Scribd
Upload
19 views

Scenario 1

Uploaded by

butial.amri2506
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
19 views

Scenario 1

Uploaded by

butial.amri2506
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Scenario 1: Data Breach Incident

Your company has recently experienced a data breach and


compromised confidential customer data. The IT department has
contained the breach but expects it to happen again unless preventive
measures are taken.

BYOD Policy Breach:


1. Insecure Personal Devices: When employees use their personal devices
(smartphones, tablets, or laptops) for work, these devices may lack
adequate security protections like antivirus software or encryption. If a
personal device becomes compromised due to malware or a phishing
attack, it could act as a gateway for attackers to access the corporate
network.
2. Unsecured Networks: Employees may use their personal devices on
unsecured public Wi-Fi networks, which are prone to man-in-the-middle
(MITM) attacks. If sensitive company data is accessed or transmitted over
these networks, it can easily be intercepted by attackers.

Applying the PDCA cycle to address the BYOD issue:


1. Plan:
o Objective: Secure the use of personal devices in the workplace to
prevent breaches related to BYOD.
o Targets: Implement Mobile Device Management (MDM) systems,
require all personal devices to meet specific security standards, and
mandate the use of Virtual Private Networks (VPNs) when accessing
company data remotely.
o Resources: IT security personnel to manage the MDM systems,
software solutions for VPN access and device monitoring, training
for employees on secure usage of personal devices.
2. Do: Enforce policies that require employees to install MDM software,
enforce strong password policies on their devices, and mandate encryption
for all company data stored on personal devices.
3. Check: After implementation, evaluate the effectiveness of the MDM and
VPN policies. Monitor for any new breaches or attempted attacks through
personal devices, and gather employee feedback on the usability of the
new security measures.
4. Act: Based on the review, make necessary improvements. If employees
are struggling with VPN usage due to connectivity issues, explore
alternatives like Zero Trust security models. Ensure the MDM policies are
regularly updated as new threats emerge.
BYOD Policy Breach:
1. Insecure Personal Devices: When employees bring their own devices to work
such as smart phones, tablets or laptops, these devices may not have sufficient
security measures such as anti-virus or encryption. If a personal device has a
virus or gets phished, it can open a door for the attackers to get into the
company’s network.
2. Unsecured Networks: Employees may connect to unsecured public Wi-Fi
networks with their personal devices, and this is vulnerable to man-in-the-middle
(MITM) attacks. When such company data is stored or sent through these
networks, it can be easily compromised by the attackers.

Applying the PDCA cycle to address the BYOD issue:Applying the PDCA cycle to
address the BYOD issue:
1. Plan:
o Objective: Ensure that the use of personal gadgets at the workplace is well
controlled to avoid any break down concerning BYOD.
o Targets: Use MDM systems, make it mandatory to have personally owned
devices conform to certain security standards, and insist on the use of VPNs
when accessing company information from offsite.
o Resources: The IT security staff to oversee the MDM systems, software
applications for VPN connection and device tracking, and training of employees
on proper use of their owned devices.
2. Do: Policies that should be implemented include; making it mandatory for
employees to install MDM software, strict password policies on the devices, and
encryption of all company data on personal devices.
3. Check: Finally, assess the outcomes of the MDM and VPN policies that have
been put in place. Check for any new breaches or attempted attacks through
personal devices and also collect feedback from the employees regarding the
new security measures implemented.
4. Act: According to the review, make the necessary changes. If employees are
having a problem with VPN because of connectivity, then consider other options
such as the Zero Trust security frameworks. Make sure the MDM policies are
updated from time to time as the threats are evolving.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy