Cyber Analyst Program “EVC is a manufacturer of components for electric vehicles. They used to run IT services in-house until 3 years ago when in a cost-cutting exercise the activ

“EVC is a manufacturer of components for electric vehicles. They used to run IT services in-house until 3 years ago when in a cost-cutting exercise the activities done by the IT department were outsourced to an external provider called “XPR”.

Therefore, the computers currently used by the company are set up, configured, and managed by the external provider. “EVC” still has a small IT department, which mostly maintains end-user applications. Additionally, the IT department also carries out a range of onsite interventions, sometimes under the guidance of “XPR”.

The IT department does not include any security specialist, but it has raised a concern regarding the security of the systems currently managed by “XPR”. They are worried about potentially vulnerable software installed on the systems despite updates being available for some time.

They raised the issue to the management, which initially ignored the concern. However, after a formal consultation with the worker’s representatives, they agreed that an independent audit should be carried out. They were convinced by the fact that the initial 4-year contract with “XPR” is going to expire in 12 months.

The company has agreed to appoint two security analysts, who will work independently. As one of the two auditors, you are asked to analyze several systems and make an assessment of their security. The systems provided are clones of existing ones and there is no concern of damage you could cause because of your analysis. You are only subject to a standard non-disclosure agreement.

The choice of systems is beyond your control. The main output of your analysis will be a report made available to the company, including the IT department. A third independent security advisor will help the stakeholders to understand the technical parts of the reports, and to progress with the next phases of the decision making.

The post Cyber Analyst Program “EVC is a manufacturer of components for electric vehicles. They used to run IT services in-house until 3 years ago when in a cost-cutting exercise the activ appeared first on My Blog.