Premium Essay

Understanding It Infrastructure Security Case Study

In: Computers and Technology

Submitted By englishdiva1
Words 361
Pages 2
Week 1: Understanding IT Infrastructure Security Case Study
Hello my name is YGS and I am an Independent contractor for TJX, they have requested my assistant and I will be in charge of all IT matter at TJX. In recent happenings at TJX you should by now be aware that this company was breached by a hacker by the name of the Albert Gonzalez. He stole over $170 million dollars of customer’s credit card information.
As a result TJX has taken a major financial loss and our honor and credibility is in question. The reason we are in question is because it turns out the matter was not discovered until an outside source (our gateway/payment-card processing) partners came in and performed an audit to then discover we were breached. Before the audit we should have caught the transfer of 80 GB of stored data by Mr. Gonzalez.
Prior to any breach of this company TJX should have been compliant with the payment card industry compliance and validation regulations. In complying with the Federal Trade Commission (FTC) under FTC jurisdiction our IT team should be consistently taking measures in place to keep customer information secure at all times. By being on top of things we would have been less vulnerable to an attack of this size and speared the embarrassment of not discovering the breach for over seven months.
To of eradicated this from ever happening TJX should have made sure that our payment gateway client was compliant with their firewall configuration, protect stored cardholder data encrypt transmission of cardholder data across open, public networks, use and regularly update anti-virus software, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict physical access to cardholder data, track and monitor all access to network resources and…...

Similar Documents

Premium Essay

Security Studies

...title Instructor Date Critically discuss the securitization theory – using the case study of War on terror in Afghanistan (2001-2012) Introduction Security study was in the past regarded as a sub-discipline of international relations underpinned in Anglo-American thinking. Until early 1990s, security studies were considered as a strategic studies focusing on a strong military focus. This traditional view of security involved the protection of the state and a scientific agenda to secure the state from definable threats and maintain the status quo. This is a positivist approach which was based on rationalism and realism. The Copenhagen School presented an alternative view of security studies by responding to the traditional approach of forming a clear sense of ‘what is security’. This approach is defined in three mechanisms: development of sectors approach to security, developing a regional focus on security and critically engendering a social constructivist theory of security through securitization studies. This theory will be the main focus of this discussion. To achieve a critical discussion of what securitization really entails, this paper will use the case study of USA’s war on terrorism in Afghanistan. The approach used by the US government to fight against terrorism in Afghanistan and Iraq can be considered as a securitization approach which has led to a resulted in security problems in the two countries rather than solving the issue. Securitization of USA’s...

Words: 3288 - Pages: 14

Premium Essay

Case Study Security Facilitiy Assesstment

...the drive. 2. If the Run UltraLock.exe is already present on your drive, then Double-click the Run UltraLock.exe file. 3. Review the license in the UltraLock End User License Agreement dialog box. 4. To accept the license agreement, click I Accept. (If the user does not accept it, they cannot use the software.) 5. For Enterprise mode setup, in the UltraLock Server Setup dialog box, enter the server connection URL in the Security Server URL box if the URL is not already displayed and enter your email address. You will also be required to verify your email address by entering it a second time. Then click OK. – or – If the server connection URL is displayed, click OK. If you want to learn more about Enterprise mode setup and features, please read Section IX of this document. Note: The UltraLock Server Setup dialog box only displays during Enterprise mode setup. 6. In the UltraLock User Setup dialog box, enter the password, hint information, and click OK. The UltraLock window that enables the user to perform encryption operations displays. Note: The password is case-sensitive and the hint answer must be eight characters or longer. II. Encrypting Files and Folders on Your Drive The left pane of the UltraLock main window contains a My Files folder which is a default folder provided in the application to organize your encrypted files. It functions similar to the My Documents folder on your PC. You can also create new folders at the same level as My Files or subordinate folders......

