Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

WEEK 9 ASSIGNMENT 1 Review the attached Case Study. (You may remember this firm from other classes.) You have been called in to evaluate the

WEEK 9 ASSIGNMENT 1

Review the attached Case Study. (You may remember this firm from other classes.) You have been called in to evaluate the physical security structure of the company in the case study.

Dalton, Walton, & Carlton, Inc. is an architecture firm with approximately 250 employees in four cities in a regional area. The main office is in Kansas City, Mo, which houses 100 of the employees. The main office is located in a small office park in a suburban neighborhood near the University of Missouri, Kansas City, Volker Campus. The satellite offices are in downtown Des Moines, IA, Springfield, MO, and Omaha, NE. Their physical security infrastructure for the main office is as follows: o The main office building is three stories tall with Dalton, Walton, & Carlton, Inc. occupying the top two floors. There are two, unrelated businesses on the first floor. DW&C leases the floors from a management company. o The building as one elevator along with a front and back staircase. o The building uses standard windows that are slightly tinted, but you can still see in from outside. The windows do not open. o Both floors are basically laid out the same. Each floor has: o Drop ceilings used throughout. o Six offices on the exterior and two interior offices. o One large conference room and two smaller ones. o The third floor as a small reception area monitored by an administrative assistant. There is a locked door leading from the reception area to the back offices that required a key card. o The admin has a master key card kept in a desk drawer. o Visitors are provided with access badges that they sign out and are supposed to return each day. These allow access to the full facility except for the server room. o When visitors sign in, they need to provide the name of their contact, but dont need to be escorted when in the facility. o Access to the building and the floors is controlled with a key card access. This access allows entry at a front and back doors on each floor. It is also used to control the small server room on the third floor. o The building management company administers the key card access server. o The front and back doors for the building open automatically at 6am and lock at 6pm, Monday through Saturday. All other times they are locked requiring key card access. o The door to the DW&C third floor reception is unlocked from 7am-6pm Monday through Friday. o The exterior and primary interior doors all have alarms that go to DW&C facilities manager and the building manager. They are deactivated during business hours as noted above. The alarms have the capability to trigger if the door is propped open, but that is not used due to past false alarms. o The server room on the third floor used to be a storage closet. o When it was converted, they added raised floor and extra air handling. o Theres also are two Tripp Lite SMART1500LCDT UPS towers that are expected to provide 90 minutes of power in a blackout. o IT also uses this facility to build and maintain servers and PCs. o The IT staff all sit outside the server room / closet. They will occasionally prop the door open when they are frequently accessing the room. o The building uses dual HVAC systems run by building management. o There is one telecommunications drop for the building. Bellevue University CYBR 510 as of: July 2014 o The main power breakers for the building are on the first floor in a room locked by building management. o Each floor has power breakers in an interior coat closet. o That area on the second floor is a storage closet housing business supplies. o The CEO and CFO both have corner offices on the third floor. Access is controlled with a standard key. Each of their offices contain multiple, lockable file cabinets containing company sensitive documents. o Employees that arent in offices are in standard cubes with 5 foot walls. o All employees have desks and cabinets that lock. o The CFOs admin assistant controls all of the keys. She also has master keys to access any room, desk, or cabinet that she keeps locked in a small safe under her desk. o There are five security cameras spread throughout the building as follows: o External Front Door o External Back Door o Interior front stairwell on the first floor o Interior back stairwell on the first floor o Facing the elevator The camera feeds go to a single DVR unit managed by building management. The CCTVs are in the building mailroom on the first floor where they are monitored by the facilities manager and mail room personnel. Their physical security infrastructure for the three remote offices is as follows: o The remote offices have approximately 50 employees and are used by sales and local design teams. o The offices are located in the downtown areas of Des Moines, IA, Springfield, MO, and Omaha, NE. The intent is to have offices in close proximity with customers. o DW&C leases building space for these offices. Each is in a multi-story office building where DW&C uses a floor or a portion of a floor. Each facility is managed by local building management. o Each building uses standard windows that are slightly tinted, but you can still see in from outside. The windows do not open. o There are offices and standard cubes in each facility. The senior director at each facility is also responsible for the safety and security of that facility. o Access to each facility is controlled using key cards administered by local building management. These systems are not tied to the main offices key card system. o Each facility has cameras so you can know who has entered/exited the building. Only one of the buildings has a camera on the interior door to access the DW&C offices. o An admin sits near the front door and monitors visitor access, but this is a part-time duty. o The doors are unlocked and unarmed based on the same schedule as the main office. Their IT infrastructure is as follows: o They primarily use Microsoft servers and PCs with a number of Mac computers used to perform design work. They use Active Directory, have a Web Server for their Internet web site, four servers used as file shares (one in each office), four servers housing their architecture Bellevue University CYBR 510 as of: July 2014 applications, a training server, five MS SQL database servers, and two Microsoft Exchange servers for email. o Each satellite office has 3-4 servers for storing files and running local applications. o Each office has its own, decentralized wireless network connected to the production network. o Each employee has a desktop or laptop PC running Windows 7. HR personnel have laptops for conducting interviews. o There is a Director of IT who has a full time staff of 5 employees, one of which does security duties part time. There are a few known issues with their infrastructure and organization: o Recently, a number of PCs and office equipment has been stolen out of the office. o Its at the data owners discretion as to whether or not to secure their data files or folders. Many do not secure their files, while some lock them so only they have access. There have been rumors that customer data and intellectual property have been lost. o Two employees recently left your company and went to your biggest competitor, where they just landed a contract with your largest account. o Vendors are allowed access to the site and computers without authorization or supervision. o Onsite staff at each location provides IT support part time along with their other responsibilities. Password resets are done by giving out a generic password Chiefs2011.

FROM THE CASE STUDY ABOVE, ANALYZE AND EXPLAIN THE FOLLOWING:

1: Provide an executive summary of your findings regarding the detective controls in place (cameras and alarms) and your recommendations.

2: List and explain areas the case study company does well for physical detection and response.

3: List and explain three areas the case study company needs improvement on its security detection, alerting, and response.

4: Provide and explain at least three (3) techniques or technologies that would improve the company's security detection, alerting, and response.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Practical Issues In Database Management A Refernce For The Thinking Practitioner

Authors: Fabian Pascal

1st Edition

0201485559, 978-0201485554

More Books

Students also viewed these Databases questions

Question

How would we like to see ourselves?

Answered: 1 week ago