Design Activity: Designing Data Access Security

By Author: Shirley Green
Total Articles: 129
Comment this article

In this activity, you must use what you learned in all five lessons and apply 220-701 to a real world situation. Read the scenario and then complete the exercises that follow. You can find answers for the exercise in the "Questions and Answers" section at the end of this chapter.
Scenario
You are the Security Administrator for Tailspin Toys. Tailspin Toys just purchased Coho Winery. Your job is to visit Coho Winery to review its dataprotection processes. When you begin the process of interviewing Coho Winery employees, you find they have no data-protection strategy in place. You must immediately design a plan for data access security. Review the following information, and answer the questions provided.
Company Background
Coho Winery was a family-owned business for 100 years. It was established by Nicole Holliday and her good friend Brian Hodges. When Brian Hodges' son died last year, he left no family to inherit the winery, and it was sold to pay back taxes. The new owners know a lot about producing good wine but little about business management. Tailspin Toys ...
... was able to purchase the winery very cheaply.
Existing Environment
IT operations at the winery were established 20 years ago, as it was felt that the business side of the winery was being swallowed up in paperwork. Brian Hodges, Jr., then in his 60s, hired his neighbor's son, Andrew Hill, to manage the business side and gave him the responsibility of
comptia security+ implementing and managing IT operations.

Following is a list of company personnel interviewed and their statements:
Andrew Hill "We got a good operation here. We have 100 servers. Forty of those servers are in a Web farm. We sell lots of wine over the Internet. Most of it is not produced here. We just bottle and label, bottle and label. We got a lot of wine-related gift items, gift baskets, stemware, kitchen stuff, and the like. If you can slap a grape or a bottle of wine on it, we sell it. We're doing so well I don't know what we are doin'. Hah!"
Network administrator "When I started two years ago half the data was inaccessible because someone had set up NTFS and screwed things up. We had hundreds of groups. We had more groups than users. We had user accounts that had never been used. Groups too. Users were assigned direct access to files. What a
mess. I had to literally remove all access to data files except for administrators and wait to see who screamed. Trouble was, a lot of people were administrators, so there wasn't much screaming. I'm trying to clean up things a little as I go on, but it's hard to remove administrative privileges that people have had for a long time. We also have a lot of legacy applications, so users often need to be CompTIA administrators anyways."