SlideShare a Scribd company logo

HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) i.docx

Download as DOCX, PDF
P
pooleavelina

Hellmann Finance, Inc. (HFI) is a financial services company experiencing security issues. As the new Chief Security Officer, you have been tasked with conducting a risk assessment of HFI's network infrastructure and systems. HFI has experienced several cyber attacks over the past few years, compromising customer data and costing the company millions. The risk assessment will inventory HFI's assets, evaluate security vulnerabilities, and recommend risk mitigation procedures to improve security and protect sensitive data. Key areas of focus include perimeter security, remote access, mobility, wireless networks, authentication, and a proposed move to cloud computing. The assessment will help address executive concerns over outsourcing IT functions and justify maintaining internal security resources.

Education
1 of 20
HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) is a financial company that manages thousands of accounts across the United States. A public company traded on the NYSE, HFI specializes in financial management, loan application approval, wholesale loan processing, and investment of money management for their customers. The diagram below displays the executive management team of HFI: Figure 1 HFI Executive Organizational Chart BACKGROUND AND YOUR ROLE You are the Chief Security Officer, hired by COO Matt Roche, to protect the physical and operational security of HFI’s corporate information systems. Shortly after starting in your new position, you recognize numerous challenges that you will be facing in this pursuit. Your primary challenge, as is usually the case, is less technical and more of a political nature. The CEO has been swept up in the “everything can be solved by outsourcing” movement. He believes that the IT problem is a known quantity and feels the IT function can be
almost entirely outsourced at fractions of the cost associated with creating and maintaining an established internal IT department. In fact, the CEO’s strategy has been to prevent IT from becoming a core competency since so many services can be obtained from 3rd parties. Based on this vision, the CEO has already begun downsizing the IT department and recently presented a proposal to his senior management team outlining his plan to greatly reduce the internal IT staff in favor of outsourcing. He plans on presenting this approach to the Board of Directors as soon as he has made a few more refinements in his presentation. COO Roche’s act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology services combined with a diminishing IT footprint gravely concerned Roche, and he begged to at least bring in an Information Security expert with the experience necessary to evaluate the current security of HFI’s infrastructure and systems. The COO’s worst nightmare is a situation where the Confidentiality, Integrity, and Availability of HFI’s information systems were compromised – bringing the company to its knees – then having to rely on vendors to pull him out of the mess. COO Roche has reasons for worrying. HFI has experienced several cyber-attacks from outsiders over the past a few years: • In 2016, the Oracle database server was attacked and its customer database lost its confidentiality, integrity, and availability for several days. Although the company restored the Oracle database
server back online, its lost confidentiality damaged the company reputation. HFI ended up paying its customers a large sum of settlement for their loss of data confidentiality. • In 2017, another security attack was carried out by a malicious virus that infected the entire Vice President Trey Elway Executive Assistant Kim Johnson Executive Assistant Julie Anderson Executive Assistant Michelle Wang CCO Andy Murphy COO Matt Roche CFO Ron Johnson Director of
Marketing John King Director of HR Ted Young CEO Karl Hellmann network for several days. While infected, the Oracle and e-mail servers had to be shut down to quarantine these servers. COO Roche isn’t sure whether the virus entered HFI’s systems through a malicious email, from malware downloaded from the Internet, or via a user’s USB flash drive. Regardless of the source of the infection, the company lost $1,700,000 in revenue and intangible customer confidence. • In a separate incident in 2017, one of the financial advisors left his company laptop unprotected at the airport while travelling and it was stolen. It contained customer financial data and the hard drive was not encrypted. Financial reparations were paid to impacted customers. • In 2018, a laptop running network sniffer software was found plugged into a network jack under a desk in one of the unoccupied offices. It is apparent from the number of successful cyber-attacks that HFI is an organization severely lacking in information security maturity. COO Roche has commissioned
you to perform a quantitative and qualitative risk assessment of HFI’s infrastructure to determine where improvements could be made to reduce the risk of future attacks. CORPORATE OFFICE NETWORK TOPOLOGY The diagram on the following page displays HFI’s Corporate Office Topology. The HFI network infrastructure consists of a corporate WAN spanning 20 remote facilities that are interconnected to the HFI headquarters’ central data processing environment. Data is transmitted from a remote site through a VPN gateway appliance that forms a VPN tunnel with the VPN gateway in headquarters. Through this VPN connection, remote office users access the internal Oracle database to update the customer data tables. Through your inspection of the VPN configuration you discover that the data transaction traversing the remote access connection to the corporate internal databases is not encrypted. Users are authorized to work from home and both dial-up and VPN remote access are available. Dial-up is provided via Private Branch Exchange (PBX) and a Remote Access Server and VPN remote access is provided via the VPN gateway. Authentication is password- based via MS-CHAP V2. Users are also able to take advantage of HFI’s Bring Your Own Device (BYOD) policy and a Wireless antenna allows
