+61-4-8002-4016
Australia 
Brazil 
Canada 
Hongkong 
India 
Ireland 
Jorden 
Kuwait 
Malaysia 
New Zealand 
UAE 
USA 
UK 
Qatar 
Saudi Arabia 
Singapore 
Taiwan 
South Africa 
Free Sample
Cybersecurity Research Essay
Solution.pdfOwing to the fluid nature of the case study and the slightly different direction for each
individual, the scenario may change, be modified or additional information may be provided
to ensure it stays relevant.
1
Page 1 of 16
Table of Contents
ICT 380: Scenario for the Security Case Study.
1
The Case Scenario ...................................................................................................................... 3
1.0 Details of organization ................................................................................................... 3
2.0 Company Background ................................................................................................... 4
2.1 Monitoring Software * ............................................................................................... 4
2.2 Services * ................................................................................................................... 4
3.0 Market Information........................................................................................................ 4
4.0 Research and Development ........................................................................................... 5
4.1 Project 1 ..................................................................................................................... 5
4.2 Project 2 ..................................................................................................................... 6
1. Contractors and Vendors ............................................................................................... 6
2. Physical Security ........................................................................................................... 7
3. IT Infrastructure............................................................................................................. 8
3.1 Server Room .............................................................................................................. 8
3.2 Wiring Closet ............................................................................................................. 8
3.3 Data Processing ......................................................................................................... 9
4. IT Security ..................................................................................................................... 9
4.1 Client PC.................................................................................................................... 9
4.2 Servers ..................................................................................................................... 10
4.3 IT Policies ................................................................................................................ 11
5. Physical, Oragnizational and I.T Structure .................................................................. 11
5.1 Floor Plans ............................................................................................................... 11
5.2 Organizational Chart ................................................................................................ 11
5.3 Network Infrastructure ............................................................................................ 11
Appendix A .......................................................................................................................... 12
Floor Plan - Basement ...................................................................................................... 12
Floor Plan - Ground Level ............................................................................................... 13
Floor Plan - Upper Levels ................................................................................................ 14
Appendix B .......................................................................................................................... 15
Organizational Chart ........................................................................................................ 15
Appendix C .......................................................................................................................... 16
Network Infrastructure ..................................................................................................... 16
Page 2 of 16
The Case Scenario
: Level 1 - Building maintenance / Training room / R&D
: Level 2 - General Administration / Human Resource / Finance
: Level 3 - Sales / Software and technical support
: Level 4 - Information Technology / Server room
: Level 5 - Data Centre / Seismic Exploration
: Roof - Air-conditioner cooling towers, water tanks
Floor Plan: See attached Appendix
Key Personnel: CEO
: Chief Security Officer
: Chief Information Technology Officer
: Director Sales & Product
: Division Head - Research and Development
: Division Head - Software
: Division Head - Data Processing
: Division Head - Service and Technical Support
: Director - Back Office
: Manager Building and Maintenance
: Manager Officer Administration
: Manager Finance
: Manager Human Resource
: Manager Legal Department
: Legal Officer
Page 3 of 16
2.0 COMPANY BACKGROUND
The company is a Medium-size software company specializing in developing software and
hardware for the oil and gas industry as well as providing services to oil and gas companies in
processing seismic data to assist in locating new oil and gas fields. (Background reading:
http://www.answers.com/topic/seismic-explorationfor-oil-and- gas)
2.1 MONITORING SOFTWARE *
SensorDrill - Software and hardware used to monitor the drilling of oil and gas wells
MeasureMe - Software and hardware package used to monitor the pumping of oil and gas
2.2 SERVICES *
Provide services in processing and interpreting collected seismic data using internally
developed software (Shake and Quake).
* NOTE 1. SensorDrill and MeasureMe software are licensed to the client for their own use 2. Shake and Quake software not licensed for client use, client provides seismic data and the
organization will process the data, format it into human readable form (e.g., graphs, charts,
reports) and then through their e-commerce website, provide the client with a completed
report. The clients and suppliers can also download free basic seismic data reports using ftp.
The ftp links are sent to them by their sales representative through email.
3. MARKET INFORMATION
The company currently holds about 40% of the market share in the oil and gas monitoring
software market. Their nearest and biggest competitor is Seismic Enterprises who also holds
about 40% of the market share. Seismic Enterprises provides the same Seismic processing
services to the oil and gas industry and their version of the monitoring software has roughly
the same functionality as the company's versions. Recently, Seismic Enterprises' proprietary
source code appeared for sale on a darknet marketplace, which led this Medium-size company
to start actively monitoring the darknet for data leaks, as a precaution.
Page 4 of 16
The other 20% of the market is held by several smaller independent software firms providing
either monitoring software or Seismic processing services but not both. Generally speaking,
these companies do not pose a serious threat to your company or to the competitor as the
service they provide are not as comprehensive nor do their software have the same wide range
of functionality.
