Dalton Walton & Carlton
Dalton, Walton, & Carlton, Inc. is an architecture firm with approximately 250 employees in four cities in a regional area. The main office is in Kansas City, Mo, which houses 100 of the employees. The main office is located in a small office park in a suburban neighborhood near the University of Missouri, Kansas City, Volker Campus. The satellite offices are in downtown Des Moines, IA, Springfield, MO, and Omaha, NE.Their physical security infrastructure for the main office is as follows:o The main office building is three stories tall with Dalton, Walton, & Carlton, Inc. occupying the top two floors. There are two, unrelated businesses on the first floor. DW&C leases the floors from a management company.o The building as one elevator along with a front and back staircase.o The building uses standard windows that are slightly tinted, but you can still see in from outside. The windows do not open.o Both floors are basically laid out the same. Each floor has:o Drop ceilings used throughout.o Six offices on the exterior and two interior offices.o One large conference room and two smaller ones.o The third floor as a small reception area monitored by an administrative assistant. There is a locked door leading from the reception area to the back offices that required a key card.o The admin has a master key card kept in a desk drawer.o Visitors are provided with access badges that they sign out and are supposed to return each day. These allow access to the full facility except for the server room.o When visitors sign in, they need to provide the name of their contact, but don’t need to be escorted when in the facility.o Access to the building and the floors is controlled with a key card access. This access allows entry at a front and back doors on each floor. It is also used to control the small server room on the third floor.o The building management company administers the key card access server.o The front and back doors for the building open automatically at 6am and lock at 6pm, Monday through Saturday. All other times they are locked requiring key card access.o The door to the DW&C third floor reception is unlocked from 7am-6pm Monday through Friday.o The exterior and primary interior doors all have alarms that go to DW&C facilities manager and the building manager. They are deactivated during business hours as noted above. The alarms have the capability to trigger if the door is propped open, but that is not used due to past false alarms.o The server room on the third floor used to be a storage closet.o When it was converted, they added raised floor and extra air handling.o There’s also are two Tripp Lite SMART1500LCDT UPS towers that are expected to provide 90 minutes of power in a blackout.o IT also uses this facility to build and maintain servers and PCs.o The IT staff all sit outside the server room / closet. They will occasionally prop the door open when they are frequently accessing the room.o The building uses dual HVAC systems run by building management.o There is one telecommunications drop for the building.Bellevue University CYBR 510 as of: July 2014o The main power breakers for the building are on the first floor in a room locked by building management.o Each floor has power breakers in an interior coat closet.o That area on the second floor is a storage closet housing business supplies.o The CEO and CFO both have corner offices on the third floor. Access is controlled with a standard key. Each of their offices contain multiple, lockable file cabinets containing company sensitive documents.o Employees that aren’t in offices are in standard cubes with 5 foot walls.o All employees have desks and cabinets that lock.o The CFO’s admin assistant controls all of the keys. She also has master keys to access any room, desk, or cabinet that she keeps locked in a small safe under her desk.o There are five security cameras spread throughout the building as follows:o External Front Dooro External Back Dooro Interior front stairwell on the first flooro Interior back stairwell on the first flooro Facing the elevatorThe camera feeds go to a single DVR unit managed by building management. The CCTV’s are in the building mailroom on the first floor where they are monitored by the facilities manager and mail room personnel.Their physical security infrastructure for the three remote offices is as follows:o The remote offices have approximately 50 employees and are used by sales and local design teams.o The offices are located in the downtown areas of Des Moines, IA, Springfield, MO, and Omaha, NE. The intent is to have offices in close proximity with customers.o DW&C leases building space for these offices. Each is in a multi-story office building where DW&C uses a floor or a portion of a floor. Each facility is managed by local building management.o Each building uses standard windows that are slightly tinted, but you can still see in from outside. The windows do not open.o There are offices and standard cubes in each facility. The senior director at each facility is also responsible for the safety and security of that facility.o Access to each facility is controlled using key cards administered by local building management. These systems are not tied to the main office’s key card system.o Each facility has cameras so you can know who has entered/exited the building. Only one of the buildings has a camera on the interior door to access the DW&C offices.o An admin sits near the front door and monitors visitor access, but this is a part-time duty.o The doors are unlocked and unarmed based on the same schedule as the main office.Their IT infrastructure is as follows:o They primarily use Microsoft servers and PCs with a number of Mac computers used to perform design work. They use Active Directory, have a Web Server for their Internet web site, four servers used as file shares (one in each office), four servers housing their architectureBellevue University CYBR 510 as of: July 2014applications, a training server, five MS SQL database servers, and two Microsoft Exchange servers for email.o Each satellite office has 3-4 servers for storing files and running local applications.o Each office has its own, decentralized wireless network connected to the production network.o Each employee has a desktop or laptop PC running Windows 7. HR personnel have laptops for conducting interviews.o There is a Director of IT who has a full time staff of 5 employees, one of which does security duties part time.There are a few known issues with their infrastructure and organization:o Recently, a number of PCs and office equipment has been stolen out of the office.o It’s at the data owner’s discretion as to whether or not to secure their data files or folders. Many do not secure their files, while some lock them so only they have access. There have been rumors that customer data and intellectual property have been lost.o Two employees recently left your company and went to your biggest competitor, where they just landed a contract with your largest account.o Vendors are allowed access to the site and computers without authorization or supervision.o Onsite staff at each location provides IT support part time along with their other responsibilities. Password resets are done by giving out a generic password — Chiefs2011.