wireless networking within headquarters. WEP is used to provide wireless security to BYOD users. The network perimeter between the Internet and HFI’s internal network infrastructure is separated by two Border (Core) Routers. These Border Routers then connect to two Distribution Routers and the VPN Gateway. The Distribution Routers connect to a RAS Server, a Wireless Router that provides a bridge between the Wireless Antenna and the internal network, and two Multi-layer switches. The Multilayer switches connect to six (6) Access Layer VLAN switches that segregate the Accounting, Loan Dept, Customer Services, Mgmt, Credit Dept, and Finance VLANs. The Multi-layer switches also connect to a third Multi-layer switch that provides a connection to HFI’s servers in the Trusted Computing Base subnet. The trusted computing based (TCB) internal network is situated in a physically separated subnet. A bulk of the data processing for HFI is handled by an Oracle database on a high end super computer located in the TCB and the TCB also contains an intranet web server used by the internal support team, a Software Update Services (SUS) server used for patch management, an internal DNS server, an e-mail server, and other support personnel workstations. Although each corporate department is segregated physically on a different subnet, they share access to the corporate data in the TCB network.
NOTE: The symbol represents a multilayer switch CONSIDERATIONS WHEN CONDUCTING THE RISK ASSESSMENT: This Risk Assessment and your suggested security improvements are of critical importance. The CEO is set on outsourcing HFI’s IT competency and you’ve been told of a plan from COO Roche to outsource network management and security functions away from your department and over to a service integrator. COO Roche warns you that the political environment will only become more contentious over time; you must make a compelling case as to what value your department can bring over an integrator to provide security improvements in certain key areas without a significant increase to the IT budget. It is extremely important that you take into account the value of the assets being protected when selecting security controls to mitigate the risks (i.e. don’t spend $1000 to protect an asset worth $500). In addition to what you learned from COO Roche about the previous exploits of HFI’s vulnerabilities and what you gathered when reviewing HFI’s network infrastructure, COO Roche has provided some additional information that he wants you to take into account: 1. Ever since an article ran in Business Week about HFI, the network engineers report that they’ve noted a significant spike in network traffic crossing into the internal networks. They report that they cannot be certain what or who is generating this traffic, but the volume
and frequency of traffic is certainly abnormal. The management is very concerned over securing the corporate confidential data and customer information. Suggestions on improvements to perimeter security and/or methods of identifying the source of intrusions should be presented in your risk assessment. 2. The interrelationship between data and operations concerns COO Roche. Increasingly, some of the twenty remote sites have been reporting significant problems with network latency, slow performance, and application time-outs against the Oracle database. The company’s business model is driving higher and higher demand for data, but your capability to respond to these problems are drastically limited. Suggestions on reducing network latency or increasing application response time and availability should be presented in your risk assessment. 3. Mobility is important for the organization to interact with the customers and other co-workers in near real-time. However, COO Roche is concerned with mobility security and would like you to research best practices for mobile computing. Security within the BYOD environment should be presented in your risk assessment. 4. Employees enjoy the flexibility of getting access to the corporate network using a WiFi network. However, COO Roche is concerned over the security
ramifications over the wireless network that is widely open to the company and nearby residents. Security within the wireless environment should be presented in your risk assessment. 5. The company plans to offer its products and services online and requested its IT department to design a Cloud Computing based e-commerce platform. However, COO Roche is particularly concerned over the cloud computing security in case the customer database is breached. ASSIGNMENTS • Provide an Executive Summary. • From the devices and systems identified in the HFI Corporate Network Topology, conduct a thorough asset inventory, assign monetary values to each asset (quantitative), and assign a priority value for each asset (qualitative) that could be used to determine which assets are most critical for restoral in the event of a catastrophic event or attack. • Evaluate the perimeter security, make a list of access points internal and external(remote), identify vulnerabilities and make suggestions for improvements to perimeter and network security. • Evaluate the remote access infrastructure, identify vulnerabilities and suggest security improvements to mitigate risks to remote access.
• Address the COO’s concern over the mobility security and design a secure mobile computing (smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection. • Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and network security to protect data should be implemented. • Evaluate the authentication protocols and methodologies within the wired, wireless, mobility and remote access environments and suggest improvements to secure authentication for HFI. • Evaluate the web system protocols and vulnerabilities within the Intranet server and suggest secure protocol improvements to improve security for web authentication. • Design a cloud computing environment for the company with a secure means of data protection at rest, in motion and in process. • Assess all known vulnerabilities on each asset in this environment and impacts if compromised. • Using the asset inventory and the assigned values (monetary and priority) conduct a quantitative and qualitative risk assessment of the HFI network. • Recommend risk mitigation procedures commensurate with the asset values from your asset inventory. Feel free to redesign the corporate infrastructure and use any combination of technologies to harden the authentication processes and network security measures.
