A0004N – How it's done

A0004N is organized around 7 themes. The first task is to produce a short reflection
that you write in order to form your opinion and view of the demo case under study.
The reflection is a free formulation without any scientific references and it aims at
clarifying your own thinking about information security. The purpose of this task is
for your personal benefit. You may review the reflection at the end of the course to
see if the course has contributed to a deeper understanding of information security.

The course is organized around weekly topic introductions. Each week’s lecture
session starts with a short group discussion about the previous week’s assignment,
and ends with a new assignment to be completed and brought to the next class.

Grading: You will receive 2.5 credits for completing all the weekly group
assignments. You will receive 5 credits for the individual examination by the end of
the course. It is the individual examination that can result in a VG grade (pass with
distinction) of the whole course. More information about the examination will follow.

Lecture plan 2022

Session Topic Content Reading
Lecture 1 – Sep 1 Introduces the course Course introduction, Chapter: 2
(13:00 – 14:30) as a whole. The aim • Terminology Papers: Von Solms, B., & Von
of the session is to • Key concepts Solms, R. (2018). Cybersecurity and
introduce key • Course outlining information security – what goes
where?. Information & Computer
terminology, the Security, 26(1), 2-9.
broad themes that
Choobineh, J., Dhillon, G., Grimaila,
will be covered and M. R., & Rees, J. (2007).
provide a firm Management of information security:
foundation upon Challenges and research directions.
Communications of the Association
which to build. for Information Systems, 20(1), 57
Deadline 1 – Sep. 4 Read the case-description below, and write a short reflection (150 words max) on your
(23:59) thoughts regarding the company’s security. Is it good or bad? What do you think? Then,
assign yourself to a group in canvas (either together, max 3 students in each group, or alone).
Lecture 2 – Sep. 5 Security Operations Terms and concepts, Chapter 4, till page 157
(13.00 – 14.30) and Administration • Policies + case-description, in particular
• Awareness section 1 and 2.
• Training Paper: Niemimaa, E., & Niemimaa,
• Classification M. (2017). Information systems
security policy implementation in
practice: from best practices to
situated practices. European Journal
of Information Systems, 26(1), 1-20.
Deadline 2 – Sep. 11 Review the case-description, and formulate two different policies of your own choice that
(23:59) you find necessary and important. They do not need to be extensive, but should contain at
least a policy motivation, compliance and three well motivated rules or regulations each.
Lecture 3 – Sep. 12 Risk Identification, Risk Assessment, Chapter 5 + case-description, in
(13.00 – 14.45) Monitoring, and • Classification particular section 2 - 4 & Appendix A.
Analysis • Threats Paper: Shedden, P., Ruighaver, T.,
• Vulnerabilities & Ahmad, A. (2006). Risk
• Impacts Management Standards - The
Perception of Ease of Use.
Deadline 3 – Sep. 18 Choose a Risk Assessment method (qualitative or quantitative) and create a small “Risk
(23:59) Management Policy”. The policy should outline the method you choose, but also define
your Information Classification, and levels of Likelihood, Impact and Risk. Based this new
policy, revisit the case-description below, and identify and assess at least three risks.
Lecture 4 Sep. 19 Treatment Strategies Security controls, Chapter 3 + case-description, in
(13.00 – 14.45) & Security Controls • Preventative particular section 2 - 4 & Appendix A.
• Responsive Paper: Baskerville, R., Spagnoletti,
• Administrative P., & Kim, J. (2014). Incident-
• Logical centered information security:
• Physical Managing A Strategic Balance
Between Prevention and Response.
Information & Management, 51(1),
138-151.
Deadline 4 – Sep. 25 Based on the result of your previous Risk Assessment, motivate and select at least one
(23:59) treatment strategy for each identified risk. Create a Risk Register to include all your risks
together with a new estimated likelihood, impact and risk after the strategy has been applied.
Lecture 5 – Sep. 26 Incident Response Plan and recover, Chapter 4 pages 157 – 173,
(13.00 – 14.45) and Recovery • Business continuity and chapter 6
• Incident response
• Disaster recovery Paper: Ahmad, A., Hadgkiss, J., &
Ruighaver, A. B. (2012). Incident
response teams – Challenges in
supporting the organisational security
function. Computers & Security,
31(5), 643-652.
Deadline 5 – Oct. 2 Revisit the case-description, identify and assess at least one new risk that could use an
(23:59) Incident Response or a Disaster Recovery Plan as mitigation strategy. Give an example of
the plan (does not need to be extensive), and update your Risk Register to include the new
risk, its mitigation strategy and a re-estimated impact and risk after the strategy is applied.
Lecture 6 – Oct. 3 Cryptology Terms and concepts, Chapter 7 + case-description, in
(13.00 – 14.45) • Cryptography particular section 3, 4 & Appendix A.
• Cryptanalysis Paper: Davies, D. (1997). A Brief
• A/Symmetric History of Cryptography. Information
• PKI Security Technical Report, 2/2, 14-17.
Deadline 6 – Oct. 9 Revisit the case-description, identify and assess at least one crypto-related risk (e.g., related
(23:59) to data confidentiality, integrity or non-repudiation) and choose a treatment strategy that
can help mitigate it. Maybe you could update a previous mitigation strategy, create an
“Encryption Policy,” or introduce some other treatment strategy? (Remember to exemplify
and update your Risk Register along with a re-estimated likelihood, impact and risk.)
Lecture 7 – Oct. 10 Networks and • Guest lecture Chapter 8 + case-description, in
(13:00 – 14:45) Communication particular section 3, 4 & Appendix A.
Security
Deadline 7 – Oct. 16 Revisit the case-description, identify and assess at least one network-security related risk
(23:59) (e.g. related to data confidentiality, integrity or availability) and choose a treatment strategy
that can help mitigate it. Maybe you could update a previous mitigation strategy, create a
“Network Policy,” or introduce some other treatment strategy? (Remember to exemplify
and update your Risk Register along with a re-estimated likelihood, impact and risk.)
Lecture 8 – Oct. 17 Systems and Terms and concepts, Chapter 9 + case-description, in
(13:00 – 14:45) Application Security • Malicious code particular section 2 - 4 & Appendix A.
• Vulnerabilities
• Exploits
Deadline 8 – Oct. 23 Revisit the case-description, identify and assess at least one software related risk that could
(23:59) be exploited to compromise e.g., information confidentiality, integrity or availability.
Choose a treatment strategy that can help mitigate the risk. Maybe you could update a
previous mitigation strategy, create a “Software Installation Policy,” or introduce some
other treatment strategy? (Remember to exemplify and update your Risk Register along
with a re-estimated likelihood, impact and risk.)
General Information
During the course you can of course communicate with me, preferably over e-mail or
the Canvas website. If you are studying on campus you are welcome to visit me, but
schedule the meeting beforehand. We can also have meetings for example on Zoom if
you have any problems.

