You are the network manager at Central Car Supply, an ecommerce company with 50 employees that sells
equipment for cars (car parts, GPS, audio/video systems, etc.). 30 employees work in the warehouse
fulfilling all orders and receiving the large quantities of goods that arrive at the warehouse. 20 employees
manage purchasing, sales, maintain the website, accounting, and human resources. You manage the
network, which include network devices, ecommerce servers, the internal servers for the various
departments, and all the technology used by employees (many office employees have mobile devices
where they access emails and systems).
Luis, the president, just came to your office as he is worried about security issues. First, he’s been reading
some articles that have discussed some security breaches that other companies have recently had.
Second, due to decreased sales, he may need to lay off 5-10 employees over the next month and is worried
about potentially disgruntled laid off employees hurting the company.
Pete wants you to create a report for him that includes three things:
- Prepare an information security risk assessment for Central Car Supply that identifies their information
security risks. Clearly describe each potential threat. You will need to make some reasonable assumptions. - Develop a set of security controls for use on the ecommerce server, the network devices, the internal
systems, and mobile technology, designed to control risks due to disruption, destruction, and disaster. At
least one security control needs to be identified for each of the potential threats. - What are the main concerns regarding laid off employees? How can the risks related to this layoff be
mitigated?
Sample Solution
