After conducting initial security testing of the Woeson Books system, you interview Mr. Conan Dundee, an IT staff member. Mr. Dundee has recently been assigned as a database administrator, but has relatively little experience with the Oracle 10g database that the company uses for its personnel data. Since Mr. Dundee has no idea what patches or software fixes have been applied to the database, you decide to research whether Oracle 10g has any known vulnerabilities that you can pass along in a brief memo.
Based on what you know, write a memo to Mr. Dundee describing any CVEs or CAN documents you find related to Oracle 10g. If you do find vulnerabilities, you should also include recommendations to address those vulnerabilities. Keep in mind that Mr. Dundee is not a database admin by nature, so you may have to explain in detail the information you’ve discovered.
Your assignment should be in a Word compatible document with proper attention to spelling, punctuation, and grammar. All references and citations must be in APA or MLA format.
You can find the Woeson Books case study in the week 1 assignments or under External Links.
This assignment is worth 50 points.
This is the information from the external Link:
Derrick: Hello! My name is Derrick, and I’m a Cybersecurity specialist. Today, I have a challenging case for you to help me with. Woeson Books, a new and used bookstore, has recently had some issues with its website. They have had some security violations and are now rethinking their entire IT infrastructure. Let’s learn a little about Woeson Books’ locations, employees, and IT infrastructure.
Woeson’s e-commerce website has recently been compromised. Hackers were able to access important customer information including credit card numbers, account numbers, book orders, and addresses. But before we can assess Woeson’s situation, I want to tell you about their IT infrastructure.
Woeson primarily uses Microsoft servers and PCs with a few Mac computers used to perform design work. They use Active Directory, have an IIS web server for their Internet website, and two Microsoft Exchange servers to process their corporate email. They also have four servers that they use as file shares (one for each office). Woeson also has four servers that are used for housing their internal billing, inventory, CRM, and employee applications. In addition, they have a training server and 5 MS SQL backend database servers.
Their network sits behind a gateway router and firewall. Antivirus is in use, but is not automatically updated across all the company PCs. They use Windows Server Update Services (WSUS) to update Windows servers and client PCs, but similar to antivirus software, not everything gets updated regularly. Employees often work remotely and only use their logon and password to gain access to the corporate systems. Also, Woeson outsources their email spam and all human resource applications to two separate third-party companies.
The IT department at Woeson Books has six full time employees, including a director of IT. One of the five full time employees works IT security for the company on a part time basis. Due to the lack of dedicated security staff at headquarters, each location has become quite autonomous in their security considerations, which has led to mixed results in the level of security at each location.
Now, the owners of Woeson Books know that their IT infrastructure and organization have some known issues. First, a number of PCs and office equipment have been stolen out of the main office in Syracuse. Second, two employees recently left Woeson Books and went to their biggest competitor, Real Books. The ex-employees just landed a contract with Woeson’s largest account, a bookstore for a large University.
Is this the question you were looking for? Place your Order Here