Martin Lundgren
Tel: +46 (0)920 493990, Email: [email protected]

Campus and Distance Course

Throughout the course, we will be using “Canvas” as the teaching platform for
submitting assignments, download lecture slides and such. The canvas room can be
found at: https://ltu.instructure.com

Each lecture will be live-streamed and can be viewed on the following address,
“virtual classroom” (aka. Zoom-room): https://ltu-se.zoom.us/j/9405955786?
pwd=U0FLTkV1b2EvSGswQmtIZERETHVzZz09
Course Literature
The course book can be either read for free online through LTU library (see link
below), or ordered as a hard copy (see reference below). You can find the relevant
course literature in the syllabus available here, or simply,

• SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide,

ISBN 9781119059653
• Or read through LTU library, https://libris-kb-se.proxy.lib.ltu.se/bib/21496078
Course Aims
Upon completion of the course, the student will be able to:
• Analyse central concepts and how they relate to each other in the field of
information security.
• Apply and use the generic model in information security operations.
• Evaluate and analyse critical information resources.
• Describe and analyse threats and possible inner and outside attacks on
information resources.
• Plan and, in some senses, construct protective measures against attacks.

Plagiarism
Please not that it is forbidden to plagiarize something written by another person.
Plagiarism refers to copying texts or ideas and handing them in as one’s own work
without stating the source. The individual exam and all assignments will be subjected
to an automated plagiarism check. Therefore, they are to be written based on your
own knowledge and experiences, but you are free to use other’s ideas after
acknowledging them. The penalties for plagiarism are severe.
Assignment Case-Description: EsacOmed
1. Background
Centrally located on Sherwood Drive, Bletchley Park at Milton Keynes MK3 6EB,
lies EsacOmed. Although having been established as an organization since the early
1990s, EsacOmed is still considered an SME (Small and Medium-sized Enterprise).
More specifically, EsacOmed houses 20 employees, a CEO, and occasionally the
board. Resulting in 24 people in total, and thus seen as small by EU measurements.
Note: You choose what type of organization EsacOmed is. The choice you make
will, most probably, affect the security focus since each business have different
organizational objectives. You can choose from one of the following 10 suggestions,
or come up with one yourself.

1. Online Banking 6. Online Gaming

2. Web Hosting 7. Certificate Authority
3. Healthcare Portal 8. e-Identification
4. Political Party Platform 9. e-Payment
5. Social Media Provider 10. Cloud Storage

EsacOmed’s Vision, Mission and General Strategy; Since the early days the CEO,
Horst Feistel, has always had the vision that EsacOmed will “help individuals and
businesses realize their full potential.” This vision set out to shape the mission that
each and everyone at EsacOmed is trying to fulfil daily, “to empower every person
and every organization on the planet to achieve more.” These statements have laid the
foundation for much of the strategic planning of EsacOmed.

For example, the CEO boasts proudly on EsacOmed’s homepage with the following
general statement of strategy, that “EsacOmed provides the highest quality [your-
selected-type-of-company] service in the industry.” Similarly, the CTO/CIO usually
announce their responding strategy during board meetings that aims to help achieve
the CEO’s statement of strategy. The CTO/CIO’s statement is somewhat more
specific, and aims to “provide high level of information systems services to support
the highest quality [your-selected-type-of-company] in the industry.”

EsacOmed’s Challenge; A current procurement, by a large Government Agency, has

chosen EsacOmed as the prime candidate for the contract to provide its Information
Systems services. The contract is extensive, spanning over several years and covering
all EsacOmed’s expenses, and even allowing for the possibility to greatly expand the
business.

However, a clause in the contract of the procurement demanded that the organization
selected for the contract must have an Information Security Program. EsacOmed, a
company that started out in the CEO’s garage, have not really thought about, let alone
spent any time on security over the past years. The norm in the company motivate
everyone to be careful, but there is no strategic plan aligning any serious security
effort with the goal of the organization. Who is responsible for what? Should there be
any rules for what you are not allowed to do? How are security patches kept up to
date, or are they even kept up to date as it is? These were just the tip of the iceberg of
questions without answers at EsacOmed.
The procurement stated that any prime candidate, in this case EsacOmed, were
allowed one year to implement the required security measures. Considering the nature
of the contract, it was simply too good to lose, and so the board, CEO and CTO/CIO
decided that a mature Information Security program must be developed and integrated
at EsacOmed. The contract in question asked for a minimum of three elements to be
included in the required Information Security Program. These were: Security Policy;
Risk Management; Contingency Planning.

Your Task; This is where you come in. Before EsacOmed goes any further with
developing a full Information Security Program, the board has decided to first get an
idea of what such elements would entail and look like. You, as an independent
information security expert, have been asked to give examples of these different
types of security elements. That is, investigate EsacOmed’s case-description and
suggest a few policy statements that could fit EsacOmed’s organization and help
secure their way of working. Similarly, conduct a small risk assessment to illustrate
some current threats towards the organization, and how these could be managed.
Lastly, should however a threat be realized, EsacOmed would like to see an example
of what a contingency plan could look like.

