DCL 600 ASSN 5

/ #computer science homework help, #DCL 600 ASSN 5


Step 2: Identify the Problem

Cloud Computing Scenario

You work as a network provider for Cloud Solutions, a mid-size cloud solution provider. Your company is an AWS Channel Reseller partner that configures and resells AWS services to clients around the world.

One afternoon, you received an email from Jessica Lopez, who works in the Customer Services department. She received a call from one of her clients, Green Machine Marketing, about an error message that they are getting. Jessica couldn’t figure out the issue and is asking you for help to troubleshoot the problem. In researching the issue, you found out that a former coworker, Jim Black, who is no longer with the company, had incorrectly configured one of the cloud services for Green Machine Marketing. This has caused the error message that they are seeing. More troubling, the misconfiguration also caused the client to be over-billed by several thousand dollars per month for the past year. They are being billed for services that they didn’t request or need. At the same time, AWS cloud resources are being dedicated to them because of this error and Cloud Solutions (your company) is paying AWS for these resources.

You mentioned this to your supervisor, Ben Smith, who is the manager for the network engineering team. He said that we can’t tell anybody about this. If the client found out, we will have to refund them the entire amount that they have been overcharged. In addition, the steps to fix the incorrect configuration would require that the client’s services be shut down for at least 30 minutes. A 30-minute downtime would trigger a penalty based on the current Service Level Agreement with the client. You explained to your supervisor that without fixing the configuration error, you won’t be able to address the issue that was brought up to you by the help desk.

In the meantime, you received another email from Jessica Lopez in Customer Services asking the status of the issue. She wrote that the client has called again as they continue to get error message. The client wants to know when the issue will be resolved.

What should you do? Please provide a rationale for your answer.

 

 

 

Cyber Operations Challenge

You work as a support contractor for a government agency as a cyber defense incident responder. As part of a large support team, you help to identify, analyze, and mitigate threats to the systems and networks of this government agency. Your company is up for a contract renewal this year.

During a log analysis review of the intrusion detection logs, you notice a trend where requests from an unknown IP address were attempting to access several databases across the network. In each case, access was denied for the first two weeks of the monitoring period, but over the last week, the user was successful in accessing the system and apparently downloaded several hundred thousand HR records that included personally identifying information (PII) from thousands of agency personnel and subcontractors.

You immediately notify your boss, Joe Dallas, who is also a support contractor working for the same company as you. You provide him with the documentation and ask for next steps. Joe seems upset with you for not reporting this incident sooner. You mention to him that you were off on vacation for the last two week and the logs weren’t monitored during that time.

As Joe looks closer at the incident, he determines that somehow root access was made available to the unauthorized user, making the situation much more concerning as the user may still have access to all of the systems throughout the network. Joe says he will review the situation with upper management and take appropriate action.

About a week later, you ask what the next steps are and how you can help resolve the matter. Joe says, “Don’t worry about it. It’s been taken care of.” As you review the logs, however, the problem still seems to be present with unauthorized access and data leakage of sensitive documents. In the meantime, you receive an email from the government customer asking you for a report on the status of the system security. From the message, it does not appear the customer has any idea that a security breach has occurred. What should you do? Please provide a rationale for your answer.

 

Step 3: Analyze the Information

Problem Analysis

Problem analysis involves framing the issue by defining its boundaries, establishing criteria with which to select from alternatives, and developing conclusions based on available information. Analyzing a problem may not result in a decision, although the results are an important ingredient in all decision making.

Another way to consider problem analysis is a process that includes identifying and defining the problem, gathering information about the problem, and deciding if one or a group will begin work to solve the problem. A decision to solve the problem leads to analysis of the problem, in this model, asking the what, why, how, and other basic questions. From this point, the group can re-visit the decision to solve and refine any issues (risk, cost, feasibility, for example.)

References

Defining decision making. (n.d.). Boundless Management. Retrieved from https://www.boundless.com/management/textbooks/boundless-management-textbook/decision-making-10/decision-making-in-management-75/defining-decision-making-366-3930/

Nagy, J. (n.d.). Defining and analyzing the problem. Community Toolbox. Retrieved from http://ctb.ku.edu/en/table-of-contents/analyze/analyze-community-problems-and-solutions/define-analyze-problem/main