CMP73001 Assignment 3: Vulnerability Assessment and BIA Report
VerifiedAdded on 2022/11/12
|18
|4153
|192
Report
AI Summary
This report details a penetration test and business impact analysis (BIA) conducted for MyHealth Company, a healthcare provider. The report begins with an introduction outlining the company's IT infrastructure and the need for robust security policies. Task 1 focuses on penetration testing, explaining its importance, phases, and various vulnerability types like SQL injections, XSS, and malware. Task 2 explores secure systems, networks, and applications, including VPN configurations and firewall/IDS implementations. Task 3 addresses personnel security, particularly social engineering threats. Task 4 presents the BIA, recommending RTO, RPO, and MTD values for key business processes and assessing the impact of disruptions. The report concludes by analyzing the effectiveness of implemented security controls and provides BIA tables before and after implementation.
Running Head: Pen test and BIA 0
Pen test and BIA
Report
Student name
Pen test and BIA
Report
Student name
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pen test and BIA 1
Table of Contents
Introduction.................................................................................................................................................2
Task 1: Penetration testing..........................................................................................................................2
1-(a).........................................................................................................................................................2
1-(b).........................................................................................................................................................3
2-(a) Role 3 (i)..........................................................................................................................................3
2-(a) Role 3 (ii).........................................................................................................................................5
SQL Injections:.....................................................................................................................................5
Cross Site Scripting (XSS).....................................................................................................................5
Broken Authentication.........................................................................................................................5
3...............................................................................................................................................................5
Malware..............................................................................................................................................5
DDoS....................................................................................................................................................6
Social engineering................................................................................................................................6
Phishing...............................................................................................................................................6
Man-in-the-Middle..............................................................................................................................7
Ransomware........................................................................................................................................7
Task 2: Secure Systems / Networks / Applications......................................................................................8
1- Individual:............................................................................................................................................8
Remote access VPN:............................................................................................................................8
Site-to-site VPN:..................................................................................................................................8
2- Role1:..................................................................................................................................................9
Task 3: Managing personnel security........................................................................................................10
Task 4: Business Impact Analysis...............................................................................................................10
Task 5: Report template............................................................................................................................13
Table of Contents
Introduction.................................................................................................................................................2
Task 1: Penetration testing..........................................................................................................................2
1-(a).........................................................................................................................................................2
1-(b).........................................................................................................................................................3
2-(a) Role 3 (i)..........................................................................................................................................3
2-(a) Role 3 (ii).........................................................................................................................................5
SQL Injections:.....................................................................................................................................5
Cross Site Scripting (XSS).....................................................................................................................5
Broken Authentication.........................................................................................................................5
3...............................................................................................................................................................5
Malware..............................................................................................................................................5
DDoS....................................................................................................................................................6
Social engineering................................................................................................................................6
Phishing...............................................................................................................................................6
Man-in-the-Middle..............................................................................................................................7
Ransomware........................................................................................................................................7
Task 2: Secure Systems / Networks / Applications......................................................................................8
1- Individual:............................................................................................................................................8
Remote access VPN:............................................................................................................................8
Site-to-site VPN:..................................................................................................................................8
2- Role1:..................................................................................................................................................9
Task 3: Managing personnel security........................................................................................................10
Task 4: Business Impact Analysis...............................................................................................................10
Task 5: Report template............................................................................................................................13
Pen test and BIA 2
References.................................................................................................................................................14
References.................................................................................................................................................14
Pen test and BIA 3
Introduction
Health sector companies provide different service to their clients using information technologies. It is
necessary to use information technology to increase the efficiency of different processes, such as clinical
services, patient’s appointments, healthcare products, and many more. My health company provides
healthcare products, and clinical services as well as research of the cancer-related disease. There are
many other facilities for patients, which are provided by the company. The company has many
information assets to manage different facilities and services. The company requires security policies to
secure its information assets, such as computer systems, servers, internetworking devices, databases,
and many others. In addition, the Australian government provides cybersecurity policies to safe
information assets from different types of cybercrime (ACSC, 2017).
Information assets are having many security risks. Therefore, it is necessary to mitigate those risks
through mitigation strategies, which are provided by the government to all the companies, which are
using information assets for their various services (ACSC, 2019). Cyber-attacks make a huge impact on
many things on a company, such as reputation, financial loss, business continuity, and many others.
