ICT50118 - Design ICT System Security Controls & Diploma of Information Technology - Devon Accounting Case Study - IT Assignment Help

Assignment Task -                 
 

Case Study

Located in Sydney, Devon Accounting is a medium-sized accounting company that offers tools and technologies to prepare all types of tax returns, including individual, sole trader, partnership, trust, and company returns. They also provide a broad range of small business accounting services, including bookkeeping, financial statement preparation, tax planning, and advice. 

The company headquarters is located in Sydney in a three-storey building with each floor being approximately 2000 square meters. The regional offices are located in Dubbo, Orange, Ballina and Kiama. All of the offices have at least one wireless access point and several of the offices have three or more. Each office has its own local internet connection. All the remote offices are connected to headquarters via a leased WAN connection.

Most of the workstations are running a mix of Windows and Macintosh operating systems. The graphics department uses Apple computers. Static IP addresses are typically assigned to common resources and DHCP is used for workstations. When the network was originally designed, IP subnets were assigned to different offices and departments. However, over time and as the network has grown, this subnet organization has broken down. Over the last several years IP subnets have been assigned and reassigned without any regard to location.

All connections to the internet are protected by firewalls and network intrusion detection systems. All the workstations have virus-scanning software and a central console is used to push out signature updates. Workstations and servers are generally kept up to date with patches and service packs. The networking staff has employed all the standard security practices one would expect to find at most organizations of this size. 

Although network security is well established in this company, there are still several IT security vulnerabilities that the company faces on a regular basis, mostly from human-machine interactions. 

For example, a salesperson who frequently holds meetings in a conference room near his office was frustrated by the lack of available network connections for meeting participants. He decided to pick up an inexpensive wireless access point at his local electronics store and plugged it in. The salesman didn’t consider that the conference room was next to the parking lot, making the access point available to the public.

Another problem they face is the amount of time it takes for the network administrator to locate infected computers whenever a virus strikes throughout the enterprise. It is always a challenge to quickly identify, locate and disable the switch ports of machines infected. It can take up to 45 minutes per workstation for a potential total of 75 hours to locate and identify the infected users. This process usually includes logging into and querying routers and switches, and physically going to the switch to identify the port and trace the wire to the workstation. This process would have been even more difficult if the workstation happened to be in a remote location should the company expand in the future. 

This process is unproductive, costly, and time-consuming. Additionally, it assumes some knowledge of the network architecture. A new network administrator who did not possess knowledge of the network topology would have a much more difficult time locating the infected workstations.

drives and online. The attack can be from a determined attacker outside or an insider threat within your business. Devon Accounting could be the victim of hacking because of its online presence.

Devon Accounting has been increasingly using cloud computing for various business processes. Xero is accounting software stored in the cloud and provides integration between the small business’s accounting software and its accounting advisors. Xero has recently become popular a choice of the tool at Devon Accounting. Office 365 is another tool used by some of the employees at Devon Accounting

One new management headache created by cloud computing is the fragmentation of where the files are stored. There is no consistency in the storage of these files which are stored on Dropbox, Google Drive, and OneDrive. It is easy to forget where the data is. Backing up all this data from different locations, or moving from one provider to another, is complex and difficult.

The use of mobile devices has increased exponentially and employees at Devon Accounting have taken up these devices enthusiastically because of convenience in the workplace. Employees felt they would get more tasks done on time if allowed to choose their own mobile tools – and even their skeptical bosses felt that the use of these consumer mobile devices in the workplace increases employee productivity.

This concept of 'Bring Your Own Device' (BYOD) - where employees use their personal devices to store business data – opens up new concerns and issues for Devon Accounting. In addition to worries about where exactly the business’s data might be ‘in the cloud’, BYOD means that any small – and easily-lost – device can easily contain vast amounts of relevant business information. Spreadsheets with pricing models, client lists, usernames, and access can easily be stored on a mobile device.

Worryingly though, the use of personal mobile devices, cloud computing services is not even mentioned in the current IT policy. Mobile devices can be gateways for new viruses, Trojan horses, and other IT-security problems, and currently, Devon Accounting is not well-equipped to address such problems.

IT security planning is important for every organization. Recently, you have been hired by your company to work as an IT Security consultant. Security controls at Devon Accounting were implemented 5 years ago. New systems, services, and IT equipment have been added to the network since then. If any small or large disaster occurs, it is not prepared to recover itself after the disaster, the result of which is the high possibility that its business processes and functions would be disrupted for a long period of time. This would also result in different kinds of losses to the company.

Devon Accounting performs its different functions and business processes with the help of different IT equipment and computer systems. You are told that it mainly wants to implement an IT Security plan and implement for its IT system. There is different IT equipment in the company networks such as servers, workstations, printers, and so on. There are also web applications which employees use in their daily operations. 

Current Security Controls:

SWOT analysis was used to identify the risks which led to the implementation of current security controls, and that was developed 5 years ago; since then a lot has changed in the company. 

The security control was implemented by the Network administrator Bill Simmons whose role was to manage the day to day operation of the network. Maintenance and management of IT security was not Bill’s forte. The company at that time chose not to recruit specialized IT security personnel. The plan was never revisited and did not include various changes and updates made to the system processes and networking devices over the years.

Furthermore, the current security policy implemented at Devon Accounting only accounts for Assets, Access Control, Password Control, and Email. It is very surprising that a business that deals with financial information of clients do not have any security policies in place for critical security issues such as the Internet, Anti-Virus, Remote access, Outsourcing, Acceptable Usage, Web Access, Wireless Security, Server Access, Information Classification, Social Media, Cloud Computing Services and Storage, external devices, etc. The consequences of employees purposely violating the company’s rules for their personal gain should also be emphasized.

With the increase of employee numbers and relocation, company director Andrew Jacobs is concerned about the IT security of the system in place and the protection of customer data stored on the system and server. 

With this and the recent reports on threats to the systems of companies worldwide, the Director together with the company's CEO, are more aware of having a IT Security controls in place. 

To address all issues the company has appointed you as an IT Security consultant, your primary role is to understand the system and processes of the company. For this case study, your Facilitator will act as an IT Manager who will provide you with the required information regarding different IT equipment, operations, and business processes of the company.

You must consult your IT Manager (your facilitator) regarding the progress of each stage during the IT Security planning process. 

The network diagram for the organization is shown below. This diagram is essential for understanding how the network works and what changes are possible in it.

This ICT50118 - IT Assignment has been solved by our IT Experts at onlineassignmentbank. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+Students in Australia, UK & US by helping them to score HD in their academics. Our Experts are well trained to follow all marking rubrics & referencing style.

Be it a used or new solution, the quality of the work submitted by our assignment Experts remains unhampered. You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turnitin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.