Background
Peanut Processing Services (PPS) is a data collection, analysis and processing company operating from an office within Subiaco, Western Australia. PPS are used by large organisations to conduct surveys and data analysis. In most instances, the data collected is highly confidential and must adhere to strict integrity requirements. Data collection takes place on an online website, but in some instances via paper. PPS operates under a four business-day turn-around time – meaning they cannot afford downtime, in order to maintain their current business reputation. PPS currently employs twelve people, each using a company issued, Windows laptop.
A year ago, an employee’s laptop hard drive crashed, and the data was lost – this incident resulted in the company losing a valuable customer. In recent months, one employee’s laptop was targeted with ransomware, and the company paid the ransom as they could not afford the downtime. In another breach of security, an office assistant was caught using a computer that had not been logged out of and then accidentally deleted data on an employee’s laptop. Last week, one employee left their laptop unattended in their vehicle. The vehicle was broken into, and the laptop was stolen. The manager has provided you with the following additional information pertaining to the organisation’s IT equipment.
Each laptop is using Windows 10, with automatic updates enabled.
None of the laptops contains any security software beyond the Windows defaults.
Each laptop accesses the Internet via a wireless connection to a broadband router.
There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cyber security conscious behaviours.
Confidential data is emailed/stored without using any cryptographic techniques.
week an employee found a USB flash drive in the car park and plugged it into their computer. Since then, the employee has claimed that the computer appears to have “a mind of its own”.
Data collection instruments used online are secure and hosted by a third party provider.
Instructions
You have been hired to identify the most significant cyber threats in 2020 to the company and devise a security solution. The employees are comfortable, and reluctant to change their current cyber security behaviours. Many of the employees believe that the company is functioning correctly and does not need a new cyber security operational model. The PPS manager is committed to addressing the cyber security issues and improving the culture of the workplace, and has allocated $25,000 to this project. The PPS manager has little understanding and knowledge of the prominent threats that could target the company. The manager has requested that you compile a small, succinct report addressing the five critical cyber security issues for 2020. In producing your solution, you should address the following requirements:
1. Why the chosen cyber security issue should be addressed immediately. You must convince management that your five chosen cyber security issues are in fact the most prevalent and significant threats for 2020.
2. A detailed explanation/demonstration of how you propose to address the issue.
3. Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your solution to alternatives)?
4. A detailed breakdown of the cost in addressing the selected issue.