• You are welcome to make assumptions for any unknown facts as long as you support your assumptions. • The Title Page, Table of Contents and References page(s) don’t count in your 15 page minimum!!! Risk Assessment Paper Rubric You are given a fictional scenario above describing security issues affecting organizational assets. You will identify the risks associated with the assets, and recommend mitigating procedures. You will prepare a quantitative / qualitative risk assessment to address risk factors on organizational assets. Your final paper will be 15–25 pages long in a Word document (double-spaced with 12 point font) with APA citations for the resources you used in your research and will be graded using the following rubric. Criteria Non-compliant Minimal Compliant Advanced Executive summary of risk assessment. Did not include an executive summary. (0)
Included an executive summary but lacks details. (3) Included an executive summary in details, but did not address the mission objectives. (7) Included an executive summary in details, and addressed mission objectives. (10) Inventory assets and prioritize them in the order of mission criticality. Did not inventory or prioritize assets in the order of mission criticality. (0) Inventoried assets but did not prioritize them in the order of mission criticality. (3) Inventoried, prioritized assets, but did not address mission objectives in their asset priority. (7) Inventoried, prioritized
assets and addressed mission objectives in their asset priority. (10) Evaluate enterprise topology and perimeter protection. Did not evaluate enterprise topology and perimeter protection. (0) Evaluated enterprise topology but did not include perimeter protection measures. (3) Evaluated enterprise topology, perimeter protection measures, but did not address mission objectives. (7) Evaluated enterprise topology, perimeter protection measures, and addressed mission objectives. . (10) Evaluate remote access to the networks.
Did not evaluate remote access protocols and safeguards to the network. (0) Evaluated remote access protocols but did not address security safeguards to the network. (3) Evaluated remote access protocols, security safeguards to the network, but did not address mission objectives. (7) Evaluated remote access protocols, security safeguards to the network, and addressed mission objectives. (10) Evaluate authentication protocols and methodologies. Did not evaluate authentication protocols and methodologies. (0)
Evaluated authentication protocols, methodologies but with insufficient data or inadequate description. (3) Evaluated authentication protocols, methodologies with supporting data and description, but lacks mission objectives. (7) Evaluated authentication protocols, methodologies with supporting data, description; and addressed mission objectives. (10) Assign asset values to organization assets for quantitative / qualitative risk assessment. Did not assign asset values to organization assets for quantitative / qualitative risk assessment. (0) Assigned asset values
to organization assets for quantitative / qualitative risk assessment but incomplete. (3) Assigned asset values to organization assets in a complete assessment, but did not address mission objectives. (7) Assigned asset values to organization assets in a complete assessment, and addressed mission objectives. (10) Assess vulnerabilities on each asset and impacts if compromised. Did not assess vulnerabilities on each asset and impacts if compromised. (0) Assessed vulnerabilities on each asset and impacts if compromised; but incomplete. (3)
Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory but did not address mission objectives. (7) Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory and addressed mission objectives. (10) Evaluate web access protocols and vulnerabilities and Cloud Computing Did not evaluate web access protocols and vulnerabilities and Cloud Computing (0) Evaluated web access protocols and vulnerabilities or Cloud Computing. (3) Evaluated web access
protocols and vulnerabilities and Cloud Computing but did not address mission objectives. (7) Evaluated web access protocols and vulnerabilities and Cloud Computing and addressed mission objectives. (10) Criteria Non-compliant Minimal Compliant Advanced Recommend risk mitigation procedures commensurate with asset values. Did not recommended risk mitigation procedures commensurate with asset values. (0) Recommended risk mitigation procedures commensurate with asset values, but incomplete. (3)
Recommended risk mitigation procedures commensurate with asset values of complete inventory, but did not address mission objectives. (7) Recommended risk mitigation procedures commensurate with asset values of complete inventory, and addressed mission objectives. (10) Formulate 15-25 pages of a quantitative or qualitative risk assessment in APA format. Did not follow proper quantitative or qualitative risk assessment format, and failed to conform to APA format. (0) Followed proper quantitative or qualitative risk assessment format but did not conform to APA format. (3)
Followed proper quantitative or qualitative risk assessment format and conformed to APA but insufficient reference list and page count. (7) Followed proper quantitative or qualitative risk assessment format and conformed to APA in a sufficient reference list and page count. (10) Figure 1 HFI Executive Organizational Chart BACKGROUND AND YOUR ROLECORPORATE OFFICE NETWORK TOPOLOGYCONSIDERATIONS WHEN CONDUCTING THE RISK ASSESSMENT:ASSIGNMENTSRisk Assessment Paper Rubric

