You have been hired as an information security analyst at a small company called Astounding Appliances. The company sells appliances online. Astounding Appliances owns and hosts all of its IT assets and forward-facing web applications on site. The assets are about 5 years old. The company is seeking to expand its operations in the next 5 years.
Your manager asks you to help her document the threats and vulnerabilities to the company’s IT operations. In addition to what you already know about the company, you learn the following during your interviews and inspections for this project.
The Astounding Appliances company and all of its IT operations are located in New Orleans, Louisiana. The data center is located on the ground floor of the company’s building. There is no basement. No one can come into the data center without a smart card scan. However, there is a physical key system that can override the smart card scanner and access. There is no inventory of who has keys to the data center, although the company’s vice president for operations doesn’t think that too many people have keys.
Because New Orleans is vulnerable to hurricanes, all of the equipment in the data center is stored in elevated racks that sit on a raised floor. Pumps have also been installed to remove water. The pumps are attached to a generator, which has not been inspected in several years. You learn that it has not been inspected in a timely manner because making sure the generator is functional is not on the organization’s disaster recovery checklist.
From the director of human resources, you learn that any Astounding Appliances employee with a valid smart card can enter the data center; access is not granted based on a need to enter the data center. You also learn that smart card access is not always terminated promptly when employees leave Astounding Appliances. The director of human resources tries to audit smart card validity regularly, but this is a low-priority task for her. You also learn that it is not part of the regular employment process for new employees to complete information security training or to sign the company’s IT acceptable use policy.
- Identify 6-10 vulnerabilities to Astounding Appliances information systems and data. Be sure to include the asset that is affected by the vulnerability.
- For each vulnerability that you have already identified, document potential threats associated with it. Be sure to list the relevant information security concern (i.e., confidentiality, integrity, or availability) for the vulnerability-threat pair.
- For each vulnerability-threat pair, identify the relevant information security concern(s) (i.e., confidentiality, integrity, or availability).
- For each vulnerability-threat pair, identify the vulnerability category.
- For each vulnerability-threat pair, identify the threat category.
business’s shortcomings and qualities. As often as possible used to recognize a commerce’s structure to decide corporate technique, Porter’s model can be connected to any section of the economy to scan for gainfulness and appeal Thorntons is the biggest UK producer of premium chocolate, an item that includes chocolate enrobing as opposed to the embellishment procedure required by more mass-advertise chocolates. Where the expenses were nearly higher, they regularly included optional perspectives that brought about upgraded item qualities for those where there was no worry for the maintenance of learning. Item quality depends on one of a kind item formula and the utilization of brilliant material. By and large, the danger of contestants isn’t high however direct as creation cost is high and participants needs encounter Thorntons principally contend in the boxed chocolate advertise where they should rival brands like Cadbury, Bendicks, Green and Black’s, Whitbread and so forth. Obdurate item quality depends on extraordinary item formulas and the utilization of top notch materials. The chocolate business is in development phase of the existence cycle. Inside this view Thorntons in-house assembling and retailing technique seems to have a few advantages in meeting aggressive powers Instead of purchasing strong or boxed chocolates there are numerous different substitutes accessible for the customers in the chocolate market, for example, chocolate drain, rice drain, juices, cakes, desserts, and so forth. The danger of substitutes is high as assortments of substitutes are accessible in the market. The volume of procurement from the purchasers is low. Generally, the buys rely on regular occasions i.e. Christmas, Valentine’s Day, Easter and other unique events. Thorntons has vast number of such providers as M&S, ASDA and other general store stores where Thorntons supply chocolates. Thorntons ceaselessly builds up the assembling parts of the business where individuals are frequently astounded by the measure of hand-completing engaged with the fabricate of Thorntons items. There is certainly not a major danger of in reverse joining by the purchaser Thorntons could influence utilization of focused supply to showcase. Thorntons purchas>GET ANSWER