The requirements for the project are listed here:
Using the same Case Study from weeks
4&5 (see link below), you are to create the Project Plan for an audit
of Dalton, Walton, & Carlton, Inc. Your document should show the
plan for conducting an audit of the IT for that company. Include all of the
steps normally associated with projects, as well as anticipated end-results for
this IT audit project. Think like a project manager and use the resources on
the PMI site linked above. You should write this as if it'll be given to
The particulars of the Case Study is listed at the bottom of this post.
CYBR 615 Case Study – Architecture Firm.
Dalton, Walton, & Carlton, Inc. is an architecture firm with
approximately 250 employees in four cities in a regional area. The main office
is in Kansas City, Mo, which houses 100 of the employees. The main office is located in a suburb
neighborhood where physical security is not considered a concern.
infrastructure is as follows:
They primarily use Microsoft servers and PCs
with a number of Mac computers used to perform design work. They use Active
Directory, have a Web Server for their Internet web site, four servers used as
file shares (one in each office), four servers housing their architecture
applications, a training server, five MS SQL database servers, and two
Microsoft Exchange servers for email.
are 20 Windows 2008 servers in the main office, twelve of which are virtualized
on three physical servers.
updates and patches are run from the main office. Most systems get Microsoft
updates once a month, but some are missed.
Also, most third party products (e.g., Adobe PDF & Flash) are not
kept up to date.
satellite office has 3-4 servers for storing files and running local
office has its own, decentralized wireless network connected to the production
employee has a desktop or laptop PC running Windows 7. HR personnel have laptops
for conducting interviews.
They outsource their email spam filter and all
HR applications to two separate third party companies.
The network sits behind a gateway router and
firewall. Antivirus is in use, but is not automatically updated across the
company. Employees often work remotely and only use their login and password to
gain access to the corporate systems.
There is a Director of IT who has a full time
staff of 5 employees, one of which does security duties part time.
There are a few known issues
with their IT infrastructure and organization:
Recently, a number of PCs and office equipment
has been stolen out of the office.
It’s at the data owner’s discretion as to
whether or not to secure their data files or folders. Many do not secure their files, while some lock them so only they have access.
There have been rumors that customer data and intellectual property have been
Two employees recently left your company and
went to your biggest competitor, where they just landed a contract with your
Vendors are allowed access to the site and
computers without authorization or supervision.
Onsite staff at each location provides IT
support part time along with their other responsibilities. Password resets are
done by giving out a generic password — Chiefs2011.
You are an independent auditor
brought in by Dalton, Walton, & Carlton’s management. They’ve tasked you
with conducting an audit of their entire IT infrastructure, organization, and