Information systems are required high security from the cyber-attacks ( Bradford, 2018). In addition,
information assets are having huge value. Therefore, it is highly required for strong security policies to
make them secure (Andrijcic & Horowitz, 2016).
Task 1: Penetration testing
1-(a)
Penetration testing uses to test websites to find different issues, which makes a huge impact of the
performance of websites, which is related to the reputation, and business of a company (guru99.com,
2019). In addition, Penetration testing is a type of security testing, which is used to find out insecure
areas of the website, system, and applications. It provides different vulnerabilities of the system, which
are the main cause of cyber-attacks (Arlitsch & Edelman, 2014). Vulnerability creates different risks for
the system, which contains data of patients and other processes ( Rouse, 2018). They are created in the
system by accident during the software development process and implementation processes of the
system, such as design errors, bugs, configuration errors, and many more. Penetration testing is used to
provide cybersecurity to the whole system from cyber-attacks ( Sarmah, 2019).
Introduction
Health sector companies provide different service to their clients using information technologies. It is
necessary to use information technology to increase the efficiency of different processes, such as clinical
services, patient’s appointments, healthcare products, and many more. My health company provides
healthcare products, and clinical services as well as research of the cancer-related disease. There are
many other facilities for patients, which are provided by the company. The company has many
information assets to manage different facilities and services. The company requires security policies to
secure its information assets, such as computer systems, servers, internetworking devices, databases,
and many others. In addition, the Australian government provides cybersecurity policies to safe
information assets from different types of cybercrime (ACSC, 2017).
Information assets are having many security risks. Therefore, it is necessary to mitigate those risks
through mitigation strategies, which are provided by the government to all the companies, which are
using information assets for their various services (ACSC, 2019). Cyber-attacks make a huge impact on
many things on a company, such as reputation, financial loss, business continuity, and many others.
Information systems are required high security from the cyber-attacks ( Bradford, 2018). In addition,
information assets are having huge value. Therefore, it is highly required for strong security policies to
make them secure (Andrijcic & Horowitz, 2016).
Task 1: Penetration testing
1-(a)
Penetration testing uses to test websites to find different issues, which makes a huge impact of the
performance of websites, which is related to the reputation, and business of a company (guru99.com,
2019). In addition, Penetration testing is a type of security testing, which is used to find out insecure
areas of the website, system, and applications. It provides different vulnerabilities of the system, which
are the main cause of cyber-attacks (Arlitsch & Edelman, 2014). Vulnerability creates different risks for
the system, which contains data of patients and other processes ( Rouse, 2018). They are created in the
system by accident during the software development process and implementation processes of the
system, such as design errors, bugs, configuration errors, and many more. Penetration testing is used to
provide cybersecurity to the whole system from cyber-attacks ( Sarmah, 2019).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pen test and BIA 4
1-(b)
Penetration testing is essential in a company because of many reasons, which areas:
1. Financial data is present in the systems, such as banks, stocks, insurance, and many others.
2. To figure out more threats after hacking of the system
3. It provides the best safeguard against cyber-attacks
Source: (guru99.com, 2019)
It has four parts, which are attack phase, planning phase, discovery phase, and reporting phase. There
are many tools available for penetration testing in the market, such as Nmap, Nessus, and Pass-The-
Hash (Whitaker & Newman, 2005).
2-(a) Role 3 (i)
Fuzz checking out is a built-in trying out built-in integrated computerized. It is semi-automatic checking
out strategies, which has used to discover code integrated mistakes and safety issues built-in software
program. It built integrated structures, or networks with the aid referred to as FUZZ, and then the built-
in integrated is monitored for diverse exceptions in the application.
1-(b)
Penetration testing is essential in a company because of many reasons, which areas:
1. Financial data is present in the systems, such as banks, stocks, insurance, and many others.
2. To figure out more threats after hacking of the system
3. It provides the best safeguard against cyber-attacks
Source: (guru99.com, 2019)
It has four parts, which are attack phase, planning phase, discovery phase, and reporting phase. There
are many tools available for penetration testing in the market, such as Nmap, Nessus, and Pass-The-
Hash (Whitaker & Newman, 2005).
