Word count: 5000
Elizabeth Chan is the CEO of a 1 year old electronics company. The company designs,
develops and manufactures the Micro Midget Widget – this is Elizabeth’s own invention and
it is a small but important component in a wide range of complex video and other specialised
hardware. Elizabeth is an engineer but she has no modern technical understanding of IT
security issues. Elizabeth has had no problems with IT Security until very recently when the
Company’s network was subject to a series of attacks. In the period of 3 days, the company’s
website was defaced, a serious virus infected the company e-mail and large quantities of data
were corrupted. Elizabeth’s IT security risk management concerns are wide ranging. She
needs to determine whether the same hackers are likely to hack the company again. She
believes the recent attacks suggest the hackers were interested in either proprietary theft of
sensitive information for personal and/ or financial gain or, to disrupt the affected company in
such a way as competitors have an edge. There is also an evidence of a previous disgruntled
employee planning for revenge against Elizabeth. Elizabeth has become very worried about
cyberterrorism and is concerned that she may inadvertently allow her unprotected system to
be the launch pad for a major denial of service attack on the Australian NII. She is also very
concerned about becoming a victim of e-crime. She believes that her company ought to
develop a Forensic Readiness plan so as to be prepared for possible action against the hackers
who have been attacking her company. Since the company is relatively new she can build
whatever security controls and purchase whatever new hardware you recommend.
1. Based on the above information, use your own imagination to come up with a company
2. Identify the risks the company currently facing and how these risks can be managed. Your
discussion can be categorized under the broad categories of people, process and technology. .
Describe the types of attack which might be made against company’s database, possible
reasons for attack, and some methods which may be used to secure the database.
3. Your client wants to add some E-Commerce functionality to her business and to use
mobile wireless devices to help in this process. Give details of the basic IT security controls
that she will need for the wired network and also provide two alternatives to deal with the
security of his wireless network.
4. Draw a basic system architecture for the company including your security controls - it is a
simple LAN, some databases, a mail server and a web server and a small wireless network.
5. Illustrate the legal and ethical issues will your client face if the data in her databases or
files is lost or damaged?
6. Provide details of the broad categories of Federal and South Australian criminal legislation
can be used to prosecute hackers and computer criminals in South Australia.
7. Advise how your client can ensure her organisation is forensically ready for possible action
against intruders to company network.
8. Analyse the company’s existing Information security policy. Evaluate the gaps and provide
an overview of suitable security policy for your Client.
1. Include minimum 8 academic references
2. Reference sources may include journal articles or conference papers or a chapter from a
3. Reference formatting- Harvard style
Purchase answer to see full