For this assessment, you will want to be able to:
- Analyze the security vulnerabilities of enterprise systems.
- Point Value: 100 points
- Minimum Required Score: 80%
- Allowed Attempts: 2
Anticipating that the new enterprise system will be prone to security risks, you plan to conduct an analysis of security logins and demonstrate the current status of security logins to the management at DAMTSC.
As a manager, you will be required to understand and draw conclusions based on security data. Your ability to analyze and interpret security data can help you allocate the required budget and implement appropriate security measures and controls at your organization. The attached file Download attached fileincludes a sample of logins at DAMTSC. It contains data on the following:
- Name of the individual logging in
- Organization they represent
- Phone number
- Email address
- Website the users are logging in to
- User ID
- Success of login (“failed,” “successful,” or “expired,” which means the user’s password expired and they needed to update it)
- Account type (“new” or “old” account)
- IP address from which the users are logging in
- Authentication type: authentication via phone, OTP (one-time password), or “regular” (which means user ID and password were used)
Using this file, you can address questions such as the following:
- How many logins have been successful versus how many have been unsuccessful? What is the percentage of successful versus unsuccessful logins?
- What percentage of logins were successful versus failed versus expired (passwords) for different authentication types: call, OTP, and regular?
- What is the distribution of logins in the categories of successful, failed, and expired by state? What are the percentages by state?
- What is the distribution of logins in the categories of successful, failed, and expired by user ID? What are the percentages by user ID?
- Your organization is thinking of implementing one of the four policies below. If you analyzed the Excel file for passwords, what percentage of passwords will satisfy all of the policies?
POLICY 1: Password should be at least eight characters long with at least one number, at least one upper-case letter, and at least one lower-case letter.
POLICY 2: Password should be at least eight characters long with at least one number, at least one upper-case letter, and at least one lower-case letter; in addition, password should contain at least one of the following special characters: @, #, or $.
POLICY 3: Password should be at least 10 characters long with at least one number, at least one upper-case letter, and at least one lower-case letter.
POLICY 4: Password should be at least 12 characters long with at least one number, at least one upper-case letter, and at least one lower-case letter.
You are expected to complete this assignment in Microsoft Excel. Submit one Microsoft Excel file. In the Microsoft Excel file you submit, for each question, use a separate worksheet (or tab). For Question 5, for each policy, use a separate worksheet (or tab) in the Excel file to show your analysis.
A rubric for this assignment is located below the instructions.
You are encouraged to submit assessments as you complete them. Feedback provided by your instructor is often helpful as you complete future assessments. Please know, if you choose to submit multiple assessments at the same time, you may experience a delay in grading turnaround time.
Scenario: Dauchy and Associates Management and Technical Staffing Company Project
Erin Dauchy started a professional staffing company in the mid-1990s. At that time (and even now to a large extent), it was very difficult for organizations to find qualified personnel to fill technical and managerial positions. Erin’s company, Dauchy and Associates Management and Technical Staffing Company (DAMTSC), is a staffing agency that works with small, medium, and large companies looking to fill positions using either temporary or permanent workers. Erin and her partners have opened branches in Chicago, Milwaukee, New York, and Houston, and have built strong connections with local companies in each area. Companies in these cities approach DAMTSC when they need highly skilled technical or managerial employees to assist with special projects or to provide a needed technical skill. About 90% of the positions filled by DAMTSC are for temporary workers.
From the beginning, Erin Dauchy has placed significant emphasis on how the contracting operations were conducted. The following paragraphs describe how DAMTSC fills the positions for its clients:
DAMTSC hires skilled technical and managerial workers and pays them wages. These wages may not be very high if the workers are “on the bench” (i.e., if the workers do not currently work at a client site). When clients approach DAMTSC for a qualified candidate, those clients prepare a requisition, which includes a job description, the minimum qualifications for the candidate, the preferred qualifications, and the pay rate for the candidate. The pay rate can be either an hourly pay rate within a specified range or an annual salary. When DAMTSC places a candidate, it keeps part of the hourly rate or annual salary as an overhead. DAMTSC may also negotiate the pay rate with client companies.
In cases where DAMTSC has worked with a client often enough, pay ranges are often set ahead of time based on contracts that specify terms and conditions under which DAMTSC may find temporary or permanent workers for the client. For example, DAMTSC has a contract with an oil and gas exploration company in Houston in which DAMTSC agrees to supply geologists with at least a master’s degree for $4,000 per week. DAMTSC has contracts with a number of Wall Street firms in New York where DAMTSC supplies information technology specialists at a pay rate of $5,000 to $8,000 per week depending on their qualifications. A wide range of clients approach DAMTSC for almost any type of managerial and technical staff positions—from computer programmers and geologists to supply chain managers and procurement specialists.
When a client staffing requisition is received by a DAMTSC contract manager, that manager uses the contract number on the staffing requisition to search an internal database known as the contract database. Using information from the database, the contract manager reviews the terms and conditions of the contract and determines the validity of the staffing requisition sent by the client. The staffing requisition is valid if the contract has not expired, the type of technical or managerial worker requisitioned is listed on the original contract, and the fee on the requisition falls within the negotiated fee range. If the staffing requisition is not valid, the contract manager returns the staffing requisition to the client along with a letter stating why the staffing requisition cannot be filed (and DAMTSC saves a copy of the letter). If the staffing requisition is valid, the contract manager enters the staffing requisition into another database, known as the staffing requisition database, as an outstanding staffing requisition. The staffing requisition is then sent to the DAMTSC placement department.
In the placement department, the type of staff member and requisite experience and qualifications specified on the staffing requisition are checked against another database called the staff database. The staff database contains all available DAMTSC workers. If a qualified individual is found to fill the client’s requisition, they are marked as “reserved” in the staff database. If a qualified individual cannot be found in the database or is not immediately available, then the placement department sends a letter to the client explaining why DAMTSC is unable to meet the staffing attached to the original staffing requisition. If the staffing requisition can be met, it is then sent to the operations department.
In the operations department, the prospective employee is contacted and asked whether they agree to the placement. After the placement details have been discussed and agreed to, the employee is marked as “placed” in the staff database. Then, a copy of the staffing requisition and a bill for the placement fee is sent to the client. Finally, the staffing requisition, the “unable to fill” memo (if any), and a copy of the placement fee bill is sent to the contract manager. If the staffing requisition was filled, the contract manager closes the open staffing requisition in the staffing requisition database. If the staffing requisition could not be filled, the client is notified. The staffing requisition, placement fee bill, and “unable to fill” memo are then filed in the contract office.
Most of the above operations, Erin Dauchy noted in 2015, have been taking place manually with the exception of the various databases. Erin is determined to automate the processes and utilize information systems to make these workflows as efficient as possible
Total points: 100