SlideShare a Scribd company logo

No-Internal-Controls, LLC is a mid-sized pharmaceutical company .docx

Download as DOCX, PDF
P
poulterbarbara

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms. Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company. Attack Analysis: After collecting evidence and analyzing the attack, the third party was able to recreate the attack. No-Internal-Controls, LLC has a number of PCs configured for employee training These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc. The generic logins were not subject to lock out due to incorrect logins One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access  The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections The internal network utilized a flat architecture An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access The attacker installed tools on the compromised host to scan the network and identify network shares The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost Instructions: You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type. Suggest one or more policies that would help mitigate against attacks similar to this attack Suggest one or more controls to support each policy Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective. Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.   Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy 3-5 pages in length. APA format.. citations, references etc... ...

Education
1 of 3
No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms. Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company. Attack Analysis: After collecting evidence and analyzing the attack, the third party was able to recreate the attack. No-Internal-Controls, LLC has a number of PCs configured for employee training These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc. The generic logins were not subject to lock out due to incorrect logins One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections
The internal network utilized a flat architecture An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access The attacker installed tools on the compromised host to scan the network and identify network shares The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost Instructions: You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type. Suggest one or more policies that would help mitigate against attacks similar to this attack Suggest one or more controls to support each policy Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective. Keep in mind that No-Internal-Controls, LLC is a mid-sized
company with a small IT staff and limited budget Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences. Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy 3-5 pages in length. APA format.. citations, references etc...

Recommended

Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxRunning head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxwlynn1
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxhealdkathaleen
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxExcel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxgitagrimston
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security SeminarAcend Corporate Learning
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 

Recommended

Running head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxRunning head INFORMATION SECURITY1INFORMATION SECURITY6.docx
Running head INFORMATION SECURITY1INFORMATION SECURITY6.docxwlynn1
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxhealdkathaleen
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxExcel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docxgitagrimston
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security SeminarAcend Corporate Learning
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docxaulasnilda
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksSkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksSkillmine Technology Consulting
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Trusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionTrusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionIBM Security
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxjeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxtodd521
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)Pace IT at Edmonds Community College
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docx1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docxpoulterbarbara
 
0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docx0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docxpoulterbarbara
 

More Related Content

Similar to No-Internal-Controls, LLC is a mid-sized pharmaceutical company .docx

Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docxaulasnilda
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Trusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionTrusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionIBM Security
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxjeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxtodd521
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 

Similar to No-Internal-Controls, LLC is a mid-sized pharmaceutical company .docx (20)

Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
 
1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
Trusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware ProtectionTrusteer Apex Provides Automatic and Accurate Malware Protection
Trusteer Apex Provides Automatic and Accurate Malware Protection
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 

More from poulterbarbara

1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docx1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docxpoulterbarbara
 
0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docx0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docxpoulterbarbara
 
1 ITNE2003 Install, Configure, Operate and T.docx
1 ITNE2003 Install, Configure, Operate and T.docx1 ITNE2003 Install, Configure, Operate and T.docx
1 ITNE2003 Install, Configure, Operate and T.docxpoulterbarbara
 
1 Case Study #23 Is Yahoo!’s Business Model .docx
1 Case Study #23 Is Yahoo!’s Business Model .docx1 Case Study #23 Is Yahoo!’s Business Model .docx
1 Case Study #23 Is Yahoo!’s Business Model .docxpoulterbarbara
 
06identifying exceptions and RECOGNIZING WINSWe can .docx
06identifying exceptions and RECOGNIZING WINSWe can .docx06identifying exceptions and RECOGNIZING WINSWe can .docx
06identifying exceptions and RECOGNIZING WINSWe can .docxpoulterbarbara
 
08creating YOUR GAME PLANNothing will work unle.docx
08creating YOUR GAME PLANNothing will work unle.docx08creating YOUR GAME PLANNothing will work unle.docx
08creating YOUR GAME PLANNothing will work unle.docxpoulterbarbara
 
1 2Week 4 Evidence and Standards ACC49142020Week .docx
1 2Week 4 Evidence and Standards ACC49142020Week .docx1 2Week 4 Evidence and Standards ACC49142020Week .docx
1 2Week 4 Evidence and Standards ACC49142020Week .docxpoulterbarbara
 
