Scribd Logo
Upload

Welcome to Scribd!

  • IT 253 Project One Consultant Findings

    Uploaded by

    Shi Nya
    47 views1 page
    The IT security consultants identified several high-risk issues after evaluating the company's technical, physical, and administrative controls. Key findings included easy access to the headquarters building and data center without proper badges, unencrypted backups stored on-site, lack of employee security awareness training, an out-of-date security policy, unused but logged-in workstations, and missing business continuity plans. The consultants recommended addressing the multiple high risks to significantly reduce threats and conducting a follow-up evaluation after remediation.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The IT security consultants identified several high-risk issues after evaluating the company's technical, physical, and administrative controls. Key findings included easy access to the headquarters building and data center without proper badges, unencrypted backups stored on-site, lack of employee security awareness training, an out-of-date security policy, unused but logged-in workstations, and missing business continuity plans. The consultants recommended addressing the multiple high risks to significantly reduce threats and conducting a follow-up evaluation after remediation.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    47 views1 page

    IT 253 Project One Consultant Findings

    Uploaded by

    Shi Nya
    The IT security consultants identified several high-risk issues after evaluating the company's technical, physical, and administrative controls. Key findings included easy access to the headquarters building and data center without proper badges, unencrypted backups stored on-site, lack of employee security awareness training, an out-of-date security policy, unused but logged-in workstations, and missing business continuity plans. The consultants recommended addressing the multiple high risks to significantly reduce threats and conducting a follow-up evaluation after remediation.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    IT 253 Project One Consultant Findings

    We were hired to provide an evaluation of the company’s current information security program and
    identify high risks that should be addressed by the company. We understand and recognize that
    information security function at the company is still in its infancy, but our findings should help you to
    prioritize your initial efforts. We were impressed with your leadership’s commitment to support and to
    dedicating resources to ensure that these issues are addressed in a timely manner.

    Our consultant assessed the existence or absence of technical, physical, and administrative controls. Our
    evaluation was not limited only to particular systems, but also evaluated existing people, processes, and
    technologies, and how each element impacts the company’s information security posture.

    The following high-risk findings were identified by our consultant:

    ● Our team was able to access your headquarters building without a valid badge. We simply
    waited near a side entrance and followed another employee inside.
    ● Your data center did require badge access, but any employee or visitor with a badge could
    access the space.
    ● Backups were being kept on-site and were not encrypted.
    ● When speaking to employees, we found that they were unaware of what to do when they
    receive phishing or other suspicious emails.
    ● The current information security policy had not been updated in four years.
    ● Our assessors noticed that many workstations were actively logged on and accessible, but no
    employees were using them.
    ● No business continuity plan or disaster recovery plan exists.
    ● When we interviewed your IT staff, they told us that they use a shared account for performing
    high-level system administrator functions. They were also unsure of what, if any, security
    responsibilities they had.
    ● Your company wireless network is configured to use WEP.
    ● System and security logs are not being stored in a central location.
    ● Mobile devices, such as laptops and phones, are not encrypted.
    ● Your data center did not have backup or generator power.
    ● In a review of user workstations, over 35% had anti-virus definitions over 30 days old.

    While we focused on only a subset of high-risk areas initially, addressing multiple risks will dramatically
    reduce the company’s exposure to threats. You should have a follow-up evaluation after these issues are
    addressed to identify additional areas of opportunity.

    You might also like