When and How; Throughout the course, each of the mentioned elements will be
covered in class, and homework assigned to help with EsacOmed’s request. By the
end of each lecture, further details will be given on how to proceed.

The EsacOmed case-description will serve as background. It will help you formulate
policy rules or regulations, identify potential risks and sources of threat, and possible
plans for contingency.

2. Organizational Structure
The organizational structure is built in an inline, functional staff aligned structure with
the Board and CEO at the top, with each division reporting directly underneath, and
operational personnel at the bottom. There are four divisions in EsacOmed:
Accounting, Human Resources, Information Technology and Marketing & Sales.
Considering EsacOmed role as a steadily developing Information Systems provider,
the IT-department is by far the largest division.

Board

CEO

Marketing and Sales Information Technology Human Resources Accounting

Sales IT-admin. Accountant

Advertisement Technicians Bookkeeper

Developer

Illustration 1: EsacOmed Inc. Organizational Structure

Board; The board currently consists of the board chair Alan Turing, vice chair Joan
Daemen, the boards secretary Vincent Rijmen, board treasurer Taher Elgamal, and of
course, the board member and CEO Horst Feistel. The board was appointed to act on
behalf of the shareholders to run the day-to-day affairs of EsacOmed. Annually, the
board gathers to a general meeting at which performance, future plans and strategies
are reported to stakeholders. In preparation for this, the board usually meet up once a
month in EsacOmed’s meeting room, to discuss how to best proceed with future
business. For ease of use, everything is managed and distributed through a shared
FTP-folder hosted on EsacOmed’s own Web Server.
Chief Executive Officer (CEO); EsacOmed’s CEO, Horst Feistel, supervise and
control all strategic and business aspects of the company. In general, Horst is first in
command in the company, responsible for making decisions that impact the entire
company and for giving proper strategic direction as well as vision for success. Much
of this is possible thanks to Horst innovative spirit and long history in the filed. With
over 30 years of experience, Horst has a wide connection network with partners
around the world and has been chair of various steering comities, working groups and
boards over the years. EsacOmed’s “edge” comes directly from these initiatives and
connections. Since Horst is always updated on the latest trends, standardization work
and future procurements, there are always new business opportunities to exploit and
new customers to target. This keeps EsacOmed busy, but Horst tries to shield
everyone from unnecessary stress by keeping everything (connections, plans and
strategies) only on his personal smartphone. An inside joke at EsacOmed is that the
company would probably fall asunder the next day, should Horst ever decide to leave.
Accounting (2 employees); Within accounting works Taher Elgamal the accountant
responsible for the collection, accuracy, recording, analysis and presentation of
EsacOmed’s financial statements. Most of this work is done in Microsoft Excel, a
software Taher is considered somewhat of a wizard on. Opposite to Taher is Ada
Lovelace, the bookkeeper. Ada is responsible for processing the paperwork for
EsacOmed’s business transactions. She often asks Taher for assistance to develop neat
Excel-macros that help calculate and correct her bookkeeping, which Taher is always
happy to provide his expertise on. This has led everyone at EsacOmed to allow and
activate macros, since it happens that either Taher or Ada sends out various Excel
sheets to the other employees. Apart from Ada’s bookkeeping duties, she also keeps
track of EsacOmed’s assets and handles salaries. This too she keeps track of in a
Microsoft Excel sheet, stored locally on her computer. At the end of every month,
Ada emails a PDF-document notifying each employee of their next wage payment.
Human Resources (HR, 1 employee); Within HR works Grace Hopper responsible
for the hiring process of new employees, but also employee relations and keeping up
with well-being and performance. Every signed employee contract, as well as notes