2-(a) Role 3 (i)
Fuzz checking out is a built-in trying out built-in integrated computerized. It is semi-automatic checking
out strategies, which has used to discover code integrated mistakes and safety issues built-in software
program. It built integrated structures, or networks with the aid referred to as FUZZ, and then the built-
in integrated is monitored for diverse exceptions in the application.
Pen test and BIA 5
Source: (www.guru99.com, 2019)
There are few steps in fuzzy testing, which include these testing steps-
1. The company should identify the website of my health company
2. Identify the inputs and outcome of the process
3. Generate Fuzzed data of all the processes
4. Create and execute the program using fuzzy data
5. Monitor system application and its behavior
6. Find out log defects in the system
There are different types of vulnerabilities found in the testing by Fuzz testing, which are the following:
Assertion failures and memory leaks: It is happened because of the different vulnerabilities of
websites.
Input data: it uses fuzzers to create inputs and their respective outcomes
Correctness bugs: it provides a facility to correct bugs in the website, such as poor search
results, corrupted database, and many others.
There are different tools available in the market, some tools have used for fuzz testing, which is popular
are Burp Suite, Peach Fuzzer, and many more. Fuzz Testing is having many advantages for a website. It
improves software Security Testing. It provides different bugs of a website, which can be used by the
Source: (www.guru99.com, 2019)
There are few steps in fuzzy testing, which include these testing steps-
1. The company should identify the website of my health company
2. Identify the inputs and outcome of the process
3. Generate Fuzzed data of all the processes
4. Create and execute the program using fuzzy data
5. Monitor system application and its behavior
6. Find out log defects in the system
There are different types of vulnerabilities found in the testing by Fuzz testing, which are the following:
Assertion failures and memory leaks: It is happened because of the different vulnerabilities of
websites.
Input data: it uses fuzzers to create inputs and their respective outcomes
Correctness bugs: it provides a facility to correct bugs in the website, such as poor search
results, corrupted database, and many others.
There are different tools available in the market, some tools have used for fuzz testing, which is popular
are Burp Suite, Peach Fuzzer, and many more. Fuzz Testing is having many advantages for a website. It
improves software Security Testing. It provides different bugs of a website, which can be used by the
Pen test and BIA 6
hackers including unhandled exception, crashes, memory leak, and many others. It can found all those
bugs, which are not considered by the testers because of the restriction of resources and time.
2-(a) Role 3 (ii)
There are many threats to a website because of internal and external issues, which are accidentally
created at designing and implementation time (Bassi, 2019). There are few security vulnerabilities of
MyHealth Company, which areas:
SQL Injections:
Hacker uses an application code to corrupt and access databases of the company. An SQL injection is the
most common type of website vulnerability. It can allow a hacker to read, create, update, delete, alter,
and many other operations on the database of the company. It is very frequent and difficult types of
security vulnerability.
Cross Site Scripting (XSS)
In this vulnerability, hackers use a client-side script in their request to access the website and redirect it
to malicious websites. It is a bad thing for the company because it can damage the image of the
company. Cross-site scripting is highly used for access the session of the website, such as JavaScript, and
many others.
Broken Authentication
Authentication is necessary to access the back-end of a website. Therefore, it is necessary to secure
authentication details as well as sessions from hackers. Hacker can access authentication details of
different users and access the whole system. MyHealth Company can manage their authentication
details secure from hackers through cybersecurity (Barkly, 2018).
3.
Malware
Malware can affect the database of MyHealth Company, which can be a serious issue in front of the
company. There are many things, which are related to the patients and business processes, such as data,
information, and many other things. Malware can stop different services of the company, such as
patient’s appointment, doctors’ appointments, sales, distribution of medicine, consolation, and many
others. The company can use firewalls to secure their whole systems from malware.
hackers including unhandled exception, crashes, memory leak, and many others. It can found all those
bugs, which are not considered by the testers because of the restriction of resources and time.
2-(a) Role 3 (ii)
There are many threats to a website because of internal and external issues, which are accidentally
created at designing and implementation time (Bassi, 2019). There are few security vulnerabilities of
MyHealth Company, which areas:
SQL Injections:
Hacker uses an application code to corrupt and access databases of the company. An SQL injection is the
most common type of website vulnerability. It can allow a hacker to read, create, update, delete, alter,
and many other operations on the database of the company. It is very frequent and difficult types of
security vulnerability.