02.05 The Bill of Rights AssessmentAssessmentYou learne.docx
02.05 The Bill of Rights AssessmentAssessmentYou learne.docx02.05 The Bill of Rights AssessmentAssessmentYou learne.docx
02.05 The Bill of Rights AssessmentAssessmentYou learne.docxpoulterbarbara
 
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docxpoulterbarbara
 
.,Discuss power, authority, and violenceDifferentiate between .docx
.,Discuss power, authority, and violenceDifferentiate between .docx.,Discuss power, authority, and violenceDifferentiate between .docx
.,Discuss power, authority, and violenceDifferentiate between .docxpoulterbarbara
 
. Why is understanding the fundamentals of persuasion and argume.docx
. Why is understanding the fundamentals of persuasion and argume.docx. Why is understanding the fundamentals of persuasion and argume.docx
. Why is understanding the fundamentals of persuasion and argume.docxpoulterbarbara
 
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docxpoulterbarbara
 
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docxpoulterbarbara
 
... all men are created equal ... they are endowed by their Cre.docx
... all men are created equal ... they are endowed by their Cre.docx... all men are created equal ... they are endowed by their Cre.docx
... all men are created equal ... they are endowed by their Cre.docxpoulterbarbara
 
-Extended definition of AI and contextual overview.-Detailed d.docx
-Extended definition of AI and contextual overview.-Detailed d.docx-Extended definition of AI and contextual overview.-Detailed d.docx
-Extended definition of AI and contextual overview.-Detailed d.docxpoulterbarbara
 
1 CDU APA 6th Referencing Style Guide (Febru.docx
1 CDU APA 6th Referencing Style Guide (Febru.docx1 CDU APA 6th Referencing Style Guide (Febru.docx
1 CDU APA 6th Referencing Style Guide (Febru.docxpoulterbarbara
 
1 How to Overcome Public Perception Issues on Potable R.docx
1 How to Overcome Public Perception Issues on Potable R.docx1 How to Overcome Public Perception Issues on Potable R.docx
1 How to Overcome Public Perception Issues on Potable R.docxpoulterbarbara
 
. Thoroughly complete each part of the prewriting process.. .docx
. Thoroughly complete each part of the prewriting process.. .docx. Thoroughly complete each part of the prewriting process.. .docx
. Thoroughly complete each part of the prewriting process.. .docxpoulterbarbara
 
. Research Paper Give a behaviorists response to the charge t.docx
. Research Paper Give a behaviorists response to the charge t.docx. Research Paper Give a behaviorists response to the charge t.docx
. Research Paper Give a behaviorists response to the charge t.docxpoulterbarbara
 
-QuestionsDiscuss how Adam vision was formedHow did he deve.docx
-QuestionsDiscuss how Adam vision was formedHow did he deve.docx-QuestionsDiscuss how Adam vision was formedHow did he deve.docx
-QuestionsDiscuss how Adam vision was formedHow did he deve.docxpoulterbarbara
 

More from poulterbarbara (20)

1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docx1 Activity Analysis of Coloring M.docx
1 Activity Analysis of Coloring M.docx
 
0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docx0 Choose one of the organizations described in the Four Case Studie.docx
0 Choose one of the organizations described in the Four Case Studie.docx
 
1 ITNE2003 Install, Configure, Operate and T.docx
1 ITNE2003 Install, Configure, Operate and T.docx1 ITNE2003 Install, Configure, Operate and T.docx
1 ITNE2003 Install, Configure, Operate and T.docx
 
1 Case Study #23 Is Yahoo!’s Business Model .docx
1 Case Study #23 Is Yahoo!’s Business Model .docx1 Case Study #23 Is Yahoo!’s Business Model .docx
1 Case Study #23 Is Yahoo!’s Business Model .docx
 
06identifying exceptions and RECOGNIZING WINSWe can .docx
06identifying exceptions and RECOGNIZING WINSWe can .docx06identifying exceptions and RECOGNIZING WINSWe can .docx
06identifying exceptions and RECOGNIZING WINSWe can .docx
 