from meeting with employees, are organized neatly in separate folder per employee
on Grace’s local computer. Some signed copies of employee contracts not yet scanned
are still laying on her desk, as a reminder for when she comes back from vacation in
the Cayman Islands. A slow time indeed for the others at EsacOmed, since Grace
often send out emails containing attachments or links to memes or funny cat videos,
something that always cheered everyone up.
Information Technology (IT, 12 employees); To steer the IT-department the CTO
and CIO (same person for both roles) is Elizebeth Friedman. She is responsible for
balancing and adapting the organizations technical infrastructure and development to
align with the organization's mission statement. To help Elizebeth, she has Ann
Caracristi, the IT-administrator. Ann helps keep the IT-infrastructure up and running
smoothly, but also assigning accounts and access to the various systems of
EsacOmed. To help Ann with technical matters such as maintaining servers,
networks, and install and upgrade new hardware and software, Sarah “Sally” Botsai
and Wilma Davis were requited and employed as technicians. The two technicians are
the ones to call if a computer goes bonkers. Always talking in technical jargon, they
make normal troubleshooting sound much more difficult than it seems. Nonetheless,
they are both often seen as something of hero figures by accounting and HR for their
ability to fix the printer when it jams. The two technicians are also frequently asked
by Grace over at HR to set up workstations, AD account and passwords for new
EsacOmed employees. Since there are no guidelines or policies in any regard, an
unspoken “rule” is to set the newly employees sir name appended by “123” as default
password. The idea is that people will change their passwords later on, but there is no
written procedure on how to do this either, so few – if any – actually does. The upside
is, of course, that if a person quit or is on sick leave, his or her colleagues can access
their workstation to retrieve any necessary work material. Responsible for developing
EsacOmed’s services are the eight developers, working tirelessly to develop and
maintain the Information Systems that EsacOmed offers. Before any additional
service or feature is developed, a development-meeting with the CTO/CIO and CEO
together with Martin and Martha from Marketing and Sales (M&S) is held, to reach a
strategic decision on consumer target and how to spend resources.
Marketing and Sales (M&S, 5 employees); In M&S works Martin Hellman, Adi
Shamir and Ralph Merkle responsible for sales opportunities with the existing and
new customers to sell products and services but also to maintain contacts with the
customers to know their needs and requirements. To help their cause, Ivan Damgård
and Martha Waller over at advertisement work towards creating value to the products
and services by building a brand that can maintain the organizations image, whilst
enabling new sales tactics. For Ivan and Martha this often translates into extracting
the “essence” from all the development-meetings, and try to figure out how to
graphically represent these new ideas in Illustrator, and how they can speak in favor
of new sales. Hence, meetings with the guys over at Sales is so common that the two
departments are often seen as one and the same. It has reached the point where others
at EsacOmed simply refer to M&S as “the money makers”, for their successful sales
and advertisement campaigns. But for anyone who walks into their office space, it
appears to be a perfect mess. Piles of printed documents and unsigned contracts are
scattered around their desks, post-it notes of past or future meetings covering the
walls and windows, and half-finished coffee mugs are often to be found all over their
office space.
3. EsacOmed’s Office
EsacOmed’s headquarter can be found
at Bletchley Park, Milton Keynes
MK3 6EB, Sherwood Drive. The
headquarter itself consists of a seven
room office landscape, hosted on the
top (third) floor of an office-hotel
rented out by Awesome Office-space
Ltd., or AOL for short.
AOL also provides electricity, internet connection, and cleaning. The cleaning crew is
tasked with dusting and emptying waste bins every Thursdays, after office hours.

