Case Scenario

MBIS607_Assessment_2_Brief_Case Scenario Page 1 of 1
Initial Case Scenario
Peters Excellent Packers (PEP) is a meat packing and delivery service located in Western Sydney. They
are a small to medium enterprise, and last year their turnover was about $15 million. They employ a
small number of staff and use their own software system, developed in-house in the late 90s. This
system is used for all accounting and inventory purposes, as well as the bulk of their tax reporting,
although they still employ one accountant, the CFO, Kishwar Chowdhary.
The business has a website which takes orders for their services and issues invoices. It is linked to
their main transactional database. They are also contracted to pack and supply meat goods to large
shopping centres. The firm has a small network on their premises. Currently, all IT related duties are
performed by staff member, Elise Pulbrook.
The management of PEP has recently become aware of the attack on JBS Foods in early 2021. The
company is concerned that attacks like the one on JBS Foods are on the rise. As part of your report,
PEP want you to give a brief explanation and timeline on the attack on JBS Foods. (Note: PEP is
fictional, but JBS Foods and the attack on JBS Foods is a real-world case, which also affected
businesses in Australia. You must discuss the real-world attack, with references, including the
Australian impact. You cannot “discover” fictional data about JBS Foods, although you are
encouraged to do so for PEP.)
PEP has called on you and your small team of cybersecurity consultants, to improve the security of
their organisation. They want to protect against the same type of attack that hit JBS Foods, but they
may also want mitigation against any threats or vulnerabilities you might find after investigating their
organisation. This “investigation” is a part of A2.
In preliminary discussion with the CEO, Peter Campbell, it seems there is no system-wide intrusion
detection and prevention and no network segmentation, although the CEO seemed quite vague on
the topic.
In the first instance (for your assessment 2), PEP wants a report on threats and vulnerabilities in their
organisation. (You should “discover” at least 10 threats and/or vulnerabilities and map these against
the STRIDE categories. See the assessment brief.)
After this, they might commission you to design a project of mitigation with some recommendations
of ongoing security management (this will be your assessment 3). In the mitigation scheme, as much
as possible, they want you to match controls against threats and justify your controls in the case of
the threat(s) related to the specific attack on JBS Foods. (This is for assessment 3.)
You have negotiated with PEP to use STRIDE to perform an IT security risk analysis, to advise them on
their overall cybersecurity but also report on their in-house system.
Peter Campbell has sent you an email with some helpful links to the JBS Foods attack that have
raised the concern of PEP.
JBS Foods attack:
White House Warns Business Leaders To Increase Cybersecurity
Cyber attack shuts down global meat processing giant JBS