Cross Site Scripting (XSS)
In this vulnerability, hackers use a client-side script in their request to access the website and redirect it
to malicious websites. It is a bad thing for the company because it can damage the image of the
company. Cross-site scripting is highly used for access the session of the website, such as JavaScript, and
many others.
Broken Authentication
Authentication is necessary to access the back-end of a website. Therefore, it is necessary to secure
authentication details as well as sessions from hackers. Hacker can access authentication details of
different users and access the whole system. MyHealth Company can manage their authentication
details secure from hackers through cybersecurity (Barkly, 2018).
3.
Malware
Malware can affect the database of MyHealth Company, which can be a serious issue in front of the
company. There are many things, which are related to the patients and business processes, such as data,
information, and many other things. Malware can stop different services of the company, such as
patient’s appointment, doctors’ appointments, sales, distribution of medicine, consolation, and many
others. The company can use firewalls to secure their whole systems from malware.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Pen test and BIA 7
DDoS
Distributed denial of services is stopped all the services of the company, which makes a huge impact on
their working, such as clinical services, pharmacy services, appointments, operations, and many others.
The company uses technology to manage their different operations and if someone hacks their systems
and stops, their services, such as access to systems, database access denied, and many others.
Therefore, the company should monitor all the suspicious activities in their network using IDS, and IPS
systems (cloudflare.com, 2019).
Social engineering
Attackers can destruct different people of the company to take access to security credentials. Beside it,
they access the whole systems and control it.
Source: (Guru99, 2019)
Hackers collect information from different sources and plan for attack. They use all the information in
tools to attack the system. There are many things, which are effects by such types of attacks. MyHealth
Company should protect the whole system from this attack using proper training and code of conducts.
Phishing
It is a different type of attack, in which hackers make a copy of the websites and send the link to
different people, which are unknown about the real website. They provide their personal details, such as
email address, mobile number, credit card details, and many others. Hacker can use that information
from their personal information (Tiwari, 2018). My health company can prevent their system from
phishing using spam filters.
DDoS
Distributed denial of services is stopped all the services of the company, which makes a huge impact on
their working, such as clinical services, pharmacy services, appointments, operations, and many others.
The company uses technology to manage their different operations and if someone hacks their systems
and stops, their services, such as access to systems, database access denied, and many others.
Therefore, the company should monitor all the suspicious activities in their network using IDS, and IPS
systems (cloudflare.com, 2019).
Social engineering
Attackers can destruct different people of the company to take access to security credentials. Beside it,
they access the whole systems and control it.
Source: (Guru99, 2019)
Hackers collect information from different sources and plan for attack. They use all the information in
tools to attack the system. There are many things, which are effects by such types of attacks. MyHealth
Company should protect the whole system from this attack using proper training and code of conducts.
Phishing
It is a different type of attack, in which hackers make a copy of the websites and send the link to
different people, which are unknown about the real website. They provide their personal details, such as
email address, mobile number, credit card details, and many others. Hacker can use that information
from their personal information (Tiwari, 2018). My health company can prevent their system from
phishing using spam filters.
Pen test and BIA 8
Man-in-the-Middle (MITM)
It is an attack in which it provides access to attackers to intercepts communication between two
different sources. It can be used to steal personal information, login credentials, and corrupt data. It is a
type of cyber-attack. It is happening because of less secure communication channels.
It can be prevented from SSL and encryption techniques. Therefore, no one can understand the
information, which is present in communication channels (Swinhoe, 2017).
Ransomware
It is a software program, which has malicious code. It was designed to deny access to data or computer
system until a ransom is paid. It can be prevented through firewall and cybersecurity. My health
company should implement cybersecurity to protect its information assets and its website (export.gov,
2019).
Man-in-the-Middle (MITM)
It is an attack in which it provides access to attackers to intercepts communication between two
different sources. It can be used to steal personal information, login credentials, and corrupt data. It is a
type of cyber-attack. It is happening because of less secure communication channels.
It can be prevented from SSL and encryption techniques. Therefore, no one can understand the
information, which is present in communication channels (Swinhoe, 2017).
Ransomware
It is a software program, which has malicious code. It was designed to deny access to data or computer
system until a ransom is paid. It can be prevented through firewall and cybersecurity. My health
company should implement cybersecurity to protect its information assets and its website (export.gov,
2019).