Words: 2861 - Pages: 12

Premium Essay

Understanding Critical Infrastructures

...•What have you learned from others' responses? Critical Infrastructure is the basic foundation of the National economy of United States of America along with its health and security. It is because the power that has been used peoples in their homes, water that has been drunk, transportation used for mobility and the system of communication which has been used for connectivity between different peoples all belongs to the existence of such critical infrastructures. As they are of very sensitive nature so their security and pre caution measures are also needed to be taken with great importance (Homeland Security, 2013). Critical infrastructure is defined as an asset, network or system, either real or virtual, which is of crucial importance to the United States of America and their destruction may cause a devastating effect on the national or economic security, public safety or health or combination of them. •What were the most compelling points from the interaction with your fellow students? The most compelling points that I though was how identical our process of thinking in the way we chose what sectors to write about and how valuable each one of those sectors contribute to our daily lives. I just can’t imagine how we couldn’t live without them and we as a nation have to what we can to protect all of our resources. •How did participating in this discussion help in your understanding of the Discussion Board task? By participating in the DB’s it give you an insight of what...

Words: 430 - Pages: 2

Free Essay

Case Study Cyber Security

...to use artificial intelligence failed was because it was difficult to extract knowledge from the experts. It was also very expensive to keep running,so this definitely played a role in the demise of previous attempts. Due to limited capabilities there was a lack of business applications. There was also a lack of interest in the technology all together. Some of the key differences were the reduction of overhead, which primarily was due to maintenance. The new AI also was embeded directly into the workflow and was not a separate step in the process. The new one also translates into action. 2. What types of decisions are best suited for automated decision making? Provide several examples of successful applications from the companies in this case to illustrate your answer. There are many decisions best suited for automated decision making, but the first that stands out to me is that inputs are available electronically rather than human input. There is also more frequency in automated decision making. The automated decision making problems are not so broad, but are more narrow and well defined. One example of successful application is bank credit customers can complete the application within five minutes, at which point the automated process begins. After being used initially by airlines to optimize seat pricing, decision-making technology has since been applied to a variety of areas, includ­ing flight scheduling and crew and airport staff scheduling this is another good example......

Words: 527 - Pages: 3

Premium Essay

Firewalls and Infrastructure Security

...whose purpose is to enforce a security policy across its connections. It is comparable to a wall that has a window where the wall serves to keep things out, except those permitted through the window. A security policy acts like the glass in the window; it permits some things to pass, light, while blocking others, air. The heart of a firewall is the security policy that it enforces. Security policies are a series of rules that define what traffic is permissible and what traffic is to be blocked or denied. These are not universal rules, and there are many different sets of rules for a single company with multiple connections. A web server connected to the Internet may be configured only to allow traffic on port 80 for HTTP, and have all other ports blocked. An e-mail server may have only necessary ports for e-mail open, with others blocked. A key to security policies for firewalls is the same as has been seen for other security policies, the principle of least access. Only allow the necessary access for a function, block or deny all unneeded functionality. How an organization deploys its firewalls determines what is needed for security policies for each firewall. The security topology will determine what network devices are employed at what points in a network. At a minimum, the corporate connection to the Internet should pass through a firewall. This firewall should block all network traffic except that specifically authorized by the security policy. Blocking......

Words: 1184 - Pages: 5

Free Essay

Network Infrastructure Security

...Network Infrastructure Security Robert Collazo Rasmussen College Network Infrastructure Security The first thing that I will be covering is the virtual private network in windows 7. A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name "virtual private network”. The following authentication protocols are supported for logon security for VPN connections in Windows 7: * PAP Stands for Password Authentication Protocol; uses plaintext (unencrypted) passwords. * CHAP Stands for Challenge Handshake Authentication Protocol; uses one-way MD5 hashing with challenge-response authentication. * MSCHAPv2 Stands for Microsoft Challenge Handshake Authentication Protocol version 2; an extension by Microsoft of the CHAP authentication protocol that provides mutual authentication of Windows-based computers and stronger data encryption. MSCHAPv2 is an enhancement of the earlier......

Words: 683 - Pages: 3

Free Essay

Security Week 4 Case Study

...Security Threats And Attacks Week 4 Case Study Dustin Soria Security Threats And Attacks Week 4 Case Study Dustin Soria 2014 2014 Recent statistics show that a large percentage of people have the idea that computer security is an issue that only affects organizations. Many people believe that, at a personal level, there is little that one can have to do with their information especially because they don’t see if someone will need their information. In contrast, there is a lot of useful information that a third party may obtain from a personal computer that the user may not even realize. For instance, a user may have sensitive information that would lead to his or her private life, secrets, or even important financial information. Such information can be used by attackers to monitor their internet activities, whether they are logged into their own personal computer on a local network, or even the internet. The victim’s sensitive information can be sold over the internet, or even to third parties such as advertisers and criminals among others. As such, it is important that serious security measures are taken to protect one’s personal computer from such security issues. There are numerous security threats that can be on a personal computer. One of the most common threats is a Virus. A Virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge of the user. A Virus can only spread when it is transmitted by a......