4. RESEARCH AND DEVELOPMENT
4.1 PROJECT 1
The company is currently working on several R&D projects that may allow them to overtake
their primary competitor in terms of market share. A major upgrade to both the monitoring
software is expected to be released in around 6 months' time. This upgrade provides real time
remote monitoring of the drilling and pumping process via satellite or landlines. Remote
monitoring is a function frequently requested by clients but nobody has been able to provide
that function reliably in their software yet.
This project is currently in close beta testing stage but the company believes it will be able to
start limited field tests in a month's time. Some of their larger clients will be given the
opportunity to test the prototype in a parallel run scenario and feedback will be obtained to
perform fine-tuning of the software.
The company believes that they have the problem licked with their custom design
chip/software. They forecasted that they can gain an additional 10% (around $120 million) of
the market at the expense of their competitor. This project is considered top secret as the
company believes that their competitors are nowhere near having a similar product and
estimates that they will have a technology lead against their competitor for at least 2 years,
provided their competitors are caught unaware at release date. 4.2 PROJECT 2
The company is also working on software that will allow their data processing software to
speed up data processing by distributing the data processing between many different servers.
It is anticipated that a typical job can be completed about 30% faster, which not only reduces
the time getting a report back to the client, but also increases the number of jobs that can be
Page 5 of 16
completed within the same period.
It is projected that if the project is successful, an additional $40 million in revenue can be
generated from the increase annually. This project is currently in alpha testing stage and is
around 12 months away from completion.
The company suspects that their primary competitor is also working on something very
similar at the moment and believes that they (the competitor) are very close to having a fully
functional product (within 2 months). This project will involve some infrastructure upgrade as
additional network cables need to be laid to provide for the increased bandwidth required
between existing servers as well as provide for additional servers. It is also anticipated that an
additional 15 servers / workstations will be required as well as a new high-speed network
switch.
5. CONTRACTORS AND VENDORS
The company uses sub-contractors to meet some of their work force needs as well as to
provide contracted services.
Mop and Clean Pty Ltd
• Providers of cleaning services to the organization
• Four (4) cleaners during office hours to keep the environment clean, for example
keeping the toilet clean through the day, cleaning the pantry or to provide general
cleaning services as required
• Six (6) cleaners after office hours to keep the office clean, general cleaning, wipe
tables, vacuum floor, clean meeting rooms, etc.
Computex Pty Ltd
• Contractors providing network infrastructure services, e.g. laying network
cables, network points, etc.
• Work mainly after office hours or on weekends to minimize disruption to daily
operations
Print Master Pty Ltd
• Supplier of photocopier and printers to the organization
Page 6 of 16
• Responsible for maintenance of copiers and printers
• Monthly maintenance of copiers and printers by technician every 1st Wednesday of
the Month
• Ad hoc maintenance and repair as required
Recruit Solutions Human Resource Pty Ltd
• Employment agencies used by the organization to provide permanent and temporary
placement of staff within the organization
• The organization used short-term contract staff extensively to meet temporary staffing
requirements for the various departments. Example, to cater for staff going on
extended leave or to meet temporary increase in workload.
• Contract staff will be assigned to various departments and given the same access as
permanent staff in similar roles.
Vending Monster Pty Ltd
• Vendor providing food and drinks to the vending machines located in various
locations in the company.
• Also provide food and drinks for meetings and functions as required
6. PHYSICAL SECURITY
Entry to the organization is either via the main entrance on the ground level or via the car park
entrance in the basement. There are 2 fire exits with one-way door (i.e. the door can only be
opened from the inside) and these doors are armed to set off the fire alarm if they are open.
Access to the upper level of the company is via the passenger lifts, cargo lift or by climbing
the stairs. Signs near the main entrance as well as near the lifts in the basement direct all
visitors to the reception desk on the ground level. All visitors are required to sign in and a
visitor's badge will be issued to them. Visitors will be escorted into the company premises by
the person they are meeting, but are not escorted out when they leave. The passenger lifts
operates 24/7 and the door to the stair well is not lock.
Vendors and contractors will use the cargo lift to gain access to the upper levels for deliveries.
Vendors and contractors are required to obtain a contractor badge but are not escorted in or
Page 7 of 16
out. The cargo lift normally only operates during normal office hours, but after hours use can
be arranged with the security office if the need arises.
In the upper levels, there is a set of doors leading from the lift lobby (see layout) to the office
area. These doors are kept open during office hours and the last person to leave at the end of
the workday is responsible for locking them up. The company uses an open plan office layout
and staffs have their own cubicle. Upper management staff have their own individual offices.
7. IT INFRASTRUCTURE
7.1 SERVER ROOM
There is a server room that houses the company's servers as well as networking equipment.
The server room is air-conditioned and the temperature and humidity is monitored for optimal
equipment performance. The server room is not locked during office hours, to facilitate easy
access for IT staff. The last person to leave at the end of the day is responsible for locking up.
