The EOS project requires students to write a research paper of up to 3000 words on potential security vulnerabilities at Umesco, a financial consulting company, in light of their plans to allow mobile access to an outdated ERP system. Students must identify security threats and develop an effective protection plan, utilizing credible sources and APA guidelines. The paper should be formatted in MS Word and include an executive summary for the CIO, highlighting the threats identified and the proposed security measures.

1. Assignment: The EOS Project will require the student to write
a research paper not to exceed 3000 words, double-spaced,
excluding the title page and works cited section. All references
must be from authentic, established and reliable sources (sites
like Wikipedia will not be accepted). This assignment must
contain a minimum of 8 resources. When selecting credible
sources to use in your research documentation, peer-reviewed
journals, governmental publications and newspapers/magazines
tend to be the best places to begin. Submitted document must
be in MS Word format (.doc or .docx).
Your paper must address the following scenario:
· You are the newly hired Network Security Administrator for
UMESCo, a financial consulting company. This company has
seven branch offices around the country, connecting to the
primary office over L2TP/IPSEC VPN tunnels. There are one
hundred employees at the main office, and an average of 25 at
each remote office. All employees have access to FinanceWare,
the antiquated and proprietary financial ERP system used by
your company, via the SSH-based client installed locally on
their Windows 8.1 desktops, running in a server/client
environment. The system is maintained by the IT Department,
and all IT personnel are located full-time at the main office
where the FinanceWare system is housed.
· Recently, several of the senior staff have asked to access
FinanceWare from their mobile devices or web browsers when
on the road, or meeting with clients. The software is old, and
does not have any sort of web or mobile interface whatsoever.
The back-end product is a Microsoft SQL database, and the
front end client application is unable to be modified. The Chief
Information Officer (CIO) has stated that his Network and
System Engineers will be making changes to the firewall to
publish the FinanceWare system to an external public IP
address, allowing any mobile or web-enabled devices with
Internet access to log in from anywhere. Due to the age of

2. FinanceWare, a custom interface will need to be created by a
3rd party vendor, as there are no on-staff software engineers at
UMESCo and the software version owned does not support a
user interface for mobile clients. The vendor has stated that
they will need administrative access to the Application server in
order to set up Microsoft IIS and configure the web server
functionality to work with their newly-created web app that
interfaces directly with the SQL database on the local server.
The vendor has stated that their software will be Javascript
based, heavy with SQL statements and use custom views for the
security groups set up in SQL as the means of security. Note
that the SQL based access will allow the users to have the same
rights in the field that they have in the office based on their
user login (read only or read/write).
· The CIO has asked you to prepare a report for him detailing
what you consider to be potential security vulnerabilities with
his new plan. You must:
. Identify what you consider to be potential security threats in
the scenario above.
. Develop a plan that, by using the methods, tools and ideals
covered in this course, integrates effective security and
protection against the potential threats you have identified.
. Prepare a succinct report to the CIO of UMESCo, Mr. Smith,
detailing your identification of the threats, your plan to address
them, and the desired results of your plan. Make sure to include
an executive summary instead of an abstract since it is a
business document.
Note: The EOS Project must adhere to the standards set forth in
the APA guidelines.