Recommended

07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx
07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx
07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docxsmithhedwards48727
 
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docxaryan532920
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERHamesKellor
 
Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.David Bustin
 
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docxsmithhedwards48727
 
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxGLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
 
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docx
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxGLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docx
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxbudbarber38650
 
My Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinMy Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinDavid Bustin
 

Recommended

07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx
07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docx
07029 Topic Final ProjectNumber of Pages 1 (Double Spaced).docxsmithhedwards48727
 
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI.docxaryan532920
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERHamesKellor
 
Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.David Bustin
 
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docx
07057 Topic Risk Assessment (Global Finance, INC (GFI)Number o.docxsmithhedwards48727
 
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxGLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docx
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
 
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docx
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxGLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docx
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxbudbarber38650
 
My Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinMy Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinDavid Bustin
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesAmerican Chamber of Commerce in Bahrain
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureLiveAction Next Generation Network Management Software
 
ScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docxScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docxtodd491
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Due by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docxDue by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docxsagarlesley
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
Software_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_finalSoftware_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_finalKhiro Mishra
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionWorkday
 
Rebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital AgeRebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital AgeCapgemini
 
AFIS as SaaS - 8-5-2015
AFIS as SaaS - 8-5-2015AFIS as SaaS - 8-5-2015
AFIS as SaaS - 8-5-2015Dr. Behnam (Ben) Bavarian
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0Muhammad Zubair
 
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfWhitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfFINAP Worldwide
 
IAM
IAMIAM
IAMProf. Jacques Folon (Ph.D)
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
httpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docxhttpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docxpooleavelina
 
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docxhttpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docxpooleavelina
 

More Related Content

Similar to HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) i.docx

Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
ScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docxScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docxtodd491
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Due by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docxDue by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docxsagarlesley
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Software_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_finalSoftware_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_finalKhiro Mishra
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionWorkday
 
Rebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital AgeRebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital AgeCapgemini
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfWhitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfFINAP Worldwide
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 

Similar to HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) i.docx (20)

Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
ScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docxScenarioIntegrated Distributors Incorporated (IDI), a public.docx
ScenarioIntegrated Distributors Incorporated (IDI), a public.docx
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Due by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docxDue by 11316 9pm PSTGiven the pieces of information provided i.docx
Due by 11316 9pm PSTGiven the pieces of information provided i.docx
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Software_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_finalSoftware_defines_the_future_infrastructure (1)_final
Software_defines_the_future_infrastructure (1)_final
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
 
Rebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital AgeRebooting IT Infrastructure for the Digital Age
Rebooting IT Infrastructure for the Digital Age
 
AFIS as SaaS - 8-5-2015
AFIS as SaaS - 8-5-2015AFIS as SaaS - 8-5-2015
AFIS as SaaS - 8-5-2015
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfWhitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
 
IAM
IAMIAM
IAM
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
 

More from pooleavelina

httpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docxhttpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docxpooleavelina
 
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docxhttpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docxpooleavelina
 
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docx
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docxhttpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docx
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docxpooleavelina
 
httpfmx.sagepub.comField Methods DOI 10.117715258.docx
httpfmx.sagepub.comField Methods DOI 10.117715258.docxhttpfmx.sagepub.comField Methods DOI 10.117715258.docx
httpfmx.sagepub.comField Methods DOI 10.117715258.docxpooleavelina
 
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docx
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docxhttpsiexaminer.orgfake-news-personal-responsibility-must-trump.docx
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docxpooleavelina
 
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxhttp1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxpooleavelina
 
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docx
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docxhttpswww.medicalnewstoday.comarticles323444.phphttpsasco.docx
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docxpooleavelina
 
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docx
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docxhttpstheater.nytimes.com mem theater treview.htmlres=9902e6.docx
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docxpooleavelina
 
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docx
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docxhttpsfitsmallbusiness.comemployee-compensation-planThe pu.docx
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docxpooleavelina
 
httpsdoi.org10.11770002764219842624American Behaviora.docx
httpsdoi.org10.11770002764219842624American Behaviora.docxhttpsdoi.org10.11770002764219842624American Behaviora.docx
httpsdoi.org10.11770002764219842624American Behaviora.docxpooleavelina
 
httpsdoi.org10.11770896920516649418Critical Sociology.docx
httpsdoi.org10.11770896920516649418Critical Sociology.docxhttpsdoi.org10.11770896920516649418Critical Sociology.docx
httpsdoi.org10.11770896920516649418Critical Sociology.docxpooleavelina
 
httpsdoi.org10.11770894318420903495Nursing Science Qu.docx
httpsdoi.org10.11770894318420903495Nursing Science Qu.docxhttpsdoi.org10.11770894318420903495Nursing Science Qu.docx
httpsdoi.org10.11770894318420903495Nursing Science Qu.docxpooleavelina
 