Words: 796 - Pages: 4

Premium Essay

Project Deliverable 5 Infrastructure and Security

...Project Deliverable 5: Infrastructure and Security This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted.......

Words: 724 - Pages: 3

Premium Essay

Case Study 3: Security

...Case Study 3: Security 1. Analyze the new system and determine the design issues with this new system. With any type of fast-food restaurant grease and other types of oils are used in the process to create the food that is delivered to the customers. Since these oils are being used to create the food the employees need to touch the food and most times to either cook it or deliver the food to the customers. The unfortunate handling of this food causes the employees to get grease on their hands and fingers. This can be an issue with the design because after time the grease built up will cause the screen to become unresponsive or unreadable as well. Another design issue that the new system has is a two part security issue. First is a lack of security giving the ability for employees to login into the register interface for other employees that have forgotten their user id and passwords. This is huge concern for the management because each employee is responsible and accountable for their time on the register and money that goes into the register as well. If other employees are logging into the system for them, and the register comes out short at the end of the night, there is no body to hold accountable for the missing money. This huge security risk for management, all employees should be held accountable for their time on the register and not be logging into the system for other employees. The other security concern that is a design issue with the new system...

Words: 1983 - Pages: 8

Free Essay

It Infrastructure Security

...one specific scope couldn't access remote network segments 9. Test connecting to resources by IP address rather than server name You can also try connecting to network resources by their IP address instead of by their name. If you can access previously inaccessible resources by using IP addresses, you can bet that a DNS problem is to blame. If that happens, you should check to see which DNS server VPN clients are configured to use. 10. Determine if users are having performance problems Sometimes, users may find that although a VPN connection is functional, it is painfully slow. When this happens, you will have no choice but to do some performance monitoring on your infrastructure servers to ensure that they are not experiencing performance bottlenecks. Sometimes it might just be the infrastructure servers are the source of performance problems, you will usually have multiple users complaining about poor performance. If only a single user is complaining, the problem is likely to be related to that user's Internet connection....

Words: 1125 - Pages: 5

Premium Essay

Case Study: Mobile Device Security and Other Threats

...Case Study: Mobile Device Security and Other Threats Strayer University Authors Note This paper was prepared for CIS 502 – Theories of Security Management Abstract Mobile communication and computing devices are integral part of today’s business. This provides the executives the opportunity to work from virtually anywhere anytime and became one of the most valuable tools to make business communications. However, due to the nature and size of the device and communication methods, the devices are prone to be lost or compromised and can fall into the hands of unauthorized persons, which makes these devices a very big security concern for the businesses. In this paper the nature of IT related threats faced in 2014 are discussed along with the security issues of mobile devices. a) Security threats presented within the “Security Threat Report 2014” report: The security report of Sophos (Security Threat Report 2014 Smarter, Shadier, Stealthier Malware. (n.d.). Retrieved August 19, 2014, from http://blackboard.strayer.edu/bbcswebdav/institution/CIS/502/1144/Week8/sophos-security-threat-report-2014.pdf) highlights the emerging security risks in the world. It the report, they have identified the following concerns for 2014: a. More efficient Botnets: The botnets become more resilient and stealth by the year 2014. Along with many known attributes, the sharing and copying botnet codes have resulted in emerging new botnets which are being used for various......

Words: 1993 - Pages: 8

Premium Essay

Soc 205 Case Study 1: Understanding the Court System

...SOC 205 Case Study 1: Understanding the Court System Follow Below Link to Download Tutorial http://homeworklance.com/downloads/soc-205-case-study-1-understanding-the-court-system/ For More Information Visit Our Website ( http://homeworklance.com/ ) Email us At: Support@homeworklance.com or lancehomework@gmail.com Case Study 1: Understanding the Court System Due Week 3 and worth 200 points The U.S. Court System is a complex system that includes both federal and state-level courts. The federal system includes the judicial branch of the government. This system is designed to help society interpret the U.S. Constitution and provide guidelines for society. Court cases may concern many different topics and have an unlimited number of outcomes. Use the Internet or Strayer databases to research a civil or criminal court case in which you are interested. Write a five to eight (5-8) page paper in which you: 1. Summarize the seminal facts of the case that you chose. 2. Explain the main laws that have been violated in the case that you chose. 3. Describe the possible penalties that could be associated with the laws that you just described. 4. Explain whether your specific case was heard in the state or federal court system, and include any related jurisdictional requirements. Explain the fundamental reasons why it was necessary for the case to be heard in that particular court system. 5. Summarize the outcome of the case, and indicate whether the judge or......