Pen test and BIA 9
Task 2: Secure Systems / Networks / Applications
1- Individual:
A Virtual Private Network (VPN) uses for the creation of private connection for data transfer. It provides
a secure connection to the host in a public network. It creates a secure encrypted connection for
different persons in public infrastructure. It uses tunneling protocols to create a safe connection. It has
two most common types, which are site-to-site and remote access VPN. Both types are highly used in
the creation of a VPN in a company.
Remote access VPN:
Source: (Rouse, 2015)
In Remote access VPN, clients use a gateway to connect with the network of an organization. The
gateway is fully secure and it requires proper authentication to access different resources of that
infrastructure, such as intranets, printers, servers, and many others. It uses IPsec or SSL to create a
secure connection for users.
Site-to-site VPN:
In this VPN, gateway system uses to provide a connection to the entire network from different locations.
This VPN is using IPsec over the internet to create an encrypted connection. It uses MPLS clouds for
connection between different sites rather than the public internet. There are many differences between
IPsec, SSL, and SSH protocols, which are as mention below:
IP security protocol (IPsec), Secure Shell (SSH), and Secure Socket Layer (SSL) are used to provide
security in the network in different ways. SSH is working beside other network applications, such as
Task 2: Secure Systems / Networks / Applications
1- Individual:
A Virtual Private Network (VPN) uses for the creation of private connection for data transfer. It provides
a secure connection to the host in a public network. It creates a secure encrypted connection for
different persons in public infrastructure. It uses tunneling protocols to create a safe connection. It has
two most common types, which are site-to-site and remote access VPN. Both types are highly used in
the creation of a VPN in a company.
Remote access VPN:
Source: (Rouse, 2015)
In Remote access VPN, clients use a gateway to connect with the network of an organization. The
gateway is fully secure and it requires proper authentication to access different resources of that
infrastructure, such as intranets, printers, servers, and many others. It uses IPsec or SSL to create a
secure connection for users.
Site-to-site VPN:
In this VPN, gateway system uses to provide a connection to the entire network from different locations.
This VPN is using IPsec over the internet to create an encrypted connection. It uses MPLS clouds for
connection between different sites rather than the public internet. There are many differences between
IPsec, SSL, and SSH protocols, which are as mention below:
IP security protocol (IPsec), Secure Shell (SSH), and Secure Socket Layer (SSL) are used to provide
security in the network in different ways. SSH is working beside other network applications, such as
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pen test and BIA 10
HTTP, FTP, and many others. It can be used to create a tunnel for other application in a port-forwarding
mode. SSL provides security to clients in the transport layer. It is not a single application. It provides
security to different applications in an infrastructure. IPsec protocol provides secure at layer 2, which is
the IP packet layer. It provides network level security.
In addition, Both SSH and telnet use for the security purpose in a network. SSH is more secure than
telnet, as it provides different methods. SSH encrypts the data of clients and sends into a network. In
another hand, telnet sends data in plain text, which can be hacked by attackers. SSH uses symmetric
keys for authentication, which makes the whole system secure from cyber-attacks.
2- Role1:
Firewall and IDS are useful for the MyHealth Company. A firewall is necessary to prevent the whole
network from different types of issues, such as malicious functions, ransomware, Trojan horse, worms,
spams, viruses, and many more.
Source (Yadav, 2018)
Source: (Yadav, 2018)
HTTP, FTP, and many others. It can be used to create a tunnel for other application in a port-forwarding
mode. SSL provides security to clients in the transport layer. It is not a single application. It provides
security to different applications in an infrastructure. IPsec protocol provides secure at layer 2, which is
the IP packet layer. It provides network level security.
In addition, Both SSH and telnet use for the security purpose in a network. SSH is more secure than
telnet, as it provides different methods. SSH encrypts the data of clients and sends into a network. In
another hand, telnet sends data in plain text, which can be hacked by attackers. SSH uses symmetric
keys for authentication, which makes the whole system secure from cyber-attacks.
2- Role1:
Firewall and IDS are useful for the MyHealth Company. A firewall is necessary to prevent the whole
network from different types of issues, such as malicious functions, ransomware, Trojan horse, worms,
spams, viruses, and many more.
