Amanda and Chris McDermott own a small business, Plastic Dollars, that produces and maintains stored value cards for retailers. Most of the cards they sell are gift cards, such as those available in various restaurants and stores. They just started their business two years ago, but this year they hope to sell about four million dollars worth of cards. Depending on the arrangement with the business, they may or may not maintain the database that contains the card owner's name and the current value on the card. Their revenue comes from the percentage of retail value they charge businesses for the cards. Therefore, although the business is doing well, money is still tight.
Plastic Dollars employs five people, including Chris and Amanda. Two of the employees are full-time, and the other is a part-time worker who is also a college student. The business has two servers and three client computer work stations. They also have three phone lines that allow them to communicate with various retail and restaurant establishments in real time. The company has been "hit" a few times by various programmed threats. Chris and Amanda use anti-virus software, but they aren't always careful about keeping it up to date. They know they should do more but they don't think the cost is worth it. Although they have no disaster recovery plan, they do back up their files every three hours, by encrypting and compressing their data and uploading it to a remote location.
A. Evaluate the risks to Plastic Dollars of programmed threats. What are the potential direct and indirect costs associated with these risks?
B. Develop a security plan for Plastic Dollars that will protect them against blended and other programmed threats.
There are serious threats to Plastic Dollars from programmed threats. If the business with which Plastic Dollars works with requires the database that contains the card owner's name and current value on the card, this information can be misappropriated by programmed threats. This can lead to loss of privacy for the customers of the business. The customers of Plastic Dollars can sue it for large sums in this case. Another important risk is that the value of cards they intend to sell is four million dollars. Even though the earnings of Plastic Dollars is only a small percentage, the value of the cards is substantial. If a programmed threat gets information about the cards and cashes a large number of cards, Plastic Dollars may be held responsible for the loss. These are direct losses. However, if an incident occurs, there will be loss of reputation for Plastic Dollars. They will get fewer customers and the target of four million may not be achieved. These are indirect threats. Programmed threats mean that an individual who created a code intended abnormal behavior of the computer. These instructions can be damaging to ...
Increase in costs because of risk is discussed step-by-step in this solution. The response also has the sources used.