Words: 486 - Pages: 2

Premium Essay

Soc 205 Case Study 1: Understanding the Court System

...SOC 205 Case Study 1: Understanding the Court System Follow Below Link to Download Tutorial http://homeworklance.com/downloads/soc-205-case-study-1-understanding-the-court-system/ For More Information Visit Our Website ( http://homeworklance.com/ ) Email us At: Support@homeworklance.com or lancehomework@gmail.com Case Study 1: Understanding the Court System Due Week 3 and worth 200 points The U.S. Court System is a complex system that includes both federal and state-level courts. The federal system includes the judicial branch of the government. This system is designed to help society interpret the U.S. Constitution and provide guidelines for society. Court cases may concern many different topics and have an unlimited number of outcomes. Use the Internet or Strayer databases to research a civil or criminal court case in which you are interested. Write a five to eight (5-8) page paper in which you: 1. Summarize the seminal facts of the case that you chose. 2. Explain the main laws that have been violated in the case that you chose. 3. Describe the possible penalties that could be associated with the laws that you just described. 4. Explain whether your specific case was heard in the state or federal court system, and include any related jurisdictional requirements. Explain the fundamental reasons why it was necessary for the case to be heard in that particular court system. 5. Summarize the outcome of the case, and indicate whether the judge......

Words: 486 - Pages: 2

Premium Essay

Soc 205 Case Study 1: Understanding the Court System

...SOC 205 Case Study 1: Understanding the Court System Follow Below Link to Download Tutorial http://homeworklance.com/downloads/soc-205-case-study-1-understanding-the-court-system/ For More Information Visit Our Website ( http://homeworklance.com/ ) Email us At: Support@homeworklance.com or lancehomework@gmail.com Case Study 1: Understanding the Court System Due Week 3 and worth 200 points The U.S. Court System is a complex system that includes both federal and state-level courts. The federal system includes the judicial branch of the government. This system is designed to help society interpret the U.S. Constitution and provide guidelines for society. Court cases may concern many different topics and have an unlimited number of outcomes. Use the Internet or Strayer databases to research a civil or criminal court case in which you are interested. Write a five to eight (5-8) page paper in which you: 1. Summarize the seminal facts of the case that you chose. 2. Explain the main laws that have been violated in the case that you chose. 3. Describe the possible penalties that could be associated with the laws that you just described. 4. Explain whether your specific case was heard in the state or federal court system, and include any related jurisdictional requirements. Explain the fundamental reasons why it was necessary for the case to be heard in that particular court system. 5. Summarize the outcome of the case, and indicate whether the judge or......

Words: 486 - Pages: 2

Premium Essay

Security Management Case Study #1

...SMT 320 Case Study #1 Kristian Lauren R. Martin November 6, 2011 Case Study #1 Building the Foundation – Security Assessments As the security manager of a major corporation tasked with creating the initial security assessment and auditing program for the company, the first step in developing proposals for the security services would be conducting a comprehensive survey (policies, procedures and operations) of the entire facility to identify the critical factors affecting the security of the premises (Broder, 2006). The next step would be to analyze the vulnerabilities and recommend protection which is cost-effective (Broder, 2006). To start, establishing policies and procedures which define the mission of the security department should be the bare minimum in the role of the security department. These would include the following: * Protection against internal and external theft (to prevent embezzlement, fraud, burglary, robbery, industrial espionage and theft of trade secrets and proprietary information) * Developing access-control procedures (to protect the perimeter of the facility and other sensitive areas) and anti-intrusion systems * Establishing lock-and-key control procedures * Establishing a workplace violence program * Controlling the movement of people on the premises * Reviewing security personnel hiring and deploying * Establishing emergency and disaster recovery plans * Identifying the resources needed and available for the......

Words: 802 - Pages: 4