Source (Yadav, 2018)
Source: (Yadav, 2018)
Pen test and BIA 11
Instruction Detection System (IDS) is used to detect different suspicious activities in a network, which
can be created from internal or external users. It provides security to whole systems from different risks.
Instruction Prevention System (IPS) is used to prevent the whole network from suspicious activities. It
blocks all those suspicious activities, which are trying to access the system through unauthorized
credentials.
Task 3: Managing personnel security
Social engineering is a security attack, which has happened because of a lack of knowledge about the
authentications and cyber-attacks. There are many reasons, which affect data privacy and security of the
company, which are network issues, data storage issues, IT infrastructure issues, and many others.
Social engineering is a process in which hacker manipulate users from different methods into revealing
confidential facts that may be used to advantage unauthorized get entry to a computer system. There
are many other issues in social engineering, which are useful for hackers. In addition, this term can also
encompass sports including exploiting human kindness, greed, and curiosity to gain get admission to
restricted access homes or getting the customers to installing malware infected software in their
systems. Hackers collect information from users through manipulation and use that information for
hacking the whole system. However, knowing the hints utilized by hackers to trick customers into
freeing essential login facts amongst others is fundamental in shielding personal computer systems.
The company can improve this thing using proper training of employees regarding cybersecurity and
other malware in the system, which can be harmful to the company. Therefore, no one can share his or
her personal authentications to others to secure the whole system.
Task 4: Business Impact Analysis (BIA)
BIA is necessary to understand about the different status of the business, which is related to the
financial, legal, regulatory, timing, and other (Rouse, 2015). There are many issues in business.
Therefore, the company should do BIA to understand different issues of business functions to mitigate
them in proper time.
The information you collect for your BIA report should include the following:
Instruction Detection System (IDS) is used to detect different suspicious activities in a network, which
can be created from internal or external users. It provides security to whole systems from different risks.
Instruction Prevention System (IPS) is used to prevent the whole network from suspicious activities. It
blocks all those suspicious activities, which are trying to access the system through unauthorized
credentials.
Task 3: Managing personnel security
Social engineering is a security attack, which has happened because of a lack of knowledge about the
authentications and cyber-attacks. There are many reasons, which affect data privacy and security of the
company, which are network issues, data storage issues, IT infrastructure issues, and many others.
Social engineering is a process in which hacker manipulate users from different methods into revealing
confidential facts that may be used to advantage unauthorized get entry to a computer system. There
are many other issues in social engineering, which are useful for hackers. In addition, this term can also
encompass sports including exploiting human kindness, greed, and curiosity to gain get admission to
restricted access homes or getting the customers to installing malware infected software in their
systems. Hackers collect information from users through manipulation and use that information for
hacking the whole system. However, knowing the hints utilized by hackers to trick customers into
freeing essential login facts amongst others is fundamental in shielding personal computer systems.
The company can improve this thing using proper training of employees regarding cybersecurity and
other malware in the system, which can be harmful to the company. Therefore, no one can share his or
her personal authentications to others to secure the whole system.
Task 4: Business Impact Analysis (BIA)
BIA is necessary to understand about the different status of the business, which is related to the
financial, legal, regulatory, timing, and other (Rouse, 2015). There are many issues in business.
Therefore, the company should do BIA to understand different issues of business functions to mitigate
them in proper time.
The information you collect for your BIA report should include the following:
Pen test and BIA 12
The name of the process
Historical data
The timing
Full in the formation of processes execution
Proper regulatory and legal impacts of the process on the organization
Figure out all the input and outcomes of processes
The financial and operational impacts
Find all the resources and tool, which are used into all the processes
owner of the process
BIA is the most important analysis is a company to know about risks and mitigates them to avoid a huge
crisis in the company. BIA provides many advantages to the company (Weber, 2019).
This analysis is a process to decide and examine the results of a disturbance to important enterprise
operations because of an emergency in the system. A BIA is an important aspect of an organization’s
enterprise continuance plan. BIA is the most popular analysis to resolve different issues and make
satisfied to their customers. It consists of an exploratory element to reveal any vulnerabilities and a
planning thing to expand strategies for minimizing risk. The result is BIA, which describes the potential
risks specific to the employer studied.
