Company M designs, manufactures, and sells electronic door locks for
commercial buildings. The company has approximately 1,500 employees in
three locations around the United States and generates $50 million in
annual revenues. Over 5,000 wholesalers and distributors access the
Company M business-to-business (B2B) Web site to place orders and track
fulfillment. In the past year, Company M experienced 22 information
security incidents, most of which involved lost or stolen laptops,
tablet PCs, and smartphones. In addition, the company dealt with four
serious malware events that originated from an unpatched server, an
insecure wireless network used in the manufacturing plant, an insecure
remote connection used by a sales person, and a headquarters employee
who downloaded a game from the Internet to her workstation. Three of the
malware incidents resulted in files that were erased from the company’s
sales database, which had to be restored, and one incident forced the
B2B Web site to shut down for 24 hours.
Discussion requirements
- Identify and discuss technological and financial risks that Company M faces.
- Which domains of the IT infrastructure were involved during the four malware events?
- What types of security policies should Company M institute to mitigate those risks?
- Reference your work
Field of study:
No answers yet