Case Study


This is a short paper that requires you to study the provided scenario, research its questions/problems, and provide analysis and recommendations.


Good morning. Your mission, should you choose to accept it, is to analyze and recommend policies that mitigate two data-breach attack vectors as discussed in this briefing, for a large multi-national corporation (the Company).

Your cover is that you have just been hired as an Information Security Engineer (ISE). The Company has suffered multiple data breaches that have threatened trust in the Company. The Company’s reputation is at peril unless there is immediate action to resolve these breaches.

This confidential data includes financial information and personally identifiable information (PII) for corporations and private citizens. CNBC reports that 15.4 million consumers were victims of identity theft or fraud in 2018 at an economic cost in excess of $16 billion dollars US.

Two attack profiles have been identified:

  • infiltration of the network through a vulnerable wireless connection within the organization; and
  • an inside job where PII data was stolen as a result of weak access controls.

Currently, the Company does not have policies that address these two vulnerabilities. Your mission is to develop a risk-management policy that addresses the two security breaches and describes how to mitigate these risks. Good luck!


  • This is an individual assignment, i.e. not a team or partner assignment.
  • Use a three-paragraph format: an introduction/scenario recap, analysis, and conclusion.
  • Provide an APA style reference page with at least two references.
  • Double-spaced, font size 10 or 11.
  • 500 word minimum, not including your name, title, or references.