Assignment 1: Identifying Potential Malicious Attacks, Threats
and Vulnerabilities
Due Week 4 and worth 75
points
You have just been hired
as an Information Security Engineer for a videogame development company. The
organization network structure is identified in the below network diagram and
specifically contains:
|
1) 2 – Firewalls |
5) 2 – Windows Server 2012 Active Directory Domain Controllers |
|
2) 1 – Web / FTP server |
6) 3 – File servers |
|
3) 1 – Microsoft Exchange Email server |
7) 1 – Wireless access point (WAP) |
|
4) 1 – Network Intrusion Detection System (NIDS) |
8) 100 – Desktop / Laptop computers |
|
9) VoIP telephone system |
The CIO has seen reports
of malicious activity being on the rise and has become extremely concerned with
the protection of the intellectual property and highly sensitive data
maintained by your organization. As one of your first tasks with the
organization, the CIO requested you identify and draft a report identifying
potential malicious attacks, threats, and vulnerabilities specific to your
organization. Further, the CIO would like you to briefly explain each item and
the potential impact it could have on the organization.
Write a four to five
(4-5) page paper in which you:
1.
Analyze three (3)
specific potential malicious attacks and / or threats that could be carried out
against the network and organization.
2.
Explain in detail the
potential impact of the three (3) selected malicious attacks.
3.
Propose the security controls
that you would consider implementing in order to protect against the selected
potential malicious attacks.
4.
Analyze three (3)
potential concerns for data loss and data theft that may exist in the
documented network.
5.
Explicate the potential
impact of the three (3) selected concerns for data loss and data theft.
6.
Propose the security
controls that you would consider implementing in order to protect against the
selected concerns for data loss and data theft.
7.
Use at least three (3)
quality resources in this assignment (no more than 2-3 years old) from material
outside the textbook. Note: Wikipedia and similar Websites do not qualify as
quality resources.
Your assignment must
follow these formatting requirements:
·
Be typed, double spaced,
using Times New Roman font (size 12), with one-inch margins on all sides;
citations and references must follow APA or school-specific format. Check with
your professor for any additional instructions.
·
Include a cover page
containing the title of the assignment, the student’s name, the professor’s
name, the course title, and the date. The cover page and the reference page are
not included in the required assignment page length.
The specific course
learning outcomes associated with this assignment are:
·
Explain the concepts of
information systems security as applied to an IT infrastructure.
·
Describe the principles
of risk management, common response techniques, and issues related to recovery
of IT systems.
·
Describe how malicious
attacks, threats, and vulnerabilities impact an IT infrastructure.
·
Explain the means
attackers use to compromise systems and networks, and defenses used by
organizations.
·
Use technology and
information resources to research issues in information systems security.
·
Write clearly and
concisely about network security topics using proper writing mechanics and
technical style conventions.
