Question 1 – Consider the case of the Magicka 3D Print company. The management h

Question

Question 1 – Consider the case of the Magicka 3D Print company. The management has
decided that the use of mobile devices will greatly improve the productivity of the
organization and therefore it will allow the employees to bring their own devices (BYOD) to
help with their work. Unfortunately BYOD brings in major challenges for an organization and
you have been hired as a consultant to ensure that the Magicka 3D Print company can
achieve ISO 270001/2 compliance

i) Describe at least four ways in which the BYOD approach can result in problems
for the Magicka 3D Print company. (8 marks)

ii) Provide a detailed set of measures (at least five) that have to be implemented in
order to mitigate the problems outlined in part (i) of the question. (10 marks)

iii)Describe the tactical and operational goals that would you would propose for
the implementation of your solution for the problems outlined in the above question.

MAGICKA 3D PRINT COMPANY INFORMATION

A printing company, "Magicka 3D Print" consisting of three departments (Marketing,

Press, Customer Services) is attempting to become ISO27001 compliant. The companyinformation provided is as follows:

1) Each department has its own hierarchy with general staff the reporting to three specialised staff: the department leader, the department business manager and the department's IT officer. The smallest department has only 30 employees (Marketing) while the largest department has over 55 employees (Customer Services). The company also has four directors with each director having a personal assistant.

2) Each department has its own wired network which is turn, connected to a central company server which handles the company's email, web and financial services.

The central server has its own dedicated IT staff which are reporting by the

company's overall chief IT officer.

The central server is running SUSE Linux OS. The Press department is running a

Windows 2003 server and all its staff use WINXP SP3 on the their individual PCs, while the Marketing and Customer Services departments are running different version of the

UBUNTU Linux OS.

The IT equipment is replaced in batches over a period of 36 months to ensure that no piece of equipment is more than 36 months old.

The company is using a generic firewall solution and IT staff regularly monitor

the firewall logs. Remote connections are allowed once permission has been granted by

the appropriate department leader.

The authentication is done at the local machine level only and no mobile devices are allowed

to be connected to the company's network.

3) The company considers its client details and latest graphical designs for printing (developed and stored in the Press department's network) as its key assets.

4) All staff recruited for the IT needs of the comp any are interviewed and are sent to "upskill" programs by rotation with each staff undergoing training every 4.5 years.

5) All staff are regularly informed about the security policies via notices posted on each department's notice board.

6) Each department has a guideline on the proper use of computing resources.

7) The company is located in a large four story building in which it occupies the top three

levels

-

the ground level is occupied by two coffee shops. The Marketing and Press

departments have an op

en plan arrangement with only the specialised personnel having

offices. The Customer Service department is designed to allows each member of the staff

an office. All offices can be locked and only the department leaders as well as the

company directors hav

e copies of the master keys.

8) Access to the company's levels is done via a token based entry, with each staff member

being issued with a swipe card.

9) The company has 14 IT dedicated staff and their job is to ensure that the company's system are running without significant interruptions. The primary aim of the IT staff in the company is to ensure the availability of its services via the web presence and only one low level IT staff has had any prior exposure to computer security. The company considers security important and for this reason it has regularly purchased high end computing equipment and running a firewal

Explanation / Answer

Q1) Describe at least four ways in which the BYOD approach can result in problems for the Magicka 3D Print company

Increases risk of data leakage - As workforce becomes more reliant on mobile devices, the floodgates of data leakage and threats open up, resulting in an even greater reliance on the IT department to secure mobile devices. Mobile phones and tablets are the weakest link when it comes to security and are prone to attacks. They also require regular patch updates, with the responsibility for these falling into the employee’s hands. According to Gartner, by 2017, one in two companies will no longer provide devices to their employees. Therefore the onus is on the organisations to implement policies and procedures that help employees keep their devices secure.

Exploits vulnerabilities - CIOs are having less control over the mobile devices used in their organisation, which ultimately means they are more vulnerable to attacks. Employees are downloading mobile apps and connecting to external Wi-Fi spots without having the correct security protocols in place. In fact, according to a study conducted by HP, 97% of employee’s devices contained privacy issues, and 75% lacked adequate data encryption. This creates serious security holes that can be exploited by hackers. This, coupled with the fact that your employees might not have anti-virus protection or have an up to date firewall present on their mobile devices, means they are more vulnerable to attacks.

Mixing personal and business data - One of the most obvious BYOD security challenges is coping with the storage of corporate and personal data on the same device. Ultimately there are going to be certain types of data that will be exposed throughout the organisation, so consideration needs to be given to the topic of securing this data. One of the biggest threats to mobile devices is malware that is installed unknowingly by the user, meaning malware could find its way onto the network. In addition to this, keyboard logging is another technique that is used by hackers to record login and password credentials. An effective way to overcome this is to implement one-time passwords so that users have temporary passwords each time they log in.

Poorly cared for devices - The biggest risk in this area that IT departments fear is when employee’s devices are lost or stolen. Over half of security breaches occur when devices are stolen, so it’s paramount that companies are implementing encryption tactics to ensure that the device is secure against threats. A simple but effective way to ensure that employees secure their device is by prompting them to use even basic security features like using a pin code. Those employees who don’t keep their devices up to date are at further risk of being targeted by hackers. This includes mobile operating systems as well as apps installed on the device.

Q2) Provide a detailed set of measures (at least five) that have to be implemented in order to mitigate the problems outlined in part (i) of the question

Q3) Describe the tactical and operational goals that would you would propose for the implementation of your solution for the problems outlined in the above question

Please let me know in case of any clarifications required. Thanks!

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.