For the purposes of this project, the international investment company in question is Zunis Investments. Zunis is an international investment company headquartered in New York, USA with operations in the North American, European and Asian continent, specifically in countries such as Mexico, USA, UK, Finland, Sweden, France, Japan, China and India. They are doing an IT security upgrade and as part of the interview process for this work, they have asked for a scenario in which the company may be attacked, how to identify the attack and figure out the source as well as how to defend against that attack successfully.
First off, before we get to that scenario let us start by stating an accepted definition of what an attack, threat, risk and vulnerability …show more content…
It is imperative that we have the proper systems in place to ensure that those attacks don’t take place and even if they do, there are little to no damages. As with any organizations playing on the global stage especially one in the financial services industry, policy is key. I will ensure that there is a creation of an enterprise risk organization, in addition to a risk manager embedded within all of Zunis business unit. Enterprise risk will ensure that there is a framework in place and policies to handles cyber security issues of every nature that may affect the company, there will be updates to the incident and reporting awareness policy, there will be updates to electronic application use policy, there will be quarterly training sessions for all employees to bring them up to speed on how to detect social engineering techniques and email phishing. I will ensure that Zunis works closely with public policy unit to lobby lawmakers on national cyber security policy in the various countries of operations. We will also establish proper controls, on the physical security side, the use of CCTVs, sensors, card scanning entrances and exits make people aware but also security conscious. In terms of database security, the principle of least access will be applicable. All non – essential staff will not have access to passwords for production databases and servers or any other systems not needed for normal job functions. Spam filters will be applied to outgoing and incoming email and chat services To combat hardware attacks, Zunis will now make use of hardware that meets good business practices in addition to defined SLAs agreed to by Zunis and the vendor. All work machines will come with regularly updated and already pre-installed antivirus software. All communication between hard and software and the data flowing through will be
First off, before we get to that scenario let us start by stating an accepted definition of what an attack, threat, risk and vulnerability …show more content…
It is imperative that we have the proper systems in place to ensure that those attacks don’t take place and even if they do, there are little to no damages. As with any organizations playing on the global stage especially one in the financial services industry, policy is key. I will ensure that there is a creation of an enterprise risk organization, in addition to a risk manager embedded within all of Zunis business unit. Enterprise risk will ensure that there is a framework in place and policies to handles cyber security issues of every nature that may affect the company, there will be updates to the incident and reporting awareness policy, there will be updates to electronic application use policy, there will be quarterly training sessions for all employees to bring them up to speed on how to detect social engineering techniques and email phishing. I will ensure that Zunis works closely with public policy unit to lobby lawmakers on national cyber security policy in the various countries of operations. We will also establish proper controls, on the physical security side, the use of CCTVs, sensors, card scanning entrances and exits make people aware but also security conscious. In terms of database security, the principle of least access will be applicable. All non – essential staff will not have access to passwords for production databases and servers or any other systems not needed for normal job functions. Spam filters will be applied to outgoing and incoming email and chat services To combat hardware attacks, Zunis will now make use of hardware that meets good business practices in addition to defined SLAs agreed to by Zunis and the vendor. All work machines will come with regularly updated and already pre-installed antivirus software. All communication between hard and software and the data flowing through will be