Week 4 Assignment
IS3110
Business Continuity Planning
Week 4 Assignment
Tyrone Pendarvis
The scenario I am proposing to test the BCP for the company is a hacker scenario. A hacker attempts to break into the network and access delicate information that shouldn’t be accessible by anyone outside of the company. The combination of business and IT transformation, compliance and governance demands and the onslaught of security threats continues to make the job of safeguarding data assets a serious challenge for organizations of all types—from multinational corporations to independent merchants to government entities. The purpose of this test would be to see how quickly the attack is detected and stopped in addition to tracking to discover the identity of the hacker.
Today, organizations need not only to understand current trends in security threats but also be able to identify inherent vulnerabilities within existing systems.For this exercise to be successful, I would suggest employing an ethical hacker – a person who is not with the company but is very knowledgeable about and can use techniques that hackers use to break into corporate networks. An ethical hacker though is not a person who does so for malicious purposes, but to analyzed and discovered the top vulnerabilities and threats that have the most potential to negatively impact to the organization for security purposes. The reason for employing someone who is not with the company for this test is simple: it is to guage the response of those in the IT department. Since the IT department is relatively small – only 12 people, it would be difficult to run this test if one of them were roleplaying the hacker from outside of the company.
Cybercriminals will never stop trying to compromise systems to obtain data. Organizations need to be aware of where they may be open to attacks, how attackers can enter their environment and what to do if (and when) an attack occurs. This test should be done as a surprise attack, since a hacker
Business Continuity Planning
Week 4 Assignment
Tyrone Pendarvis
The scenario I am proposing to test the BCP for the company is a hacker scenario. A hacker attempts to break into the network and access delicate information that shouldn’t be accessible by anyone outside of the company. The combination of business and IT transformation, compliance and governance demands and the onslaught of security threats continues to make the job of safeguarding data assets a serious challenge for organizations of all types—from multinational corporations to independent merchants to government entities. The purpose of this test would be to see how quickly the attack is detected and stopped in addition to tracking to discover the identity of the hacker.
Today, organizations need not only to understand current trends in security threats but also be able to identify inherent vulnerabilities within existing systems.For this exercise to be successful, I would suggest employing an ethical hacker – a person who is not with the company but is very knowledgeable about and can use techniques that hackers use to break into corporate networks. An ethical hacker though is not a person who does so for malicious purposes, but to analyzed and discovered the top vulnerabilities and threats that have the most potential to negatively impact to the organization for security purposes. The reason for employing someone who is not with the company for this test is simple: it is to guage the response of those in the IT department. Since the IT department is relatively small – only 12 people, it would be difficult to run this test if one of them were roleplaying the hacker from outside of the company.
Cybercriminals will never stop trying to compromise systems to obtain data. Organizations need to be aware of where they may be open to attacks, how attackers can enter their environment and what to do if (and when) an attack occurs. This test should be done as a surprise attack, since a hacker