After the productive team meeting, Dr. Sallkind, from Valley Healthcare, wants to engage you in further analysis to establish a plan to mitigate risks, threats, and vulnerabilities. You have determined that a malware attack presented a dialog box to the employees of Valley Healthcare. This dialog box was disguised as a Windows request for their login credentials to install a security patch. When one employee entered his credentials, the malicious software was installed. Even if Valley Healthcare had the most sophisticated perimeter defense, it would not have prevented this. As part of the mitigation plan, your team will configure baseline security on all workstations. You will ensure that the antivirus software is running properly, identify unnecessary software and services, and implement a control related to password hacking attempts. You have also been asked to provide a security reminder training for all employees.

 

Tasks

Using a computer that has Windows 7 installed (if possible):

• Review the antivirus program and ensure it is up to date and running a full scan of the system.
• Identify at least five unnecessary services from the default installation of Windows.
• Think about how you can provide security training in 30 minutes.

1. What antivirus (AV) program and what version of the AV is the computer running? Is this the latest version?
2. What 5 unnecessary services from the default installation did you identify?
3. What steps would you take to turn on auditing and what type of information would you expect to appear in the log file?
4. Provide an outline of the training you will provide for the employees of Valley Healthcare. What will you do to make sure that security awareness doesn’t go away after the training is finished?