7.2 WIRING CLOSET
There is a wiring closet on each of the upper levels and contains router and switches. All
computers, network printers and photocopiers are connected to the switch and routers on their
level. The switches and routers on each level in turn connect to the core routers
located in the server room via vertical cable runs that runs from the basement to the top most
floor. Only the IT staff have physical access to the routers and switches. In case of emergency,
the IT staff can also access the routers and switches remotely using telnet. For redundancy,
there is a primary cable as well as a secondary (backup) cable connecting each floor to the
server room.
The company uses River Side ISP as their Internet Service Provider and the cables from the
ISP enters the building via a cable conduit on the ground level (see layout). The cable from
the ISP then runs vertically up the conduit into the server room. Due to their size and location,
the wiring closets are not air-conditioned. The wiring closets are normally left unlocked to
allow easy access by IT staff.
Page 8 of 16
7.3 DATA PROCESSING
The seismic data processing department runs their own servers and workstations. It is housed
in the data processing room and is separate from the main server room. The data processing
room is air-conditioned and the temperature and humidity monitored. Client data are backed
up on tapes and the tapes are house inside the data processing room on open racks that line the
walls.
Due to the sensitive nature of the client's data, the door to the data processing room is
normally kept locked. Only authorized personnel are allowed into the data processing room.
8.0 IT SECURITY
8.1 CLIENT PC
All client (end-user) computers, that is, desktops and laptops, run off a standardized operating
system image.
All client computers have the SoftMicro Defender antivirus software installed and the
operating system's firewall software is turned on by default. In addition, all client computers
comes complete with Microsoft Outlook email client as well as Microsoft Office Suite.
Department specific software, such as their proprietary customer relationship management
software are installed separately as required. Automatic OS and Microsoft Office applications
patching is turn off by default to prevent new patches from creating compatibility issues with
existing software.
Back office staff are issued with Dell OptiPlex 360 Desktops, running on Windows XP SP2.
All Sales staff are issued with a laptop and a backup external hard drive, to allow them to
work from any location and have immediate access to their clients' data and resources needed
to answer client questions on the spot.
Further, all IT staff and all managers are also issued with laptops, however, they are not
allowed to take their laptops outside of the office. All the laptops issued to the Sales staff, IT
staff and to all managers also run on Windows XP operating system SP2.
The software, R&D, support and training business unit uses a mixture of Dell Precision
Page 9 of 16
desktop and laptops. A variety of operating system such as Windows XP SP2, Windows
Server 2000 Windows Server 2003 and Windows Server 2008 as well as Linux variants such
as Ubuntu and Red Hat Enterprise. Virtual machines are used extensively in the R&D
Business Unit for application development.
8.2 SERVERS
All their servers are on-site. The Domain Controller Server runs on Windows 2003 server
while the File Server and Print Server, and Web Server run on Windows 2000 server. The
Web Server is also used to enable the accounts payable to electronically pay their suppliers
and also for clients to login and pay for paid services such as processed reports and formatted
seismic data. The organization uses HP ProLiant G5 and G6 servers, rack mounted with Raid
5 Hard Drive redundancy.
All servers are protected with the server version of the SoftMicro Defender antivirus software
as well as the Red-Rock firewall software, and requires a password of at least six characters
long, which is changed by the Server Admin every six months. Automatic software patching
is also disabled and new patches are only applied after being tested for compatibility on a test
server. All servers are also loaded with the Symantec Backup exec software that backup all
data to a HP 1/8 G2 Tape Autoloader.
The Data Processing Business Unit uses IBM Blade centers running a customized Linux
based operating system for data processing. To ensure stability, the kernel and systems
application are rarely updated. The Data Processing Business Unit runs their own separate
backup on a HP 1/8 G2 Tape Loader.
8.3 IT POLICIES
When new staff joins the company, a user account and password will be created for them. All
new users are told that they should no share their user account and to keep their password
secret. They are also encouraged not to write down their password in clear text and to change
their password periodically.
9.0 PHYSICAL, ORAGNIZATIONAL AND I.T STRUCTURE
Page 10 of 16
9.1 FLOOR PLANS
The floor plan for this organization can be found in Appendix A of this
document. “Hackers suggest they had physical access during attack on Sony
Pictures” see story. Do not overlook the floor plans in your analysis.
9.2 ORGANIZATIONAL CHART
The Organizational Chart for this organization can be found in Appendix B.
Please check your Role and the Business Units you are responsible for.
9.3 NETWORK INFRASTRUCTURE
The Network topology of this organization can be found in Appendix C. Carefully
study this organization's network infrastructure, do not overlook this critical area
where threats come from not only outside, but also inside.
Tired of the boring assignments to be submitted to colleges and universities? MyAssignmentMart.com gives you multiple reasons to trust it with your orders. We employ PhD experts handpicked from prestigious universities over the globe. We cater to quality assignment help, dissertation writing services and online essay help, covering more than 100 academic subjects. We pledge to complete your assignments on time and never compromise when it comes to deadline. Our prices for assignments are the most competitive in the market and make sure the cost suits your budget.