There are five other companies on the same floor and wall-to-wall with EsacOmed, so
there is usually a lot of people in circulation, going up and down the stairs. A few
years back, AOL had a keypad to enter the building, but it was soon disabled during
office hours because of all the visitors. Now, visitors are only required to enter a PIN
to enter the building after 21:00 until 06:00.

The floor plan at EsacOmed’s office space invites to an open atmosphere with a big
meeting room right by the entrance. The large windows around the building makes the
office bathe in sunlight, creating a bright and open feeling. This is exactly what the
CEO has capitalized on, placing a “Fika-room” in the middle, and making each room
connected and open to inspire for discussions within the organization.

Guest can enjoy fast internet connection using the available WiFi, by signing in to
“EsacOmed WiFi” encrypted using the WEP-password “monkeybusiness” – an inside
joke that has been around almost for as long as the company itself. The WiFi is
provided by the shared router placed in the fika-room, for best signal strength.

Illustration 2: EsacOmed Inc. Office Layout

4. IT and Infrastructure
Physical topology; As shown below, the typology identifies the physical location of
intermediary devices and cable installation. In total, there are 21 workstations at
EsacOmed, and four servers. On Network 1 (N1), are the developers, the servers, and
the IT-administrator and technicians. On Network 2 (N2) are the accounting and HR
department together with the Marketing and Sales. Lastly, Network 3 (N3) are the
CEO, CTO/CIO, guest WiFi, and the workstation kept in the meeting room used for
presentation by both visitors and EsacOmed’s employees.
 Illustration 3: EsacOmed Inc. Physical Topology Diagram

Workstations; Each of the workstations, including the one in the meeting room are
running Windows 7 as their operating system. An Active Directory hosted on the
Mail/AD server is responsible for keeping track of all the users and their respective
accounts. The workstation in the meeting room only runs a shared administrator
account with “123456” as password, to allow ease of use for guests and visitors.

Servers; The following is a short description of the purpose and function of the
servers operated within EsacOmed,
 Mail/AD Server is running Windows Server 2012 R2 with Microsoft Active
Directory Domain Services (AD DS), and Exchange 2013 for handling email.
 Web Server is running CentOS 5.10 as its operating system, hosting Apache
v2.2.34 and MySQL v5.5.58 to manage the organization's website. Much of
the sales are made through the website, built on WordPress v4.6. Customers
usernames, passwords and credit card and all the other necessary information
are all stored in the MySQL database. Any purchase is manually managed by
the Sales personnel, which means asking the one of N1s’ (that is, either some
of the developers, the IT-admin, or technicians) to print out the latest entries
from the database. The web server uses a configuration with SSLv3 to encrypt
web-traffic. The SSL key-pair is usually created using some free online CSR-
generator (Certificate Signing Request) tool, and later installed on the web-
server along with the third-party signed certificate. For debug purposes, the
keys are also installed on the developer computers, and stored for safe-keeping
on a USB-stick marked “PKI-sick” (apparently some inside developer joke).
 Source Control Server is one of the oldest servers at EsacOmed, and has
been around since the company started. A local version of Git was installed to
handle the source control and version handling. A few updates has since been
applied, mostly on an ad hoc basis. Last update was probably done some time
 around 2014, and is currently running version 1.9.1. It has been on the agenda
for ages to manage the generated “ssh-keys” required to push new commits to
git, but due to the workload, the developers now share the same keys and user.
The ssh-keys are normally shared between the developers over email, or by
borrowing that same USB-stick otherwise used for safekeeping the SSL-key.
 Production Server The production server is the heart of the organization, it is
hosting the actual product service that is offered by EsacOmed. It is running
Debian 7 “Wheezy” with KVM v1.1.2 to run multiple virtual PCs, each
running unmodified Linux or Windows images. Each virtual machine has
private virtualized hardware: a network card, disk, graphics adapter, etc.

Logical topology; As shown below, the typology identifies devices and the IP
addressing scheme.
Developers
192.168.1.50
192.168.1.60 Marketing
192.168.1.70 and Sales
Company Servers 192.168.1.80 IT-Admin and Accounting 192.168.2.40
Mail/AD Server 192.168.1.10 192.168.1.90 Technicians and HR 192.168.2.50
Web Server 192.168.1.20 192.168.1.100 192.168.1.130 192.168.2.10 192.168.2.60
Source Control 192.168.1.30 192.168.1.110 192.168.1.140 192.168.2.20 192.168.2.70 CTO/CIO CEO Meeting Room
Production Server 192.168.1.40 192.168.1.120 192.168.1.150 192.168.2.30 192.168.2.80 192.168.3.10 192.168.3.20 192.168.3.30

Ethernet (N1) Ethernet (N2) Ethernet (N3)

192.168.1.0 192.168.2.0 192.168.3.0

Router/Firewall WiFi-AP DHCP range:

(192.168.1.1) 192.168.3.100-250 (N3)