08creating YOUR GAME PLANNothing will work unle.docx
08creating YOUR GAME PLANNothing will work unle.docx08creating YOUR GAME PLANNothing will work unle.docx
08creating YOUR GAME PLANNothing will work unle.docx
 
1 2Week 4 Evidence and Standards ACC49142020Week .docx
1 2Week 4 Evidence and Standards ACC49142020Week .docx1 2Week 4 Evidence and Standards ACC49142020Week .docx
1 2Week 4 Evidence and Standards ACC49142020Week .docx
 
02.05 The Bill of Rights AssessmentAssessmentYou learne.docx
02.05 The Bill of Rights AssessmentAssessmentYou learne.docx02.05 The Bill of Rights AssessmentAssessmentYou learne.docx
02.05 The Bill of Rights AssessmentAssessmentYou learne.docx
 
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx
0091-4169049501-0001THE JOURNAL OF CRIMINAL LAW & CRIMINOL.docx
 
.,Discuss power, authority, and violenceDifferentiate between .docx
.,Discuss power, authority, and violenceDifferentiate between .docx.,Discuss power, authority, and violenceDifferentiate between .docx
.,Discuss power, authority, and violenceDifferentiate between .docx
 
. Why is understanding the fundamentals of persuasion and argume.docx
. Why is understanding the fundamentals of persuasion and argume.docx. Why is understanding the fundamentals of persuasion and argume.docx
. Why is understanding the fundamentals of persuasion and argume.docx
 
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx
09-15 PRACTICAL EXERCISE PE 4-04-1 TITL.docx
 
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx
0Running Head NON-VERBAL COMMUNICATIONS 10NON-VERBAL C.docx
 
... all men are created equal ... they are endowed by their Cre.docx
... all men are created equal ... they are endowed by their Cre.docx... all men are created equal ... they are endowed by their Cre.docx
... all men are created equal ... they are endowed by their Cre.docx
 
-Extended definition of AI and contextual overview.-Detailed d.docx
-Extended definition of AI and contextual overview.-Detailed d.docx-Extended definition of AI and contextual overview.-Detailed d.docx
-Extended definition of AI and contextual overview.-Detailed d.docx
 
1 CDU APA 6th Referencing Style Guide (Febru.docx
1 CDU APA 6th Referencing Style Guide (Febru.docx1 CDU APA 6th Referencing Style Guide (Febru.docx
1 CDU APA 6th Referencing Style Guide (Febru.docx
 
1 How to Overcome Public Perception Issues on Potable R.docx
1 How to Overcome Public Perception Issues on Potable R.docx1 How to Overcome Public Perception Issues on Potable R.docx
1 How to Overcome Public Perception Issues on Potable R.docx
 
. Thoroughly complete each part of the prewriting process.. .docx
. Thoroughly complete each part of the prewriting process.. .docx. Thoroughly complete each part of the prewriting process.. .docx
. Thoroughly complete each part of the prewriting process.. .docx
 
. Research Paper Give a behaviorists response to the charge t.docx
. Research Paper Give a behaviorists response to the charge t.docx. Research Paper Give a behaviorists response to the charge t.docx
. Research Paper Give a behaviorists response to the charge t.docx
 
-QuestionsDiscuss how Adam vision was formedHow did he deve.docx
-QuestionsDiscuss how Adam vision was formedHow did he deve.docx-QuestionsDiscuss how Adam vision was formedHow did he deve.docx
-QuestionsDiscuss how Adam vision was formedHow did he deve.docx
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 

Recently uploaded (20)

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 

No-Internal-Controls, LLC is a mid-sized pharmaceutical company .docx

  • 1. No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms. Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company. Attack Analysis: After collecting evidence and analyzing the attack, the third party was able to recreate the attack. No-Internal-Controls, LLC has a number of PCs configured for employee training These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc. The generic logins were not subject to lock out due to incorrect logins One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections
  • 2. The internal network utilized a flat architecture An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access The attacker installed tools on the compromised host to scan the network and identify network shares The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost Instructions: You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type. Suggest one or more policies that would help mitigate against attacks similar to this attack Suggest one or more controls to support each policy Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective. Keep in mind that No-Internal-Controls, LLC is a mid-sized
  • 3. company with a small IT staff and limited budget Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences. Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy 3-5 pages in length. APA format.. citations, references etc...