Task 2 Notes


Interview questions:

Attack Details

As stated, can you walk me through how the malware attack was detected?
Do we know how the attackers gained access to the network?
What kind of malware was involved in the attack ( e.g. ransomware, spyware)?

User Access and Controls

 How is user access to the NAS currently managed?
Are there different levels of access for different roles or departments?
Are multi-factor authentication (MFA) or other security measures currently in place for remote access?

Infrastructure and security measures

What security measures are in place to protect the company's network and data?
How is user access to systems and data controlled across the organization?
Are there regulator updates or patches applied to company software and systems?
What type of firewall and intrusion detection or prevention systems are in place?

User Access and Permissions

How are user accounts created, managed, and removed when staff join or leave?
Is multi-factor authentication (MFA) used for accessing systems or data remotely?
Are different access levels assigned based on job roles?

Data Protection and Backup

How does the company ensure personal and sensitive data is protected?
What is the backup process for company data, and how often are backups tested?
How long is data stored and how is it securely deleted when no longer needed?

Monitoring and Compliance

How does the organization monitor for potential security breaches or suspicious activity?
Are there any compliance standards the company follows such as the GDPR?
How often is the company's cybersecurity policy reviewed or updated?

Training and Awareness

Are employees given regular training on cybersecurity best practices?
How are staff informed about phishing, password safety, and data handling procedures?

Incident Response and Planning

Does the company have an incident response plan in place for cyber threats?
Who is responsible for managing security incidents or breaches?
Are there regular security drills or simulations conducted?
Firewall
General Configuration and Use

What type of firewall(s) does the company currently use (e.g., hardware, software, cloud-based)?
Is the firewall configured to filter both inbound and outbound traffic?
Are there different firewall rules for different departments or user groups?
Policies and Rules

How often are firewall rules reviewed and updated?
Who is responsible for configuring and maintaining firewall policies?
Are there automated alerts set up for when firewall rules are changed?
Monitoring and Logging

Does the firewall log network activity? If so, how often are those logs reviewed?
What tools or systems are used to monitor firewall logs and detect suspicious activity?
Are there any thresholds or alerts for unusual traffic patterns or access attempts?

NAS
Setup and Usage

What type of NAS system does the company use, and how is it integrated into the network?
Who has access to the NAS, and what types of files are typically stored on it?
Are there different access permissions for different users or departments?

Security and Access Control

How is access to the NAS controlled—do users need credentials or use MFA?
Is data stored on the NAS encrypted at rest and during transmission?
How are permissions reviewed and updated, especially when roles change?

SOHO routers
Setup and Configuration

What make and model of SOHO router is currently being used?
Is the router configured with the default settings, or has it been customized for the network?
Is the router’s firmware kept up to date regularly?

Security Features

Is the default administrator username and password changed?
Is the router’s firewall enabled and properly configured?
Does the router support and use WPA3 or WPA2 encryption for Wi-Fi security?

Future Improvements

Are there any planned upgrades or changes to improve the current security setup?
What are the biggest cybersecurity challenges the organization is currently facing?

TECHNICAL EMAIL

Dear …, 

After having a meeting with the IT manager at Longstaff Marketing Solutions, I was able to grasp an overview of the current issues at the organization. I had the opportunity to ask a set of questions to understand the overall security management of the company and been able to outline the key issues that pose threat to the company.

QUESTION: ""

RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

IT RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


QUESTION: ""

IT RESPONSE: ""

KEY ISSUES: 

SOLUTIONS:


….

To conclude, my findings from the interview with the IT manager have made aware of the main concerns such as:

….

Thanks for your time and I hope this email reaches you well. Hope this will help you make and recognize appropriate changes required to enhance security in the company.




Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2