Task 1

1: Identifying Potential Malicious Attacks, Threats and Vulnerabilities

You have just been hired as an Information Security Engineer for a Mobile Application
development company. The organization network structure is identified in the below
network diagram and specifically contains:

1) 2 – Firewalls 5) 2 – Windows Server 2012 Active Directory

2) 1 – Web / FTP server
3) 1 – Microsoft Exchange Email server
4) 1 – Network Intrusion Detection System
(NIDS)
Domain Controllers (DC)
6) 3 – File servers
7) 1 – Wireless access point (WAP)
8) 100 – Desktop / Laptop computers
9) VoIP telephone system

The CIO has seen reports of malicious activity being on the rise and has become
extremely concerned with the protection of the intellectual property and highly sensitive
data maintained by your organization. As one of your first tasks with the organization, the
CIO requested you identify and draft a report identifying potential malicious attacks,
threats, and vulnerabilities specific to your organization. Further, the CIO would like you
to briefly explain each item and the potential impact it could have on the organization.
Write a four to five (4-5) page paper in which you:
1. Analyze three (3) specific potential malicious attacks and / or threats that could be
carried out against the network and organization.
2. Explain in detail the potential impact of the three (3) selected malicious attacks.
3. Propose the security controls that you would consider implementing in order to
protect against the selected potential malicious attacks.
4. Analyze three (3) potential concerns for data loss and data theft that may exist in
the documented network.
5. Explicate the potential impact of the three (3) selected concerns for data loss and
data theft.
6. Propose the security controls that you would consider implementing in order to
protect against the selected concerns for data loss and data theft.
 7. Use at least three (3) quality resources in this assignment (no more than 2-3 years
old) from material outside the textbook. Note: Wikipedia and similar Websites do
not qualify as quality resources.

Your assignment must follow these formatting requirements:

o Be typed, double spaced, using Times New Roman font (size 12), with one-inch
margins on all sides; citations and references must follow APA or school-specific
format. Check with your professor for any additional instructions.
o Include a cover page containing the title of the assignment, the student’s name,
the professor’s name, the course title, and the date. The cover page and the
reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:
o Explain the concepts of information systems security as applied to an IT
infrastructure.
o Describe the principles of risk management, common response techniques, and
issues related to recovery of IT systems.
o Describe how malicious attacks, threats, and vulnerabilities impact an IT
infrastructure.
o Explain the means attackers use to compromise systems and networks, and
defenses used by organizations.
o Use technology and information resources to research issues in information
systems security.
o Write clearly and concisely about network security topics using proper writing
mechanics and technical style conventions.