Internet

Illustration 4: EsacOmed Inc. Logical Topology Diagram

This is the initial outlining of the infrastructure as was installed in the beginning of
EsacOmed, and has remained largely unchanged ever since. Apart from some new
switches that was bought a few years ago, the same equipment, cables and so forth are
as initially installed.
Appendix A – Ada’s Physical Asset Inventory List
Computer Software Assets
Asset Location Monetary Value
Windows 7 Installed on all employees OEM
workstations, and guest/meeting
room PC
Windows Server 2012 R2 Mail/AD Server at the server OEM
section in the developers room
Microsoft Exchange 2013 Mail/AD Server at the server CAL
section in the developers room
CentOS v5.10 Web Server at the server section Free
in the developers room
Apache v2.2.34 Web Server at the server section Free
in the developers room
MySQL v5.5.58 Web Server at the server section Free
in the developers room
WordPress v4.6 Web Server at the server section Free
in the developers room
Git v1.9.1 Source Control Server at the Free
server section in the developers
room
Debian v7 Production Server at the server Free
section in the developers room
KVM v1.1.2 Production Server at the server Free
section in the developers room
Microsoft Office 2007 Installed on all employees €449
workstations, guest/meeting
room PC Workstations
Note to self: buy new license for
2016?? Speak to Elizebeth
Acrobat Reader v11.0.0 Installed on all employees Free
workstations, guest/meeting
room PC Workstations
Adobe Illustrator CS5 Installed only on the two €99.95
Marketing PC Workstations
Visual Studio Code v1.25.1 Installed only on the Developers Free
PC Workstations
SSL-certificate Web Server at the server section €88.95 / year
in the developers room
vsFTPd v2.3.4 Web Server at the server section Free
in the developers room
Computer Network Assets
Asset Location Monetary Value
D-Link Switch DGS-108 Nr. 1 Hallway €31.5
D-Link Switch DGS-108 Nr. 2 Developers room €31.5
Netgear EN524 Hub Nr. 1 IT-Admin and Technicians €79.99
room
Netgear EN524 Hub Nr. 2 Developers room €79.99
Netgear EN524 Hub Nr. 3 Accountant and HR room €79.99
Netgear EN524 Hub Nr. 4 Marketing and Sales room €79.99
Netgear EN524 Hub Nr. 5 Hallway €79.99
Netgear WNDR4500 Fika-room €104
Router/Firewall

Computer Hardware Assets

Asset Location Monetary Value
Developer PC Workstation Developers Room 8 × €949
IT-Admin and Tech PC IT-Admin and Technicians 3 × €949
Workstation room
Accountant and HR PC Accountant and HR room 3 × €549
Workstation
Marketing and Sale PC Marketing and Sales room 4 × €649
Workstation
CTO/CIO and CEO Laptop PC CTO/CIO respectively the 2 × €788
Workstation CEO’s room
Mail/AD Server Dell The server section in the €490
Poweredge T410 developers room
Web Server HP Proliant The server section in the €1 090
DL360 G6 developers room
Source Control Server Dell The server section in the €490
Poweredge T410 developers room
Production Server Dell The server section in the €1 349
PowerEdge R420 developers room
HP Laserjet P2035 Printer Accountant and HR room €209.9
Organizational Assets
Asset Location Monetary Value
EsacOmed office space Bletchley Park, Milton Keynes €5 585 / month
headquarter, including: MK3 6EB
• Electricity
• Internet Connection Note to self: did former dev.
• Cleaning Service Greg Hale return office key???
To whom?? When??
Office furniture, including: Bletchley Park, Milton Keynes €10 791
• Workstation desks and MK3 6EB, office space and
chairs meeting room
• Meeting room desk,
chairs and whiteboard
• File cabinets
Kitchen supply, including: Bletchley Park, Milton Keynes €3 566
• That one expensive MK3 6EB, Fika-room
coffee machine that
makes macchiato
• Coffee mugs, plates and
cutlery
Office supplies, including: Bletchley Park, Milton Keynes ~€14 / month
• Pens MK3 6EB
• Notepads
• Printer supplies