In addition, one of the fundamental assumptions in the back of BIA is that each thing of the organization
is reliant upon the continued functioning of each other element. In addition, some are greater crucial
than others and require an extra allocation of the price range in the wake of a disaster. As an instance,
an enterprise can be capable of continuing extra or much less common. An education consultation may
be performed for key employees with expertise of the commercial enterprise. Data can be gathered in a
selection of methods, consisting of in-character meetings and automatic reviews (Rouse, 2015).
In addition, the company can know about business functions from the outcomes of a BIA. It is having
many benefits for the company. The BIA analysis sections are to regulate the most vital enterprise
capabilities and systems. The BIA analysis uses for mitigation of different issues from a system.
This analysis is helpful for guiding computer system and user to manage different issues properly. In
front of the company, demanding situations encompass to figuring out the sales effect of an enterprise
function and quantifying the lengthy-time period effect of losses in marketplace percentage, enterprise
The name of the process
Historical data
The timing
Full in the formation of processes execution
Proper regulatory and legal impacts of the process on the organization
Figure out all the input and outcomes of processes
The financial and operational impacts
Find all the resources and tool, which are used into all the processes
owner of the process
BIA is the most important analysis is a company to know about risks and mitigates them to avoid a huge
crisis in the company. BIA provides many advantages to the company (Weber, 2019).
This analysis is a process to decide and examine the results of a disturbance to important enterprise
operations because of an emergency in the system. A BIA is an important aspect of an organization’s
enterprise continuance plan. BIA is the most popular analysis to resolve different issues and make
satisfied to their customers. It consists of an exploratory element to reveal any vulnerabilities and a
planning thing to expand strategies for minimizing risk. The result is BIA, which describes the potential
risks specific to the employer studied.
In addition, one of the fundamental assumptions in the back of BIA is that each thing of the organization
is reliant upon the continued functioning of each other element. In addition, some are greater crucial
than others and require an extra allocation of the price range in the wake of a disaster. As an instance,
an enterprise can be capable of continuing extra or much less common. An education consultation may
be performed for key employees with expertise of the commercial enterprise. Data can be gathered in a
selection of methods, consisting of in-character meetings and automatic reviews (Rouse, 2015).
In addition, the company can know about business functions from the outcomes of a BIA. It is having
many benefits for the company. The BIA analysis sections are to regulate the most vital enterprise
capabilities and systems. The BIA analysis uses for mitigation of different issues from a system.
This analysis is helpful for guiding computer system and user to manage different issues properly. In
front of the company, demanding situations encompass to figuring out the sales effect of an enterprise
function and quantifying the lengthy-time period effect of losses in marketplace percentage, enterprise
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Pen test and BIA 13
clients. It makes huge impacts to bear in mind encompass behind schedule income or earnings,
improved legal issues, intellectual properties, customers dissatisfaction.
The BIA record normally consists of rule and regulations, and facts at the methodology for facts
accumulating and analysis. The company can use unique findings on the diverse commercial enterprise
devices and useful regions, charts and diagrams to illustrate capacity losses, and guidelines for
recuperation (Rouse, 2015).
As a part of a disaster healing plan, a BIA is probable to perceive costs linked to failures, including loss of
coins go with the flow, alternative of gadget, salaries paid to seize up with a backlog of labor, loss of
income, the body of workers and facts, and so on. A BIA document quantifies the significance of
business additives and indicates appropriate fund allocation for measures to guard them (Weber, 2019).
A BIA frequently takes place before a hazard assessment. This analysis has all the records of all the
business processes. The BIA makes a specialty of the effects or effects of the interruption to critical
enterprise features. It is necessary to quantify the monetary and non-monetary charges associated with
a catastrophe (Weber, 2019). The commercial enterprise impact assessment appears on the elements of
the enterprise that are so crucial. Therefore, it requires managing all the things properly. A BIA can use
the different function in a starting point for a catastrophe restoration approach and look at RTOs and
RPOs, and sources and substances wanted for management of the business and it is useful for the
business continuity after any disaster.
Source: (Rouse, 2015)
There are many issues in an enterprise, which are related to their business processes. The company can
manage those issues based on the analysis and management of different issues using BIA analysis. There
is much vulnerability in the system, which can make a huge impact of the organisation. Therefore, it is
necessary to manage all the vulnerabilities and provide satisfaction to the customers and others. BIA is
clients. It makes huge impacts to bear in mind encompass behind schedule income or earnings,
improved legal issues, intellectual properties, customers dissatisfaction.
