Code galore caselet

1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case? Ans. The Problem areas in this case are: 1 The employees from the newly acquired company Skyhaven can have access to sensitive data of Code Galore because both servers have vulnerabilities that could allow an attacker to gain unauthorised remote privileged access it can be solved by using biometric security or face recognition methods as access methods that would make the data highly secure but since the company has cash crunch they can opt for access rights and permissions to the required users.

2 The source code from Skyhaven that is to be merged with the one from Codegalore is dispersed on workstations and servers alike. In this case we can install latest antivirus softwares and firewalls so that if there are malicious content on Skyhaven’s machines it will not affect code from Codegalore. 4 Code Galore employees are better aware of the company security policies than that of Skyhaven. Trainings on security can be conducted for Skyhaven’s employees so that they become aware of data security and the issues related to it. 5 Skyhaven employees do not take backups and are not aware of security configuration and patch management work. It should be made mandatory for the employees to take backups using technologies like snapshots and CDP(continuous data protection) 2. Which of the confidentiality, integrity and availability (CIA) triad is most critical to Code Galore’s business goals, and why? Ans. There current goal is to make up decent profits and improve the financial condition of the company for survival.

They want the merger with Skyhaven very urgently that too without spending much on the security they are also setting up a Wan to ease communication between both sets of employees and to allow easy access of code and data. So for code galore the most important aspect of the triad is availability and also confidentiality as the employees of Skyhaven might get access to company’s confidential data because of unavailability of security measures using various data protection techniques.

3. Change leads to risk, and some significant changes have occurred. Which of these changes lead to the greatest risk? Ans. The areas of greatest risk are :

1 Data Security: Since the companies have merged this is of prime importance as who gets to access what. 2 Confidentiality of data: The employees of Skyhaven may have access to the confidential data of code galore.

4 . Imagine that three of the greatest risk events presented themselves in worst-case scenarios. What would be some of these worst-case scenarios? Ans. The worst case scenarios would be: 1 The computers of code galore which are connected to those of Skyhaven become attacked by malicious software and viruses, that would really jeopardize the business. 2 Since the security is weak it can cause problems if the sensitive data is leaked out of the company in any way. 5. How can the CSO in this scenario most effectively communicate newly and previously identified risk events that have grown because of the changes to senior management? Ans.

The CSO can document what are the risks involved in both the cases .He should also document his suggestion s for the mitigation of new risks. He should arrange meetings with the senior management and highlight the areas which need a prompt response before they go out of hand and lead to further losses for the company. The areas of data security and access rights have to addressed on priority followed by backup and configuration related issues.