Cyber Security

Plan
Introduction to the Business
• A South Asian grocery shopping Store. Sells fresh vegetables, meat,
fish, lots of food items has atm for bank and cryptocurrencies and
sends remit to many countries for customers using Ria, and other remit
services.
• Family-owned business with 2 part time employes.
The Business Demographics
• Technology used:
• HP ProDesk 600 G2- for handling
inventory information .
• Dell OptiPlex 3020- used in sending
remit for customers.
• Verifone Card Reader- handling
transactions
• Phone- Contains customer and business
partner information for communication.
• Windows 10 on all computers
Data Collected and Used:
• The inventory data like item availability count and
item barcode for quick item scanning is saved in the
PC system.
• The credit/debit card information is processed
through their payment service company so, it is not
stored for transactions but for sending remit it is
sometimes saved in PC if the recurring customer
intends to do so.
• The id of customers is used for sending remit and is
also sometimes saved in system if customer wants to
do so for their future remit transactions.
• The owner said the business insurance covers
electronic data liability.
Identifying and Prioritizing Information Types

There are mainly 4 type of information this business manages. The customer banking info and id
information is the most important information they need to secure . The inventory info and customer
contact info can be recovered from backup and their priority is low compared to other important
information.
Customer Banking info Customer ID’s Inventory Info Customer
Contact Info
Cost of revelation (Confidentiality) High Medium Low Medium
Cost to verify information (Integrity) High High Low Low
Cost of lost access (Availability) High High Medium Medium
Cost of lost work High High Low Low
Fines, penalties, customer notification Medium High Low Low
Other legal costs High (Tax Issues) Low Low Low
Reputation / public Relations costs High High Low Medium
Cost to identify and repair problem High High Low Medium
PRIORITY: High High Low Low

(Paulsen, Toth, 2016)

Protection Measure for Information’s:
Current State of Data Security:
• The payment company handles transactions for instore purchase, but the
banking cards and customer ids are saved in PC folders without any proper
form of encryption.
• The owner said the system containing users' confidential data is used only for
providing remittance service to users.

Recommendations:
• If it is needed to store customers confidential information either encrypt the
data properly or store it in online location. If it is possible saving data in hard
copy in a safe place is another option.
• Its advisable to dispose of customer information that is not frequently required
for any service.
• Using good anti-malware service is also recommended to save the data from
web threats.
Higher Level Cyber Security Plan( Final
Recommendations) :
• PC Systems the business uses has no other malware protection except
the default windows defender. A good anti malware protection
software is recommended in the systems.
• The owner needs to safeguard the PC systems and credit card machine
properly so that no one except the authorized person can modify or
introduce any threats to these systems.
• The owner needs to store customers confidential data with proper
encryption and storing it offline in some safe place is also an option.
• The owner needs to make multiple backups of the store items data so
that we can use data from backup in case of system failure. Cloud
Backup is recommended.