Cenartech Security Case

Cenartech Security Case: Part 1

As a producer of monitoring devices that are used in food manufacturing and pharmaceutical and cosmetics manufacturing companies, the firm did not have any formal security procedures in place before Brian Galven was hired as the IT Department Manager. The firm did put in place a good IT security policy, created three separate networks for their regular users and the finance department, and the guest network which allows limited internet access for guests. Any attempted security breach to the firm involving the food, or the pharmaceutical industries, should be considered high-risk. Hypothetically, "the company used consultants and outside vendors for many of its engineering and fabrication task" Withman & Mattord (2011), p. 25 so the failed long-in attempts could be from a varying number of people or an ex-rogue employee trying to sabotage the company. I would not take the breach lightly if I was Brian since people's lives can be affected if the person(s) have bad intentions.

Reference

Whitman & Mattord (2011). Readings & Cases in Information Security: Law & Ethics. Mason, OH: Cengage Learning.

Cenartech Security Case: Part 2

As a consultant my recommendation would be for the company to establish new policies and procedures for new and existing employees. I would suggest retooling the entire user's authentication process, and provide every employee with new login credentials including a much stronger password policy.

Whitman & Mattord, (2011), p. 28 stated, "When previous employees had left the firm's business office several years ago, they had given their username and password information to their colleagues for the sake of convenience, so that the employees who remained could access the departing person's files and applications." As far as new technology, I would recommend the company establish a two-layered authentication method for every user accessing the network whether they are offsite or not. I would recommend removing Admin access to every account including System Administrators, and establish dual user accounts for everyone in the IT staff. One for everyday logins at their current workstations, and the other with elevated rights which can only be used to perform super user IT admin related tasks. I would recommend IT Security training for all employees of the firm, especially upper level management so they have a reasonable understanding of IT security.

Reference

Whitman & Mattord (2011). Readings & Cases in Information Security: Law & Ethics. Mason, OH: Cengage Learning.

...