The following scenario is based on an actual attack deconstructed at a seminar I attended earlier this year. The names and locations have been removed to preserve the privacy of the organization in question.

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc.

The generic logins were not subject to lock out due to incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access 

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

• Suggest one or more policies that would help mitigate against attacks similar to this attack
• Suggest one or more controls to support each policy
• Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.
• Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget
• Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.  
• Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy
• 3-5 pages in length.
• APA format.. citations, references etc…

 Wireshark is one of the most widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the preferred standard across many commercial and non-profit enterprises, government agencies, and educational institutions. GlassWire is a free network monitor & security tool with a built-in firewall. Review the features of these two products and explain how you could benefit from using either of these network management tools. 

Lab 4: Structured Query Language (SQL)

Due Week 7 and worth 75 points

Refer to the database design crested in Lab 2: Modifying a Database Design in Visio to complete this Lab. 

Perform the following steps in MySQL:

1. Create the tables and relationships from the database design discussed in Lab 2. 
2. Add at least five (5) records into each table (Note: You must determine the field values). 
3. Create a query with all fields from the student table, where the student’s last name is “Smith”.
4. Create a query that includes students’ first names, last names, and phone numbers.
5. Create a query that includes instructors’ first names, last names, and courses they teach. 

Include the following screen shots in a Microsoft Word document to show the completion of the steps above:

• Screen shot depicting the tables created within MySQL.
• Screen shots depicting the records added into each table.
• Screen shots depicting the SQL code and the query results from each of the queries created.

Your assignment must follow these formatting requirements:

• Submit the lab as a Microsoft Word document.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page is not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Prepare database design documents using the data definition, data manipulation, and data control language components of the SQL language.

 Topics for Risk Management Research Paper and Presentation The majority of the paper MUST address the highlighted topic below as it relates to Information Security Risk Management.

 Specific hardware, software, service or systems may be used as short examples but should only represent a small portion of the total paper. Select one or both of the following topics

 1. InfoSec Disaster Recovery Plans, Business Continuity Plans and Continuity of Operations Plans

 2. How Analytics is used in Information Security Risk Management.

This research paper should include approximately 7-10 Cited Works but MUST have at least 5 Cited Works of which 2 must be Peer Reviewed. Highlight in YELLOW the Peer-Reviewed works on the Reference page.  (start by creating a heading called “Peer-Reviewed works”, followed by the PeerReviewed works. Then create a heading called “All Other works”, followed by the other works). This research paper should be approximately 10 double-spaced pages (but must be at least 5 pages), using 12-font Times-Roman or Calibri-Body. The Cover Page, Reference Page and any space needed for pictures/images are not included in the required pages. Once the paper is completed, add an Overview/Executive Summary to the start of the paper. The Overview must contain at least one Hypothesis (see Rubric) and a Synopsis of what is contained in the paper. Include the Hypothesis, under the title, on the 1st page of the Powerpoint presentation. For this paper, a Hypothesis is a statement you believe to be true based on the research you conducted.

 As an example: “Small businesses are less likely to provide adequate physical security”.

 Papers containing the minimum number of references and/or minimum number of pages will most likely not earn a high grade. Go to http:// inside.ucumberlands.edu/library and search the Databases/Journals