Cover letter is attached.
It needs to cover the three main points highlighted on the cover letter:
• Main Threat Actors – These are the main threats posed to NorStud and who would likely target the company
• Detailed Report – This is the detailed section that goes into why these threat actors pose a threat more than other possible actors.
• Proactive Steps – These details out the next steps that need to be done to help mitigate the threat posed by the main threat actors.
Sources are listed with the cover letter, please try and use them
Instructions are listed below:
You are the IT Security Lead at your company, NorStud Enterprises. Your staff consists of three (3) employees and you.
NorStud employs 500 people, including doctors, medical researchers, engineers, and marketing, customer relations, billing and support staff. The company
develops, manufactures and sells medical devices to hospitals worldwide. The company holds patents for a dozen devices, and is in consultation with
overseas countries for a possible joint venture in Asia.
Norstud maintains intellectual property, customer and employee records, contract negotiation materials, and financial and billing records on its networks.
NorStud has revenues of about $500 million a year.
The CEO has been reading about cyber-attacks and compromises striking government and business offices “all over the place.” She is concerned that
NorStud will be next, and turns to you to help her understand the scope of the problem and what to do next.
Prepare a 2000 word paper, addressed to your CEO, that:
Identifies the specific threat actors most likely to target NorStud
Explains why those actors in particular are a threat (why are they more of a threat than other actors).
Proposes actions NorStud can take to mitigate the threat from the threat actors you’ve identified.
Students have broad leeway to develop this paper as they see fit, as long as it addresses the above. However, the ideal paper will not only satisfy the above
requirements, but will also:
Demonstrate knowledge of why some actors pose more or less of a threat than others
Recognize the potential value of NorStud’s information to potential threat actors and how they may use that information
Not only identify broad groups of threat actor, but identify specific subgroups or actors and specific incidents that focus the threat more narrowly
Consider mitigation steps that go beyond purely technical solutions
Address the risk-benefit balance of suggested mitigation steps.
Incorporate real-world current events