MyAssignmenthelp
Get Help From World's No.1 Online Tutoring Company
Get Online Tutoring through WhatsApp
Call Now: (+61) 416-195-006
Get Online Tutoring through WhatsApp
Challenger Constructions Case Study
Challenger Constructions Ltd is a building and construction company located in regional New South Wales. It has a number of separate, but related divisions:
The company has a small data centre at its main site in Orange where the company’s servers and data storage is located. The company has some 300 staff, of whom 50 work in the Orange and Bathurst offices. These 50 staff include management, administrative staff and design and consultancy staff. The remaining staff mainly work on different construction sites. The company has two dedicated IT staff to maintain their IT assets and network. The company has a range of different types of personal computers, which run a mixture of Windows 10 and Windows 7 Enterprise, to connect to the company data centre. The company also has 3 MacBook laptops running OS X.
The different construction division foremen communicate with the company using a number of iPads. These are used to update project management schedules and details and to take photos of the progress of various constructions. These iPads are kept by the different foremen and are often also used for personal communications and web access.
The company does not have a clear patching and update policy. As a result most servers and desktop machines are patched on an ad-hoc basis and as time, and operations, permit. The patching and/or updating of the company’s iPads has not been considered.
The company’s IT staff are responsible for the management of the server infrastructure and company network. But effective administration is somewhat hampered by the fact that the administrative passwords are generally well-known across the company. Company employees enjoy free, open, unrestricted access to the Internet, but realistically they only need to access certain websites on the Internet. Company management would like to minimise the cost of accessing web resources.
The company consists of the following divsions:
There are no formal onboarding and offboarding processes in the organisation. There is close to no policy framework in the organisation.
Infrastructure
The company uses several servers to conduct its core business. The company has the following
server infrastructure:
Each of these servers are independent machines with relatively vanilla installs of their respective operating systems. None of the company’s servers are running the latest operating systems nor have they been recently patched. Most application servers, such as Exchange and SQL Server, are also outdated. All servers have publicly accessible addresses and hence can be accessed from the Internet.
The servers are all commodity x86 servers that have been purchased as required. There are no maintenance contracts on either the hardware or any installed software. Most of the servers and desktops are over five years old.
Services and Data
The servers store the following;
departments),
Most services are only used within the company, however the company does have an internet presence via its web pages and mail server. Despite this some of the construction design planners work from home in the evenings and access some services from their home workstations, tablets or mobile devices. The construction foremen access the company’s data from work sites and from home each day. They also upload construction details and photos daily. You can assume there is no redundancy/ fail over in the disks hence if a disk goes bad, that data is lost and the service associated with it fails.
The most important data to the company, in order of importance, is:
The integrity of this data must always be preserved.
Administration
Most of the staff in the company are aware of the administration passwords for the servers and desktops. It should be noted that all users have accounts on the mail, database and database servers.
The administration of the servers tends to be haphazard. There are often storage issues with storage as disks fill up regularly. There are a lot of active but unused accounts for users who have now left the company. The company is dependent on its servers for continued access to services, but there are no monitoring systems in place.
External hackers have compromised some desktop machines in the past. The administrators are reasonably confident that the servers have not been compromised. That said, when a host is compromised; the administrators merely disable the hack and continue to allow the machine to be used. Most compromises are noticed too late, i.e. well after the hack has occurred.
Security
The company does not have a firewall or any other security system in place. Currently all services offered by the servers are accessible via the Internet. All servers, and most desktops have a basic anti-virus system in place, but it has not been updated recently. There is no anti-virus on the MacBooks as the company has been told that they “don’t get viruses”. There is no overall email virus protection in this company.
Backup and Disaster Recovery
The company does not have any backup or disaster recovery systems/ procedures.
Network and Physical Location
The servers and core network infrastructure are located in common workspace as other infrastructure and employees of the organisation. In addition to this the servers are on the same networks as user workstations and there is no network security. The company is connected to the Internet via a ADSL2 modem connected to a router. The router connects to a several 10mb hubs, which provide access to the staff (there is only one LAN). There is no external firewall. Individual Workstations & Passwords. Each employee has a desktop computer. Most of the computers are running a vanilla install of either Windows 10 or Windows 7 Enterprise that, in most cases, has not been patched since install. Employees often keep corporate data on these desktops in their home directory, which is not backed up.
In addition to this, everyone has administrator privileges to their workstation. As the environment is relaxed, a user can have accounts on other employee computers possibly using the same or different password.
The company has no hard and fast rules about passwords; in fact the most common password used is the person’s name. These passwords are also indicative of what is used on the server machines.
Read the Challenger Constructions case study document before attempting this assignment.
Tasks:
You have been employed by Challenger Constructions as their first ever Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks.
Your Risk Register should be in table format using the following column headings:
You should provide references in IEEE format, particularly for controls to be employed.
RATIONALE
This assessment task will assess the following learning outcome/s:
Want to contact us directly? No Problem. We are always here for you
Get Online
Online Tutoring Services