AAB (a fictitious company) is an HK mobile network operator and internet service provider. The company is looking to become one of the largest mobile network operators in HK, with approximately two million subscribers as of November 2020. Its main office and data centre is located in London. The company recently opened a new site and data center in China in May 2021. AAB launched a new on-demand TV service for broadband customers in March 2021. The service is provided on an internet-connected TV box or through an app on selected computers, mobile devices, and Smart TVs. Subscribers to the new TV service will need to create an online account using an email address and password, first and last names, addresses, and credit card details. Subscribers are then able to manage their online accounts and make payments to renew their subscriptions through the companys e-commerce website and mobile app. All digital copies of popular shows and movies streamed by subscribers are stored on multiple servers at both data centers. In May 2021, the company suffered a major fire incident that caused physical damage to the data centre and destroyed a Network Attached Storage (NAS) device used to back up sensitive company documents and files. To allow staff at the different company sites to easily share company files, documents and backups following this incident, the network administrator decided to set up a temporary internal file server that is accessible to all employees. Since the start of the pandemic in 2019, some employees at AAB who work off-site can access their workstations remotely from home. Most of the employees are happy with the flexibility of being able to work from home or from anywhere with access to the public internet such as cafes, airport lounges or restaurants. Recently, the company received a fine of HKD40,000 after several emails, which contained details of several customers personal information and account details, were sent to the wrong customers. An investigation into the incident revealed that an employee selected the wrong email addresses during the creation of an email distribution list. The data itself was not encrypted and thus was able to be viewed by unintended recipients.

Network Overview The HK and CHINA sites are all interconnected using Cisco RV340 Series routers to ensure that all employees have access to the network resources that they need to be productive. Remote employees have a Remote Desktop Protocol (RDP) client application installed on their computers which they use to remotely access the companys internal network.

HK Site Network: The companys main e-commerce website used by its customers to manage their TV subscriptions has the following setup as shown below: Apache HTTP Server 2.4.50 Magento Commerce version 2.4.2 Oracle GlassFish Server Open-Source Edition 4.1 MariaDB version 10.2 The internal file server (hosted at the London site) is configured to use File Transfer Protocol (FTP) and allows employees to log in using a shared username: FTP user and password: @W0nd3rFul567 The diagram of the companys network architecture is shown below:

This is a complex scenario; you should read it several times to identify what you consider to be critical information that needs to be secured, and where you think the threats may come from. You will need to make some reasonable assumptions here since the scenario does not provide a complete list of data/information or technology employed.

The diagram of the company's network architecture is shown below: his is a complex scenario; you should read it several times to identify what you consider to e critical information that needs to be secured, and where you think the threats may come m. You will need to make some reasonable assumptions here since the scenario does ot provide a complete list of data/information or technology employed. - Analyse the scenario and identify what you consider to be the FIVE (5) most important electronically held information assets for Wonder Telecoms. Justify your decision. This section of the report should be approximately TWO HUNDRED AND FIFTY (250) words. - Create a table (see below) that lists the assets. For each asset identify the main security threats that you think could affect its confidentiality (C), integrity (I) or availability (A). Remember, threats can be accidents as well as malicious. There are likely to be multiple threats for each asset and the same threats are likely for several assets. - Complete the columns of the table by assessing the likelihood of the threat being successful and the impact that it would have on the company. In this scenario you should consider Low/Medium and High definitions as follows: - Now complete the Risk column by using the following Risk matrix