Professional Documents
Culture Documents
TECHNOLOGY
Introduction……………………………………………………………………………………..…1
10. Does not have multi factor authentication to enter the server room.
There is only one security authentication to enter the server room for limited and important employees,
which is using an access card. All employees will have their own access card to access their department
cabins. Sometimes there will be errors when setting access to the card. The employee also might take the
access card of the employee that got access to the server room without the person's knowledge. Then, the
employee can easily access the server room and it can cause many problems.
12. Employees are not restricted to bring their own devices like laptops.
If WRP Asia Pacific lets employees use their own devices unchecked, it’s likely that some of the personal
applications they use may not be as stringent with their security requirements. If an account they have for
personal use is hacked, it could ultimately end up exposing corporate data and confidential information.
Cybercriminals are always looking for opportunities to steal potentially valuable corporate data, and
improperly managed personal devices can provide the perfect opportunity.
Negligible Risk Minor Risk Moderate Risk Major Risk Catastrophic Risk
0.1 – 1.0 1.1 – 2.0 2.1 – 3.0 3.1 – 4.0 4.1 – 5.0
Monitoring plan
The company should use a monitoring system to display the traffic statistics across their entire stack and
help them identify if there are any anomalies 24/7. And also, can identify an ongoing attack and send
alerts to your administrators.
Recovery plan
First of all, once the attack is over, the company needs to analyse the details of the attack from the
internal network and application system logs and try to upgrade the DDOS defences. Then, perform a
network vulnerability assessment to identify weakness in your networks. Finally, patch up the company
infrastructure to be better prepared for a DDoS attack in future.
10. Does not have multi factor authentication to enter the server room.
Mitigation plan
Both single and multi-door applications can use PIN, credential card, or biometric options. With two-
factor authentication, a person attempting to enter the room must present two forms of identification. If a
credential card were lost, for example, it could not be used by the wrong person to enter the server room.
The credential card must be presented in tandem with a PIN or biometric credential before the door will
unlock.
Monitoring plan
The company can appoint a person to monitor the server room. Can fix CCTV cameras in the server room
and monitor the server room through camera. If there is any problem, the person in charge can
immediately take action.
Recovery plan
The company can change the access card authentication plan to enter the employee's respective cabin by
having a biometric option. So, they can only access their cabin and they can’t enter the server room.
12. Employees are not restricted to bring their own devices like laptops.
Mitigation plan
If the employee wants to bring their own laptop, they should get permission from the head of department
and IT department Manager. They should prepare a letter with valid reason and get signatures from the
head of department and IT department manager.
Monitor plan
The company should install CCTV cameras in every department. It should be in every place so security
personnel can monitor all the employees and can be controlled.
Recovery plan
The company management will take severe action on the employee for bringing their own laptop without
the permission letter. So, the other employees also do not repeat the same mistake.
13. Does not perform vulnerability scan and penetration tests
Mitigation plan
The company should hire security teams to identify security flaws in their computer systems, networks,
applications, and processes in vulnerability and penetration.
Monitoring plan
The company should use vulnerability scanners tools that are on wired or wireless networks, network-
based vulnerability scanners discover potential network security assaults and susceptible systems. Host-
based vulnerability scanners are used to discover and identify vulnerabilities in servers, workstations, and
other network hosts, as well as providing further visibility into the scanned systems' configuration settings
and patch history.
Recovery plan
If the company wants to do penetration testing regularly, the company can use a penetration tests tool for
capacity to look at the tiniest details of actions across a network. Capturing data packets allows you to
investigate a variety of characteristics, such as the source and destination protocol. Examining security
and identifying holes, and putting a defense in place.
References
A.Ganji and S. Miles, Toward Human-Centered Simulation Modeling for Critical Infrastructure Disaster
Recovery Planning. 2018 IEEE Global Humanitarian Technology Conference (GHTC), 1-8. (2018).
Applebaum, S. H., Iaconi, G. D., & Matousek, A. (2015). Positive and negative deviant workplace
Humayun, M., Jhanjhi, N. Z., Alsayat, A., & Ponnusamy, V. (2020). Internet of things and ransomware:
Pappalardo, D. and Messmer, E. (2019). Extortion via DDoS on the rise. Retrieved March 2, 2022, from
targe
Appendix
Interview Question: