Scenario #1

You are the CTO (Chief Technology Officer) for a small Information Security Firm in central Texas. You have been employed by the company for 3 years. The corporate office is in central Texas and there is a satellite office in Waco, Texas. The company employs about 20 employees. Most of the employees work at the satellite office. The CEO, CTO, and HR person work at the corporate office.

All the employees use Mac laptops. There is currently one server located at the satellite office. The servers OS is Windows 2016 Standard. Windows is required because of commercial software needed for the forensic investigations. All other data is stored on Azure cloud services.

The satellite office is on the first floor of a three-story building located within 100 yards of a River. The server room door is protected by a key pad that uses a smart card. The server room is next to janitors closet that opens to the hallway. The outside doors to the office are protected by deadbolts. The parking lot is shared with other offices and is well lit. This area of town has been known to have frequent power outages.

Employees work remotely from home on occasion. This can be due to weather, personal reasons, or illness.

Using the scenario above, answer the following questions:

1. What are some obvious vulnerabilities surrounding the server room and the server, and what other vulnerabilities would you investigate?
2. Based on the known vulnerabilities for the server room and server, what potential threats exist?
3. What factors will affect the likelihood of these threats succeeding?
4. What do you think the potential impact would be if an unauthorized access attempt was successful?
5. What risk mitigation strategies would you use in this situation to reduce the risks surrounding the server room and server?
6. What other vulnerabilities, threats, and risks exist that you can think of in the scenario?