critique the attached assignment

The major issue I see when reading the Red Team’s report is the lack of security awareness by the Sifers-Grayson employees. This could be caused by complacency and the feeling of being secure because of the small town environment or ignorance from really not knowing any better. Regardless, it goes to show the importance of security policies to ensure every employee understands the risks and knows how to do their part to keep the company safe.

For instance, the Red Team reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge. That means at least one employee picked up the USB and plugged it into a system without knowing what it was. NIST’s Security and Privacy Controls for Federal Information Systems and Organizations suggests the safeguards for media protection. The media use control, MP-7, states “the organization prohibits the use of portable storage devices in organizational information systems when such devices have no identifiable owner” (U.S. Department of Commerce [DoC], 2015, p. F-124). Therefore, with no owner identified for the USB keys in the break room, no employee should have plugged them in.

Additionally, the Red Team reported that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff. This alone is an incident that should be identified by both OPSEC and physical security policies. NIST also outlines controls for physical and environmental protection. PE-2 (Physical Access Authorizations) suggests all visitors should be required to show two forms of ID and unescorted access should be restricted (DoC, 2015).

Reference:

U.S. Department of Commerce. National Institute of Standards and Technology. Computer Security Division. Information Technology Laboratory. (2015, January 22). Security and Privacy Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53, Rev. 4). doi:10.6028/NIST.SP.800-53r4

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.

Discount Code: CIPD30

Click ORDER NOW..

critique the attached assignment

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.

Discount Code: CIPD30

Click ORDER NOW..

Skilled CIPD Assignment Tutors Saudi Arabia

Best CIPD Assignment Writing Services In The UK

Custom Assignment Writing

PAYMENT METHOD

CONTACT US

Disclaimer