Private Investigators LLC
Controls and Countermeasures

Private Investigators Limited Liability Company (LLC) has a small office with one server and six workstations. This LLC partnership hosts its own website that allows clients to log in and enter case information. An evaluation of the network and security configuration to determine threats and weakness to the existing system has been completed. A list of the top five associated threats for the Server, Workstations, and Website are outlined below. The following memo discusses the likelihood of the threats occurrence and recommended security controls and countermeasures that should be used to mitigate these threats. Shown illustrated below are network drawings of the current configuration and a proposed security solution. The addition of a router, firewall, domain controller, and a DMZ will be discussed. Current business practices that allow user downloads, installation of software, lack of an application updates, and operating system patches policies will be discussed. A lack of security methods to provide Confidentiality, Integrity, and Availability (CIA) will be covered and the development of an Acceptable Use Policy (AUP) that includes training on the AUP will be laid out. A1. Server Threats 1. Malicious software (Malware): The introduction of computer viruses, worms, Trojan horses, spyware, adware, and rootkits can allow attackers to gain control on the device or computer. This allows attackers to steal, damage, or destroy files and data on infected machines. 2. Operation System (OS) Flaws: Weaknesses or flaws in the OS which allow an attacker exploit these flaws to gain root access to the underlying OS. This can allow Malware to be installed and manipulation of code on compromised machines. 3. Application Bugs: Also known as software bugs describe errors, flaws, or faults in a program that causes unintended