Project Part 1: Risks, Threats, and Vulnerabilities Scenario Fullsoft, Inc. is a software development company based in New York City. Fullsofts software product development code is kept confidential in an effort to safeguard the companys competitive advantage in the marketplace. Fullsoft recently experienced a malware attack; as a result, proprietary information seems to have been leaked. The company is now in the process of recovering from this breach. You are a security professional who reports into Fullsofts infrastructure operations team. The Chief Technology Officer asks you and your colleagues to participate in a team meeting to discuss the incident and its potential impact on the company. Tasks Prepare for the meeting by deliberating on the following questions: How would you assess the risks, threats, and/or vulnerabilities that may have allowed this incident to occur, or could allow a similar incident to occur in the future? What insights about risks, threats, and/or vulnerabilities can you glean from reports of similar incidents that have occurred in other organizations? What potential outcomes should the company anticipate as a result of the malware attack and possible exposure of intellectual property? Which countermeasures would you recommend the company implement to detect current vulnerabilities, respond to the effects of this and other successful attacks, and prevent future incidents?

Part 2: System Hardening Scenario After the productive team meeting, Fullsofts CTO engages in further analysis and establishes a plan to mitigate risks, threats, and vulnerabilities. As part of the mitigation plan, you and your team members will configure baseline security on all workstations. You will ensure that the antivirus software is running properly, remove unnecessary software and services, and implement a control related to password hacking attempts. You have been asked to train a new employee by demonstrating how to implement system hardening on a local workstation. Tasks Ensure that you are logged in as an administrator. Using a computer that has Windows 7* installed: Review the antivirus program and ensure it is up to date and running a full scan of the system. Disable at least five unnecessary services from the default installation of Windows 7. Configure audit logging to identify all failed password attempts into the system. * If possible, complete these tasks using a personal computer with the default installation of Windows 7. If you do not own the necessary hardware and software, consult with your Instructor about alternatives. After your work on this project is complete, you may need to return the settings to the previous configuration.