Avisitel Company Case Study

Introduction

Round four presented Avisitel with multiple threats aimed at gaining access and compromising its information systems. While Avisitel set out to focus on downtime in this last in the final round, the organization had to keep security bolstered to thwart such events as the rootkit, Trojan attack, and virus attack. This would prove difficult as the decision matrix instructor manual three primary controls that could make Avisitel more vulnerable to attacks also have the most significant effect on downtime (UMUC, 2018). These controls include Authentication, Network Isolation, and Patch Management. When we chose to harden our security system, our downtime increased. Therefore, Avisitel needed to balance both goals in remaining secure from these new events while staying determined to bring down its downtime. Avisitel engaged to collaborate this week in a conference call and discussion with Hytema. Although the configurations for these controls in round four did not efficiently decrease our downtime, the sacrifices made in security to alleviate downtime did not make us vulnerable to attack. This balanced decision making proved enough to maintain the successful defense of our system against the rootkit, Trojan attack, and virus attack.

Section 1: Plan for Security Controls this Round

Authentication ​

Value & Rationale: Authentication is critical to Avisitel's daily operations and overall enforcement of system access. In round four, Avisitel set out to focus on downtime while keeping security bolstered to thwart such events as the rootkit, Trojan attack, and virus attack. Authentication is a primary control in mitigating potential vulnerabilities that can be exploited by such attacks in round four. Likewise, authentication controls affected downtime the most. The authentication to servers holding customer data and controlling our telecommunications systems was of utmost importance. For this reason, Avisitel had opted to utilize Kerberos servers with Key Distribution Centers (KDC), which mitigated the likelihood of successful unauthorized access to its systems. However, in the second round, Avisitel opted to harden its security in light of hacker access, hacktivist attack, and insider access attack events. This maximized Kerberos spending and tightened its security controls to the detriment of potential downtime (-3) (UMUC, 2018). In round four, Avisitel's authentication spending decreased by $25K to try to decrease downtime. By reducing authentication spending and restrictions, the downtime should have improved while still providing acceptable security to defend the network. Additionally, spending on Key Distribution was reduced by $9K. This decrease in expense should efficiently limit downtime by limiting the latency realized by exchanging keys from more locations.

Effect

...