Despite the strictest security protocols and measures, every organization has certain vulnerabilities that can be exploited by hacking attacks. Once these vulnerabilities are identified, cyber security professionals need to be well$-$equipped to securing them. Occasionally, however, these may not be secured in time. A security consultant also needs to be able to counter the attack with the resources available.

This Assignment $2$ requires you think about the multiple ways in which a business or an organization$$s security vulnerabilities can be exploited, and you will be required to defend against such attempts so as to disrupt a hacking attack and securing the organization$$s vulnerabilities.

$.$ Vulnerability Analysis

You will be required to assess organizational vulnerabilities for your chosen context and develop a defense plan to disrupt the hacker$$s activities.

$1.$ Select three organization vulnerabilities and compare them in terms of:

i$.$ Level of potential exposure

ii$.$ Likelihood of this vulnerability being exploited.

iii. Magnitude of potential impacts

Please note that your three selected vulnerabilities should vary in all the above$-$mentioned characteristics.

$2.$ Security Plan

Based on your chosen vulnerabilities, propose a security plan that can be implemented by your organisation to reduce exposure. Your security plan should include:

$1.$ Focus on the social and organisation elements of ensuring good security, and the trade$-$offs between security and freedom.

$2.$ Suggest $3$ approaches this organisation could take to enhance their cybersecurity, and for each approach discuss

i$.$ The resources required to implement this framework

ii$.$ Evaluation of the effectiveness vs$.$ costs of your proposed security plan

iii. Ability of the proposed framework to cover multiple vulnerabilities

iv$.$ Implications on the organisation and their core business

v$.$ Trade$-$offs between security, privacy and freedom

$3.$ How does the global environment around hacking improve or complicate your defense plan? Discuss the role of the local and global hacking community. Provide an example of one global organisation that could help you.

Context $2$: Cafe

Location & environment

Inner suburb cafe

On the outskirts of the city, with both residential and commercial buildings

Mid to high$-$density area

Technology

Password$-$protected Wi$-$Fi for staff and patrons

iPads used for taking orders, sending orders wirelessly to kitchen, and transmitting to cashier counters

Externally hosted file sharing for staff $($Google Drive$)$

Staff HR and POS systems run on the cafe server $($located on the premises$)$

POS $($Point of Sales$)$ system with integrated:

Payment technologies

Staff rosters

Operating hours

Hourly sales reports

All files are backed up on the cafe server every night

POS system and staff files secured within caf$$ firewall and cloud$-$synchronised on a nightly basis

People

Permanent full$-$time staff: $3$ baristas, $5$ waiters, $1$ manager

$2$ maintenance staff who come in every evening after closing $(8$ pm$)$

All permanent staff require police checks

Maintenance staff require reference checks with their previous employer$($s$)$