Professional Documents
Culture Documents
Team Report Form: Description of Roles and Contributions of Each Team Member
Team Report Form: Description of Roles and Contributions of Each Team Member
Introduction……………………………………………………………………………………..…1
12. Employees are not restricted to bring their own devices like laptops.
If WRP Asia Pacific lets employees use their own devices unchecked, it’s likely that some of the personal
applications they use may not be as stringent with their security requirements. If an account they have for
personal use is hacked, it could ultimately end up exposing corporate data and confidential information.
Cybercriminals are always looking for opportunities to steal potentially valuable corporate data, and
improperly managed personal devices can provide the perfect opportunity.
10. Does not have multi factor authentication to enter the server room.
Mitigation plan
Both single and multi-door applications can use PIN, credential card, or biometric options. With two-
factor authentication, a person attempting to enter the room must present two forms of identification. If a
credential card were lost, for example, it could not be used by the wrong person to enter the server room.
The credential card must be presented in tandem with a PIN or biometric credential before the door will
unlock.
Monitoring plan
The company can appoint a person to monitor the server room. Can fix CCTV cameras in the server room
and monitor the server room through camera. If there is any problem, the person in charge can
immediately take action.
Recovery plan
The company can change the access card authentication plan to enter the employee's respective cabin by
having a biometric option. So, they can only access their cabin and they can’t enter the server room.
12. Employees are not restricted to bring their own devices like laptops.
Mitigation plan
If the employee wants to bring their own laptop, they should get permission from the head of department
and IT department Manager. They should prepare a letter with valid reason and get signatures from the
head of department and IT department manager.
Monitor plan
The company should install CCTV cameras in every department. It should be in every place so security
personnel can monitor all the employees and can be controlled.
Recovery plan
The company management will take severe action on the employee for bringing their own laptop without
the permission letter. So, the other employees also do not repeat the same mistake.
13. Does not perform vulnerability scan and penetration tests
Mitigation plan
The company should hire security teams to identify security flaws in their computer systems, networks,
applications, and processes in vulnerability and penetration.
Monitoring plan
The company should use vulnerability scanners tools that are on wired or wireless networks, network-
based vulnerability scanners discover potential network security assaults and susceptible systems. Host-
based vulnerability scanners are used to discover and identify vulnerabilities in servers, workstations, and
other network hosts, as well as providing further visibility into the scanned systems' configuration settings
and patch history.
Recovery plan
If the company wants to do penetration testing regularly, the company can use a penetration tests tool for
capacity to look at the tiniest details of actions across a network. Capturing data packets allows you to
investigate a variety of characteristics, such as the source and destination protocol. Examining security
and identifying holes, and putting a defense in place.
References
A.Ganji and S. Miles, Toward Human-Centered Simulation Modeling for Critical Infrastructure Disaster
Recovery Planning. 2018 IEEE Global Humanitarian Technology Conference (GHTC), 1-8. (2018).
Applebaum, S. H., Iaconi, G. D., & Matousek, A. (2015). Positive and negative deviant workplace
Humayun, M., Jhanjhi, N. Z., Alsayat, A., & Ponnusamy, V. (2020). Internet of things and ransomware:
Pappalardo, D. and Messmer, E. (2019). Extortion via DDoS on the rise. Retrieved March 2, 2022, from
Zetter, K. (2016). 4 ways to protect against the very real threat of Ransomware. Retrieved February 27,
targe
Appendix
Interview Question: