TASK 2!!


    

    

 

    

    

 


 

Contents

INTERVIEW QUESTIONS.. 2

 


 

INTERVIEW QUESTIONS

 

Q1. Has the company faced any cyber-attacks in the recent years?

Q2. How have this impacted the company?

Q3. Can you outline the network structure?

Q4. How do employees’ access to the network?

Q5. Are there any hybrid or remote workers?

Q6. How do the hybrid/remote workers access the network from a different location?

Q7. Have they been facing any connectivity issues?

Q8. Have they been facing any compatibility issues?

Q9. Where is the primarily data stored?

Q10.The company uses a SOHO router which includes a firewall, how does the firewall work?

Q11. Is there any implementation of access levels?

Q12. Are there any access control policies in place at the moment?

Q13. Has there been issues regarding the access control policies?

Q14. How often and regularly are employees undergoing training?

Q15. What content is covered in employee training?

Q16. What type of security measures does the company have at the moment, for example encryption, firewalls, strong passwords?

Q17. What type of credentials are used by employee for both admin and personal accounts?

Q18. Is there any type of physical security measures in place?

Q19. How does the company authenticate users when accessing to the network, both hybrid and office employees?

Q20. What type of authentication tools does the company currently use?

Q21. Has any staff members faced any firewall misconfiguration issues?

Q22. How does the company to plan to communicate with stakeholders in case of any data breach?

Q23. Does the company have a recovery plan in case of a ransomware attack?

Q24. How does each device connect to the network, e.g., Wi-Fi, Ethernet?

Q25. Is there any user acceptance policy in place for the company?

Q26. What cybersecurity regulations and standards does the company need to comply with (e.g., GDPR, HIPAA)?

Q27. How does the company ensure compliance with these regulations?

Q28. Are there regular security audits and assessments conducted to identify weaknesses and ensure compliance?

Q29. Are there any other concerns with the overall security management of the company that you may be concerned of?

Q30. Would you like to upgrade or replace your VPN server?

Q31. If so, is there any certain supplier that you would want to consider?

Q32. How are the staff induction videos conducted and what year technical issues does it consider?

Q33. Would you like to replace the NAS?

Q34. If so, would you like to consider alternatives such as cloud storage?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TECHNICAL EMAIL

 

FROM:

 

TO:

 

SUBJECT:

 

 

Dear Line Manager,

After having a meeting with the IT manager at NexaTechIT, I was able to grasp an overview of the current issues at the organization. I had the opportunity to ask a set of questions to understand the overall security management of the company and been able to outline the key issues that pose threat to the company.

Question:

“Has the company faced any cyber-attacks in the recent year, and how have they been impacted?”

IT Manager Response:

“Yes, the marketing company uses and holds precious costumer data which are vital in order to keep integrity in the organization”

Key Issues:

There have been recent successful cyber-attacks within the organization. This prove the fact that there are some gaps and vulnerabilities within the security system, this need to be resolved as soon as possible to make sure that the company doesn’t have any future successful attacks. If not protected, it can lead to many consequences such as legal, financial, social issues which can have a massive impact on the organization.

 

Question:

“Have the company been facing any connectivity issues?”

IT Manager Response:

“There have been occasions where hybrid workers have reported issues such as VPN dropping and office workers complaining about the wireless connections.”

Key Issues:

The issue of VPN dropping could be due to the high amount of traffic. This could lead to multiple issues such as employee work rate decreases as they may not have access to the resources in order to carry with the work. This can lead to delays with the company projects which can further delay the deadlines which can upset stakeholders and lead to loss in sales and costumers.

Question:

“Is there any implementation of access levels?”

IT Manager Response:

“All staff has been provided with a shared admin accounts and are able to download software as they wish”

Key Issues:

Users having access to admin accounts can introduce many concerns such as user installing unsecured software which can attached viruses and worms which would move around the network and affect other devices which would lead to consequences such as modification and data loss which can affect the company as there might be costumer data which is crucial to be protected due to regulations and legislation.

……

To conclude, my findings from the interview with the IT manager have made aware of the main concerns such as:

….

Thanks for your time and I hope this email reaches you well. Hope this will help you make and recognize appropriate changes required to enhance security in the company.

 

Kind Regards,

Your Sincerely,

Hardeep Singh.


 

NON-TECHNICAL EMAIL

 

 

FROM:

 

TO:

 

SUBJECT

 

 

 

 

 

 

 

 

 

 

 

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2