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxhttpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxpooleavelina
 
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docx
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docxhttphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docx
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docxpooleavelina
 
httpswww.worldbank.orgencountryvietnamoverview---------.docx
httpswww.worldbank.orgencountryvietnamoverview---------.docxhttpswww.worldbank.orgencountryvietnamoverview---------.docx
httpswww.worldbank.orgencountryvietnamoverview---------.docxpooleavelina
 
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docx
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docxHTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docx
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docxpooleavelina
 
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docxhttpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docxpooleavelina
 
httpswww.vitalsource.comproductscomparative-criminal-justice-.docx
httpswww.vitalsource.comproductscomparative-criminal-justice-.docxhttpswww.vitalsource.comproductscomparative-criminal-justice-.docx
httpswww.vitalsource.comproductscomparative-criminal-justice-.docxpooleavelina
 
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docx
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docxhttpswww.nationaleatingdisorders.orglearnby-eating-disordera.docx
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docxpooleavelina
 
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docx
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docxhttpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docx
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docxpooleavelina
 

More from pooleavelina (20)

httpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docxhttpswww.azed.govoelaselpsUse this to see the English Lang.docx
httpswww.azed.govoelaselpsUse this to see the English Lang.docx
 
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docxhttpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
httpscdnapisec.kaltura.comindex.phpextwidgetpreviewpartner_.docx
 
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docx
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docxhttpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docx
httpsifes.orgsitesdefaultfilesbrijuni18countryreport_fi.docx
 
httpfmx.sagepub.comField Methods DOI 10.117715258.docx
httpfmx.sagepub.comField Methods DOI 10.117715258.docxhttpfmx.sagepub.comField Methods DOI 10.117715258.docx
httpfmx.sagepub.comField Methods DOI 10.117715258.docx
 
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docx
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docxhttpsiexaminer.orgfake-news-personal-responsibility-must-trump.docx
httpsiexaminer.orgfake-news-personal-responsibility-must-trump.docx
 
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxhttp1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
 
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docx
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docxhttpswww.medicalnewstoday.comarticles323444.phphttpsasco.docx
httpswww.medicalnewstoday.comarticles323444.phphttpsasco.docx
 
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docx
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docxhttpstheater.nytimes.com mem theater treview.htmlres=9902e6.docx
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docx
 
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docx
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docxhttpsfitsmallbusiness.comemployee-compensation-planThe pu.docx
httpsfitsmallbusiness.comemployee-compensation-planThe pu.docx
 
httpsdoi.org10.11770002764219842624American Behaviora.docx
httpsdoi.org10.11770002764219842624American Behaviora.docxhttpsdoi.org10.11770002764219842624American Behaviora.docx
httpsdoi.org10.11770002764219842624American Behaviora.docx
 
httpsdoi.org10.11770896920516649418Critical Sociology.docx
httpsdoi.org10.11770896920516649418Critical Sociology.docxhttpsdoi.org10.11770896920516649418Critical Sociology.docx
httpsdoi.org10.11770896920516649418Critical Sociology.docx
 
httpsdoi.org10.11770894318420903495Nursing Science Qu.docx
httpsdoi.org10.11770894318420903495Nursing Science Qu.docxhttpsdoi.org10.11770894318420903495Nursing Science Qu.docx
httpsdoi.org10.11770894318420903495Nursing Science Qu.docx
 
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxhttpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
 
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docx
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docxhttphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docx
httphps.orgdocumentspregnancy_fact_sheet.pdfhttpswww.docx
 
httpswww.worldbank.orgencountryvietnamoverview---------.docx
httpswww.worldbank.orgencountryvietnamoverview---------.docxhttpswww.worldbank.orgencountryvietnamoverview---------.docx
httpswww.worldbank.orgencountryvietnamoverview---------.docx
 
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docx
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docxHTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docx
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docx
 
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docxhttpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
 
httpswww.vitalsource.comproductscomparative-criminal-justice-.docx
httpswww.vitalsource.comproductscomparative-criminal-justice-.docxhttpswww.vitalsource.comproductscomparative-criminal-justice-.docx
httpswww.vitalsource.comproductscomparative-criminal-justice-.docx
 
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docx
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docxhttpswww.nationaleatingdisorders.orglearnby-eating-disordera.docx
httpswww.nationaleatingdisorders.orglearnby-eating-disordera.docx
 
