/Security-Audit-for-DevTech

This project demonstrates steps involved in implementation of Security Audit for DevTech, also recommendation of useful security policies useful for the company.

Scenario of a fictitious company DevTech

DevTech is a successful start-up company that was founded by four collage friends that has grown from 4 employees to 38 employees. It is expected that DevTech will continue to grow and the founders are expecting staffing levels to pass 70 employees in the next 18 months. The founders/directors of DevTech have been concerned about security and as a result, you have been hired as their first Security Officer. During your first week with DevTech, you have met with the founders/directors and various other staff. During this time, you have discussed, observed and noted the following:

  1. DevTech is renting a serviced building that is shared with three other companies. Their office space is alarmed, locked by key and has no other form of security.

  2. Their computer hardware consists of:
    a. Mainly laptops
    b. Some desktops
    c. Several servers
    d. Printers

  3. Each user manages their own Computer. As a result,
    a. Software installations vary from PC to PC
    b. Each PC is in a different state regarding updates
    c. Each user is an Administrator on their PC
    d. Users install software as required
    e. Anti-virus is not generally up-to-date
    f. Encryption in generally not used, with exception to the Directors.
    g. Laptops and desktops are not backed-up.
    h. Some files are stored locally on the PC and some files are stored on a server.
    i. The Operating System of choice is MS Windows 10. These are connected using four MS Workgroups.

  4. There is a general absence of official IT documentation, this includes:
    a. Operational Guides,
    b. Company IT Policies,
    c. Company IT Processes
    d. Other General IT Documentation

  5. Regarding their network environment,
    a. Their network is based on a single IP subnet (192.168.10.0/24). This subnet is used for company laptops, servers, printers, wifi and guest wifi.
    b. The network hardware consists of three 16-port network switches daisy chained together and a pre-2013 firewall. In general, the firewall is not managed.
    c. DevTech have six servers. These are kept under desks near the users. Each server is backed up weekly using an external HDD that is left directly connected to the server.
    d. All users have administrative privileges to the servers for file storage and file retrieval.

  6. Office Operations
    a. Laptops are generally not locked away (when left in the office)
    b. Employees regularly bring their laptops home.
    c. Employees tend to have lunch at their desk.

  7. The Directors have several concerns,
    a. Being hit badly by Malware
    b. Data lose
    c. A concern that IT security will interfere with productivity and/or system usability