Case Study Of Kudler Fine Foods IT Security Report: Top Threats
Kudler Fine Foods IT Security Report – Top Threats
Anthony Bynum, Sally Lowe,
CMGT400
19 January 2015
David Kell
Kudler Fine Foods IT Security Report – Top Threats
The following table represents the potential threats that Kudler Fine Foods could face if the appropriate measures are not taken.
Area of System
Threats
Potential Vulnerability
Intranet Web Site
Theft of Sensitive Data
No login procedures to prevent unauthorized access.
Financing & Accounting
(Budgets Page)
Embedded Malicious Code
Links to downloadable files and media could be replaced with malicious code and hackers could gain access and monitor activity within the company.
Financing & Accounting
(Procedures Page)
Theft of Money Physically and by Electronic Means
Employees
could be robbed during the procedures for handling cash and the accounting manager could be misled into making wire transfers to unknown accounts.
Customer and Company Emails
Phishing attempts
Phishing is when a person tries to trick either the customer or the company that the email is legit and comes from a legitimate source and try to ask the customer for their account information
Database
Back door attack
This is when their hacker places a back door that could be done by installing a program that can give the hacker unlimited access to the database anytime which could compromise any important data such a customer personal information or even company information.
The customer reward site or network
Spoofing
There are multiple versions of spoofing but this is when the hacker inputs a false header on the packet so it will trick the receiving network that the packet is from a legitimate source.
Learning Team Status Report
Week 2 Accomplishments:
Week 2 Issues:
Future Plans: Our team will focus on the vulnerabilities identified in Week 2 and make any necessary revisions. Week 3 we are tasked with the following:
Draft the security considerations for each phase of the systems development process.
Identify specific concerns if the system is ever removed from service.
Specify what can be done in each systems development process phase to mitigate the risk for each entry in the table from the previous week.
References
Conklin, W.A., White, G., & Williams, D. (2011). CompTIA Security+™ All-in-One Exam Guide (Exam SY0-301) (3rd ed.). Retrieved from the University of Phoenix eBook Collection database.
Anthony Bynum, Sally Lowe,
CMGT400
19 January 2015
David Kell
Kudler Fine Foods IT Security Report – Top Threats
The following table represents the potential threats that Kudler Fine Foods could face if the appropriate measures are not taken.
Area of System
Threats
Potential Vulnerability
Intranet Web Site
Theft of Sensitive Data
No login procedures to prevent unauthorized access.
Financing & Accounting
(Budgets Page)
Embedded Malicious Code
Links to downloadable files and media could be replaced with malicious code and hackers could gain access and monitor activity within the company.
Financing & Accounting
(Procedures Page)
Theft of Money Physically and by Electronic Means
Employees
could be robbed during the procedures for handling cash and the accounting manager could be misled into making wire transfers to unknown accounts.
Customer and Company Emails
Phishing attempts
Phishing is when a person tries to trick either the customer or the company that the email is legit and comes from a legitimate source and try to ask the customer for their account information
Database
Back door attack
This is when their hacker places a back door that could be done by installing a program that can give the hacker unlimited access to the database anytime which could compromise any important data such a customer personal information or even company information.
The customer reward site or network
Spoofing
There are multiple versions of spoofing but this is when the hacker inputs a false header on the packet so it will trick the receiving network that the packet is from a legitimate source.
Learning Team Status Report
Week 2 Accomplishments:
Week 2 Issues:
Future Plans: Our team will focus on the vulnerabilities identified in Week 2 and make any necessary revisions. Week 3 we are tasked with the following:
Draft the security considerations for each phase of the systems development process.
Identify specific concerns if the system is ever removed from service.
Specify what can be done in each systems development process phase to mitigate the risk for each entry in the table from the previous week.
References
Conklin, W.A., White, G., & Williams, D. (2011). CompTIA Security+™ All-in-One Exam Guide (Exam SY0-301) (3rd ed.). Retrieved from the University of Phoenix eBook Collection database.