Cenartech Case

884 Words 4 Pages
Given your understanding of the history and status of Cenartech,make some general observations about the firm 's security readiness. Is Cenartech at low, moderate, or high risk of a security problem? On what aspects of the description do you base your assessment?

Cenartech has invested a significant amount in it’s information technology infrastructure and I would rank it moderate in risk of security problems. Its overall company network is well separated with three networks (Whitman & Mattord, 2011). The first is a wireless guest network, the second is a financial network ,without any wireless access and the third is a production network (for employees and other functions) with wireless access (Whitman & Mattord, 2011). All networks are
…show more content…
One of the few saving graces was the IT manager’s awareness of the great need for standardizing backup procedures and related disaster recovery capabilities (Whitman & Mattord, 2011). This allowed the IT department to have the ability to recover almost everything that had been deleted or changed very quickly. The second saving grace was the firewalls between the different networks had prevented the attacker from connecting and causing further damage after being fired (Whitman & Mattord, 2011).
Lastly, even if the IT manager was fairly new to this company, in two years it would seem he should he should have noted that employees were using the shared archaic, still-active accounts (Whitman & Mattord, 2011). Items like these accounts being accessed at the same time from different IP addresses really should have been a “RED FLAG” of major ongoing issues. Furthermore, he had been an IT manager for two years and had he not been receiving reports of leaving personnel to allow him to have their accounts properly deleted in
…show more content…
Discuss the challenges he would have met in pursuing your recommended strategy.

From the very beginning of Brian’s employment, he was placed at a great disadvantage. The material presented does not fully explain the “chain of command” of his company, but he should not be reporting to another department manager. As a department head, he should be reporting directly to the CEO as any department head should.
There are several actions that Brian could have instigated to have helped avert the attack. The first and foremost, he should have become aware of the very poor user account maintenance being done. Just as the IT department must be aware of any required new user accounts, they really must be aware of user accounts of personnel that are leaving, and more so, fired (Whitman & Mattord, 2011). Finally, as the manager of the IT department, he must share the duty of sever log reviewing and keep their IT department resources secure, such as not allowing the VPN installer disk to be so easily stolen (Whitman & Mattord,

Related Documents

Related Topics