Report on Organizational Security Threats and Vulnerabilities
Prepare a detailed written report discussing the potential security threats and vulnerabilities of a fictitious organization, Adventure Scuba and Diving Institute (ASDI).
See the Specification section for more details on assignment submission requirements.
Scenario:
Adventure Scuba and Diving Institute (ASDI) is located in the United States and offers training and certification programs for scuba and deep-sea diving. ASDI is a premier training school in the area of diving and scuba and has developed a wealth of proprietary training resources, videos, guides and manuals. The school suspects that competitors have tried to breach the organization’s computer systems to gain access to these training materials.
ASDI’s network is comprised of two web servers, two file servers, one email server, 50 employee workstations, and a 50-workstation student computer lab. The school also has public and private Wi-Fi availability throughout the campus.
Your firm has been hired as the IT security analyst to review, evaluate, and make recommendations with respect to maintenance of security of the organization’s computer and network systems. You have been charged by your supervisor to prepare a preliminary report documenting the most critical security threats that ASDI faces. Your supervisor has given you the following resources that might be useful in your research and analysis:
An article on the Help Net Security website (Links to an external site.)
Common Vulnerabilities and Exposure (CVE) database search (Links to an external site.)
Security organizations, such as Secunia (Links to an external site.)
Your supervisor has asked you to consider and account for the following questions as you shortlist the threats and prepare your report:
What threats are new this year and which have become more prevalent?
Why are these threats more common and why are they important?
What threats remain constant from year to year? Why?
What threats do you believe will become more critical in the next 12 months? Why?
Has an exploit been released?
What is the likelihood of an exploit?
How widely used is the software or system?