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docx
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docxhttpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docx
httpswww.youtube.comwatchtime_continue=59&v=Bh_oEYX1zNM&featu.docx
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 

HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) i.docx

  • 1. HELLMANN FINANCE, INC. Hellmann Finance, Inc. (HFI) is a financial company that manages thousands of accounts across the United States. A public company traded on the NYSE, HFI specializes in financial management, loan application approval, wholesale loan processing, and investment of money management for their customers. The diagram below displays the executive management team of HFI: Figure 1 HFI Executive Organizational Chart BACKGROUND AND YOUR ROLE You are the Chief Security Officer, hired by COO Matt Roche, to protect the physical and operational security of HFI’s corporate information systems. Shortly after starting in your new position, you recognize numerous challenges that you will be facing in this pursuit. Your primary challenge, as is usually the case, is less technical and more of a political nature. The CEO has been swept up in the “everything can be solved by outsourcing” movement. He believes that the IT problem is a known quantity and feels the IT function can be
  • 2. almost entirely outsourced at fractions of the cost associated with creating and maintaining an established internal IT department. In fact, the CEO’s strategy has been to prevent IT from becoming a core competency since so many services can be obtained from 3rd parties. Based on this vision, the CEO has already begun downsizing the IT department and recently presented a proposal to his senior management team outlining his plan to greatly reduce the internal IT staff in favor of outsourcing. He plans on presenting this approach to the Board of Directors as soon as he has made a few more refinements in his presentation. COO Roche’s act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology services combined with a diminishing IT footprint gravely concerned Roche, and he begged to at least bring in an Information Security expert with the experience necessary to evaluate the current security of HFI’s infrastructure and systems. The COO’s worst nightmare is a situation where the Confidentiality, Integrity, and Availability of HFI’s information systems were compromised – bringing the company to its knees – then having to rely on vendors to pull him out of the mess. COO Roche has reasons for worrying. HFI has experienced several cyber-attacks from outsiders over the past a few years: • In 2016, the Oracle database server was attacked and its customer database lost its confidentiality, integrity, and availability for several days. Although the company restored the Oracle database
  • 3. server back online, its lost confidentiality damaged the company reputation. HFI ended up paying its customers a large sum of settlement for their loss of data confidentiality. • In 2017, another security attack was carried out by a malicious virus that infected the entire Vice President Trey Elway Executive Assistant Kim Johnson Executive Assistant Julie Anderson Executive Assistant Michelle Wang CCO Andy Murphy COO Matt Roche CFO Ron Johnson Director of
  • 4. Marketing John King Director of HR Ted Young CEO Karl Hellmann network for several days. While infected, the Oracle and e-mail servers had to be shut down to quarantine these servers. COO Roche isn’t sure whether the virus entered HFI’s systems through a malicious email, from malware downloaded from the Internet, or via a user’s USB flash drive. Regardless of the source of the infection, the company lost $1,700,000 in revenue and intangible customer confidence. • In a separate incident in 2017, one of the financial advisors left his company laptop unprotected at the airport while travelling and it was stolen. It contained customer financial data and the hard drive was not encrypted. Financial reparations were paid to impacted customers. • In 2018, a laptop running network sniffer software was found plugged into a network jack under a desk in one of the unoccupied offices. It is apparent from the number of successful cyber-attacks that HFI is an organization severely lacking in information security maturity. COO Roche has commissioned
  • 5. you to perform a quantitative and qualitative risk assessment of HFI’s infrastructure to determine where improvements could be made to reduce the risk of future attacks. CORPORATE OFFICE NETWORK TOPOLOGY The diagram on the following page displays HFI’s Corporate Office Topology. The HFI network infrastructure consists of a corporate WAN spanning 20 remote facilities that are interconnected to the HFI headquarters’ central data processing environment. Data is transmitted from a remote site through a VPN gateway appliance that forms a VPN tunnel with the VPN gateway in headquarters. Through this VPN connection, remote office users access the internal Oracle database to update the customer data tables. Through your inspection of the VPN configuration you discover that the data transaction traversing the remote access connection to the corporate internal databases is not encrypted. Users are authorized to work from home and both dial-up and VPN remote access are available. Dial-up is provided via Private Branch Exchange (PBX) and a Remote Access Server and VPN remote access is provided via the VPN gateway. Authentication is password- based via MS-CHAP V2. Users are also able to take advantage of HFI’s Bring Your Own Device (BYOD) policy and a Wireless antenna allows
