TASK 2!!
Contents
INTERVIEW QUESTIONS
Q1. Has the company faced any cyber-attacks
in the recent years?
Q2. How have this impacted the
company?
Q3. Can you outline the network
structure?
Q4. How do employees’ access to
the network?
Q5. Are there any hybrid or
remote workers?
Q6. How do the hybrid/remote
workers access the network from a different location?
Q7. Have they been facing any
connectivity issues?
Q8. Have they been facing any
compatibility issues?
Q9. Where is the primarily data
stored?
Q10.The company uses a SOHO router
which includes a firewall, how does the firewall work?
Q11. Is there any implementation
of access levels?
Q12. Are there any access control
policies in place at the moment?
Q13. Has there been issues
regarding the access control policies?
Q14. How often and regularly are
employees undergoing training?
Q15. What content is covered in
employee training?
Q16. What type of security measures
does the company have at the moment, for example encryption, firewalls, strong
passwords?
Q17. What type of credentials are
used by employee for both admin and personal accounts?
Q18. Is there any type of
physical security measures in place?
Q19. How does the company
authenticate users when accessing to the network, both hybrid and office
employees?
Q20. What type of authentication
tools does the company currently use?
Q21. Has any staff members faced
any firewall misconfiguration issues?
Q22. How does the company to plan
to communicate with stakeholders in case of any data breach?
Q23. Does the company have a
recovery plan in case of a ransomware attack?
Q24. How does each device connect
to the network, e.g., Wi-Fi, Ethernet?
Q25. Is there any user acceptance
policy in place for the company?
Q26. What cybersecurity
regulations and standards does the company need to comply with (e.g., GDPR,
HIPAA)?
Q27. How does the company ensure
compliance with these regulations?
Q28. Are there regular security
audits and assessments conducted to identify weaknesses and ensure compliance?
Q29. Are there any other concerns
with the overall security management of the company that you may be concerned
of?
Q30. Would you like to upgrade or
replace your VPN server?
Q31. If so, is there any certain
supplier that you would want to consider?
Q32. How are the staff induction
videos conducted and what year technical issues does it consider?
Q33. Would you like to replace the
NAS?
Q34. If so, would you like to consider
alternatives such as cloud storage?
TECHNICAL
EMAIL
|
FROM: |
|
|
TO: |
|
|
SUBJECT: |
|
Dear Line Manager,
After having a meeting with the IT manager at NexaTechIT, I
was able to grasp an overview of the current issues at the organization. I had
the opportunity to ask a set of questions to understand the overall security management
of the company and been able to outline the key issues that pose threat to the
company.
Question:
“Has the company faced any cyber-attacks in the
recent year, and how have they been impacted?”
IT Manager Response:
“Yes, the marketing company uses and holds
precious costumer data which are vital in order to keep integrity in the
organization”
Key Issues:
There have been recent successful cyber-attacks within the organization.
This prove the fact that there are some gaps and vulnerabilities within the security
system, this need to be resolved as soon as possible to make sure that the
company doesn’t have any future successful attacks. If not protected, it can
lead to many consequences such as legal, financial, social issues which can
have a massive impact on the organization.
Question:
“Have the company been facing any connectivity
issues?”
IT Manager Response:
“There have been occasions where hybrid workers
have reported issues such as VPN dropping and office workers complaining about
the wireless connections.”
Key Issues:
The issue of VPN dropping could be due to the high amount
of traffic. This could lead to multiple issues such as employee work rate
decreases as they may not have access to the resources in order to carry with
the work. This can lead to delays with the company projects which can further
delay the deadlines which can upset stakeholders and lead to loss in sales and
costumers.
Question:
“Is there any implementation of access levels?”
IT Manager Response:
“All staff has been provided with a shared admin
accounts and are able to download software as they wish”
Key Issues:
Users having access to admin accounts can introduce many
concerns such as user installing unsecured software which can attached viruses
and worms which would move around the network and affect other devices which
would lead to consequences such as modification and data loss which can affect
the company as there might be costumer data which is crucial to be protected
due to regulations and legislation.
……
To conclude, my findings from
the interview with the IT manager have made aware of the main concerns such as:
….
Thanks for your time and I hope this
email reaches you well. Hope this will help you make and recognize appropriate
changes required to enhance security in the company.
Kind Regards,
Your Sincerely,
Hardeep Singh.
NON-TECHNICAL
EMAIL
|
FROM: |
|
|
TO: |
|
|
SUBJECT |
|
Comments
Post a Comment