Key Risks:

• Assessing whether an attacker could breach PCOM’s defenses.
• Evaluating if a network user without access rights or an attacker could access the Research department, applications and data.
• Examining if students of the Research application could obtain unauthorized elevated privileges.
• Estimating the impact of a security breach on the PCOM’s private data confidentiality.

Key Issues and Challenges:

• Identifying and mitigating possible entry points and segmenting the Research departments applications and data from potential attackers.
• Ensuring adherence to PCOM security guidelines while granting network access rights.
• Preventing unauthorized privilege escalation within the Research applications.
• Maintaining the confidentiality of PCOM’s PII data even in the event of a security breach.

Primary Scope:

The testing scope involved PCOM’s college network, internal critical applications, and the Research data storage.

Results:

Detailed results were based on the identification and exploitation of security weaknesses that could potentially allow a remote attacker to gain unauthorized access to organizational data. CyBourn utilized the information gleaned from this evaluation to address vulnerabilities and bolster PCOM’s security posture.