  • 6. wireless networking within headquarters. WEP is used to provide wireless security to BYOD users. The network perimeter between the Internet and HFI’s internal network infrastructure is separated by two Border (Core) Routers. These Border Routers then connect to two Distribution Routers and the VPN Gateway. The Distribution Routers connect to a RAS Server, a Wireless Router that provides a bridge between the Wireless Antenna and the internal network, and two Multi-layer switches. The Multilayer switches connect to six (6) Access Layer VLAN switches that segregate the Accounting, Loan Dept, Customer Services, Mgmt, Credit Dept, and Finance VLANs. The Multi-layer switches also connect to a third Multi-layer switch that provides a connection to HFI’s servers in the Trusted Computing Base subnet. The trusted computing based (TCB) internal network is situated in a physically separated subnet. A bulk of the data processing for HFI is handled by an Oracle database on a high end super computer located in the TCB and the TCB also contains an intranet web server used by the internal support team, a Software Update Services (SUS) server used for patch management, an internal DNS server, an e-mail server, and other support personnel workstations. Although each corporate department is segregated physically on a different subnet, they share access to the corporate data in the TCB network.
  • 7. NOTE: The symbol represents a multilayer switch CONSIDERATIONS WHEN CONDUCTING THE RISK ASSESSMENT: This Risk Assessment and your suggested security improvements are of critical importance. The CEO is set on outsourcing HFI’s IT competency and you’ve been told of a plan from COO Roche to outsource network management and security functions away from your department and over to a service integrator. COO Roche warns you that the political environment will only become more contentious over time; you must make a compelling case as to what value your department can bring over an integrator to provide security improvements in certain key areas without a significant increase to the IT budget. It is extremely important that you take into account the value of the assets being protected when selecting security controls to mitigate the risks (i.e. don’t spend $1000 to protect an asset worth $500). In addition to what you learned from COO Roche about the previous exploits of HFI’s vulnerabilities and what you gathered when reviewing HFI’s network infrastructure, COO Roche has provided some additional information that he wants you to take into account: 1. Ever since an article ran in Business Week about HFI, the network engineers report that they’ve noted a significant spike in network traffic crossing into the internal networks. They report that they cannot be certain what or who is generating this traffic, but the volume
  • 8. and frequency of traffic is certainly abnormal. The management is very concerned over securing the corporate confidential data and customer information. Suggestions on improvements to perimeter security and/or methods of identifying the source of intrusions should be presented in your risk assessment. 2. The interrelationship between data and operations concerns COO Roche. Increasingly, some of the twenty remote sites have been reporting significant problems with network latency, slow performance, and application time-outs against the Oracle database. The company’s business model is driving higher and higher demand for data, but your capability to respond to these problems are drastically limited. Suggestions on reducing network latency or increasing application response time and availability should be presented in your risk assessment. 3. Mobility is important for the organization to interact with the customers and other co-workers in near real-time. However, COO Roche is concerned with mobility security and would like you to research best practices for mobile computing. Security within the BYOD environment should be presented in your risk assessment. 4. Employees enjoy the flexibility of getting access to the corporate network using a WiFi network. However, COO Roche is concerned over the security
  • 9. ramifications over the wireless network that is widely open to the company and nearby residents. Security within the wireless environment should be presented in your risk assessment. 5. The company plans to offer its products and services online and requested its IT department to design a Cloud Computing based e-commerce platform. However, COO Roche is particularly concerned over the cloud computing security in case the customer database is breached. ASSIGNMENTS • Provide an Executive Summary. • From the devices and systems identified in the HFI Corporate Network Topology, conduct a thorough asset inventory, assign monetary values to each asset (quantitative), and assign a priority value for each asset (qualitative) that could be used to determine which assets are most critical for restoral in the event of a catastrophic event or attack. • Evaluate the perimeter security, make a list of access points internal and external(remote), identify vulnerabilities and make suggestions for improvements to perimeter and network security. • Evaluate the remote access infrastructure, identify vulnerabilities and suggest security improvements to mitigate risks to remote access.
  • 10. • Address the COO’s concern over the mobility security and design a secure mobile computing (smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection. • Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and network security to protect data should be implemented. • Evaluate the authentication protocols and methodologies within the wired, wireless, mobility and remote access environments and suggest improvements to secure authentication for HFI. • Evaluate the web system protocols and vulnerabilities within the Intranet server and suggest secure protocol improvements to improve security for web authentication. • Design a cloud computing environment for the company with a secure means of data protection at rest, in motion and in process. • Assess all known vulnerabilities on each asset in this environment and impacts if compromised. • Using the asset inventory and the assigned values (monetary and priority) conduct a quantitative and qualitative risk assessment of the HFI network. • Recommend risk mitigation procedures commensurate with the asset values from your asset inventory. Feel free to redesign the corporate infrastructure and use any combination of technologies to harden the authentication processes and network security measures.
