ContentsMarketing Research and Data Analysis

Details……………………………………………………………………………………………………… 1

Task…………………………………………………………………………………………………………. 1

Task Information………………………………………………………………………………………… 3

Report Requirements………………………………………………………………………………….. 3

Assignment Submission……………………………………………………………………………….. 4

Late submission…………………………………………………………………………………………. 4

Marking key………………………………………………………………………………………………. 4

Details:

Value:                   30% of the final mark for the unit

Length:                Maximum of 4000 words excluding title, contents and reference pages

Background (read carefully!)

Kala Design (KD) is a small to medium enterprise (SME) printing and graphics design company operating in Brisbane, Gold Coast and Sydney. They also have a web presence for e-commerce (e.g. online orders and payment), a customer relationship management (CRM) system, with information about products and services purchased (e.g. customer details, customer purchase history and payment details, problem reports, work details, etc). They also have a marketing system that allows for digital marketing using e- mail, social media, and any other modern marketing techniques.

KD currently employs 30 people – none of whom have any cybersecurity expertise. There are plans to expand the number of employees to at least 80. The boss’s 19-year-old niece and nephew were

responsible for all computer and network administration related matters for the past two years. An asset register exists but, unfortunately, is far from adequate.

KD has recently won a financially rewarding two-year contract, making them responsible for printing government documents. They are progressively scaling up their online presence as a result and have just published a new prototype catalogue online using Weebly. In recent months, employees have noticed; computers progressively operating slower, and random malware inspired popups are being displayed.

In addition to the asset registry, the following is an overview of notes you have from a meeting, with the owner, of the current situation within KD:

• The Operating System (OS) software environment consists of a mix of Windows 7/10 laptops, some smart-devices and three design-specific machines running macOS High Sierra 10.13.0, and two machines are Linux OS (Debian). Some laptops have been purchased specifically for KD and others are brought in/taken home each day by the employees (BYOD).
• None of the PCs or laptops contain any additional security software outside the default Windows and Mac offering.
• Patch/update levels across laptops is unknown with each workstation encompassing varying desktop configurations. The last time any known updates were applied was May, 2019.
• Internet access is via ADSL using D-Link DSL-2740B wireless routers.
• A QNap TS-412 NAS is used to backup workstation data (at each employee’s discretion) using WinSCP. The username/password for the NAS admin account is kala/kala123.
• A Windows 2000 Server was previously operational in the organisation but a power surge, caused during a severe weather event, resulted in hardware no longer functioning.
• Each employee receives on average 40-80 spam messages each day.
• In January 2020 – two workstations succumbed to a ransomware attack and KD paid the ransom.
• There are currently no policies or rules guiding employees on how to best utilise resources and conform to ideal cybersecurity conscious behaviours.
• Employees can access each other’s computers and email accounts.
• Data is emailed/stored without using any cryptographic techniques.
• Last week an employee found a USB flash drive in the car park and plugged it into their computer.

Since then, the employee has claimed that the computer appears to have “a mind of its own”.