Professional Documents
Culture Documents
Cyber Security Plan1
Cyber Security Plan1
Plan
Introduction to the Business
• A South Asian grocery shopping Store. Sells fresh vegetables, meat,
fish, lots of food items has atm for bank and cryptocurrencies and
sends remit to many countries for customers using Ria, and other remit
services.
• Family-owned business with 2 part time employes.
The Business Demographics
There are mainly 4 type of information this business manages. The customer banking info and id
information is the most important information they need to secure . The inventory info and customer
contact info can be recovered from backup and their priority is low compared to other important
information.
Customer Banking info Customer ID’s Inventory Info Customer
Contact Info
Cost of revelation (Confidentiality) High Medium Low Medium
Cost to verify information (Integrity) High High Low Low
Cost of lost access (Availability) High High Medium Medium
Cost of lost work High High Low Low
Fines, penalties, customer notification Medium High Low Low
Other legal costs High (Tax Issues) Low Low Low
Reputation / public Relations costs High High Low Medium
Cost to identify and repair problem High High Low Medium
PRIORITY: High High Low Low
Recommendations:
• If it is needed to store customers confidential information either encrypt the
data properly or store it in online location. If it is possible saving data in hard
copy in a safe place is another option.
• Its advisable to dispose of customer information that is not frequently required
for any service.
• Using good anti-malware service is also recommended to save the data from
web threats.
Higher Level Cyber Security Plan( Final
Recommendations) :
• PC Systems the business uses has no other malware protection except
the default windows defender. A good anti malware protection
software is recommended in the systems.
• The owner needs to safeguard the PC systems and credit card machine
properly so that no one except the authorized person can modify or
introduce any threats to these systems.
• The owner needs to store customers confidential data with proper
encryption and storing it offline in some safe place is also an option.
• The owner needs to make multiple backups of the store items data so
that we can use data from backup in case of system failure. Cloud
Backup is recommended.