  • 11. • You are welcome to make assumptions for any unknown facts as long as you support your assumptions. • The Title Page, Table of Contents and References page(s) don’t count in your 15 page minimum!!! Risk Assessment Paper Rubric You are given a fictional scenario above describing security issues affecting organizational assets. You will identify the risks associated with the assets, and recommend mitigating procedures. You will prepare a quantitative / qualitative risk assessment to address risk factors on organizational assets. Your final paper will be 15–25 pages long in a Word document (double-spaced with 12 point font) with APA citations for the resources you used in your research and will be graded using the following rubric. Criteria Non-compliant Minimal Compliant Advanced Executive summary of risk assessment. Did not include an executive summary. (0)
  • 12. Included an executive summary but lacks details. (3) Included an executive summary in details, but did not address the mission objectives. (7) Included an executive summary in details, and addressed mission objectives. (10) Inventory assets and prioritize them in the order of mission criticality. Did not inventory or prioritize assets in the order of mission criticality. (0) Inventoried assets but did not prioritize them in the order of mission criticality. (3) Inventoried, prioritized assets, but did not address mission objectives in their asset priority. (7) Inventoried, prioritized
  • 13. assets and addressed mission objectives in their asset priority. (10) Evaluate enterprise topology and perimeter protection. Did not evaluate enterprise topology and perimeter protection. (0) Evaluated enterprise topology but did not include perimeter protection measures. (3) Evaluated enterprise topology, perimeter protection measures, but did not address mission objectives. (7) Evaluated enterprise topology, perimeter protection measures, and addressed mission objectives. . (10) Evaluate remote access to the networks.
  • 14. Did not evaluate remote access protocols and safeguards to the network. (0) Evaluated remote access protocols but did not address security safeguards to the network. (3) Evaluated remote access protocols, security safeguards to the network, but did not address mission objectives. (7) Evaluated remote access protocols, security safeguards to the network, and addressed mission objectives. (10) Evaluate authentication protocols and methodologies. Did not evaluate authentication protocols and methodologies. (0)
  • 15. Evaluated authentication protocols, methodologies but with insufficient data or inadequate description. (3) Evaluated authentication protocols, methodologies with supporting data and description, but lacks mission objectives. (7) Evaluated authentication protocols, methodologies with supporting data, description; and addressed mission objectives. (10) Assign asset values to organization assets for quantitative / qualitative risk assessment. Did not assign asset values to organization assets for quantitative / qualitative risk assessment. (0) Assigned asset values
  • 16. to organization assets for quantitative / qualitative risk assessment but incomplete. (3) Assigned asset values to organization assets in a complete assessment, but did not address mission objectives. (7) Assigned asset values to organization assets in a complete assessment, and addressed mission objectives. (10) Assess vulnerabilities on each asset and impacts if compromised. Did not assess vulnerabilities on each asset and impacts if compromised. (0) Assessed vulnerabilities on each asset and impacts if compromised; but incomplete. (3)
  • 17. Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory but did not address mission objectives. (7) Assessed vulnerabilities on each asset and impacts if compromised; of complete inventory and addressed mission objectives. (10) Evaluate web access protocols and vulnerabilities and Cloud Computing Did not evaluate web access protocols and vulnerabilities and Cloud Computing (0) Evaluated web access protocols and vulnerabilities or Cloud Computing. (3) Evaluated web access
  • 18. protocols and vulnerabilities and Cloud Computing but did not address mission objectives. (7) Evaluated web access protocols and vulnerabilities and Cloud Computing and addressed mission objectives. (10) Criteria Non-compliant Minimal Compliant Advanced Recommend risk mitigation procedures commensurate with asset values. Did not recommended risk mitigation procedures commensurate with asset values. (0) Recommended risk mitigation procedures commensurate with asset values, but incomplete. (3)
  • 19. Recommended risk mitigation procedures commensurate with asset values of complete inventory, but did not address mission objectives. (7) Recommended risk mitigation procedures commensurate with asset values of complete inventory, and addressed mission objectives. (10) Formulate 15-25 pages of a quantitative or qualitative risk assessment in APA format. Did not follow proper quantitative or qualitative risk assessment format, and failed to conform to APA format. (0) Followed proper quantitative or qualitative risk assessment format but did not conform to APA format. (3)
  • 20. Followed proper quantitative or qualitative risk assessment format and conformed to APA but insufficient reference list and page count. (7) Followed proper quantitative or qualitative risk assessment format and conformed to APA in a sufficient reference list and page count. (10) Figure 1 HFI Executive Organizational Chart BACKGROUND AND YOUR ROLECORPORATE OFFICE NETWORK TOPOLOGYCONSIDERATIONS WHEN CONDUCTING THE RISK ASSESSMENT:ASSIGNMENTSRisk Assessment Paper Rubric