computer systems were unlocked and anyone could gain access into the
folders and the contained sensitive information. This item must be covered in the meeting so
that suitable measures could be introduced to strengthen the existing computer access system.
Use of licensed or pirated software –
A disk of unlicensed software was found in the Limetree Inc. organization. This is a
very major issue which could have a long-term implication on the firm. Due to the absence of
a license, the firm could have to pay heavy penalties.
Students also viewed