The BIA record normally consists of rule and regulations, and facts at the methodology for facts
accumulating and analysis. The company can use unique findings on the diverse commercial enterprise
devices and useful regions, charts and diagrams to illustrate capacity losses, and guidelines for
recuperation (Rouse, 2015).
As a part of a disaster healing plan, a BIA is probable to perceive costs linked to failures, including loss of
coins go with the flow, alternative of gadget, salaries paid to seize up with a backlog of labor, loss of
income, the body of workers and facts, and so on. A BIA document quantifies the significance of
business additives and indicates appropriate fund allocation for measures to guard them (Weber, 2019).
A BIA frequently takes place before a hazard assessment. This analysis has all the records of all the
business processes. The BIA makes a specialty of the effects or effects of the interruption to critical
enterprise features. It is necessary to quantify the monetary and non-monetary charges associated with
a catastrophe (Weber, 2019). The commercial enterprise impact assessment appears on the elements of
the enterprise that are so crucial. Therefore, it requires managing all the things properly. A BIA can use
the different function in a starting point for a catastrophe restoration approach and look at RTOs and
RPOs, and sources and substances wanted for management of the business and it is useful for the
business continuity after any disaster.
Source: (Rouse, 2015)
There are many issues in an enterprise, which are related to their business processes. The company can
manage those issues based on the analysis and management of different issues using BIA analysis. There
is much vulnerability in the system, which can make a huge impact of the organisation. Therefore, it is
necessary to manage all the vulnerabilities and provide satisfaction to the customers and others. BIA is
Pen test and BIA 14
also beneficial for organisations to avoid huge losses. It provides all the details about the business
processes of an enterprise ( Bradford, 2018).
Task 5: Report template
The report created from assignment 3 included an introduction section, which briefly explains the work
done in the assignment. This report has references in the last section. All the answers to task 1 to 5
included in this report.
also beneficial for organisations to avoid huge losses. It provides all the details about the business
processes of an enterprise ( Bradford, 2018).
Task 5: Report template
The report created from assignment 3 included an introduction section, which briefly explains the work
done in the assignment. This report has references in the last section. All the answers to task 1 to 5
included in this report.
Pen test and BIA 15
References
Bradford, L., 2018. What You Need To Know About Cybersecurity In 2018. [Online]
Available at: https://www.forbes.com/sites/laurencebradford/2018/03/30/why-people-should-learn-
about-cybersecurity-in-2018/#7c88f6fe5d00
[Accessed 11 December 2018].
Rouse, M., 2018. pen test (penetration testing). [Online]
Available at: https://searchsecurity.techtarget.com/definition/penetration-testing
[Accessed 3 May 2019].
Sarmah, H., 2019. 5 Reasons Why One Should Learn Cyber Security In 2019. [Online]
Available at: https://www.analyticsindiamag.com/5-reasons-why-one-should-learn-cyber-security-in-
2019/
[Accessed 3 May 2019].
ACSC, 2017. Australian Cyber Security Centre. [Online]
Available at: https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
[Accessed 12 December 2018].
ACSC, 2019. Strategies to Mitigate Cyber Security Incidents. [Online]
Available at: https://acsc.gov.au/infosec/mitigationstrategies.htm
Andrijcic, E. & Horowitz, B., 2016. A Macro Economic Framework for Evaluation of Cyber Security Risks‐
Related to Protection of Intellectual Property. Risk analysis, 26(4), pp. 907-923.
Arlitsch, K. & Edelman, A., 2014. Staying safe: Cyber security for people and organizations. Journal of
Library Administration, 54(1), pp. 46-56.
Barkly, 2018. 5 Cybersecurity Statistics Every Small Business Should Know in 2018. [Online]
Available at: https://blog.barkly.com/small-business-cybersecurity-statistics-2018
Bassi, B., 2019. 6 Common Website Security Vulnerabilities. [Online]
Available at: https://www.commonplaces.com/blog/6-common-website-security-vulnerabilities/
[Accessed 25 May 2019].
References
Bradford, L., 2018. What You Need To Know About Cybersecurity In 2018. [Online]
Available at: https://www.forbes.com/sites/laurencebradford/2018/03/30/why-people-should-learn-
about-cybersecurity-in-2018/#7c88f6fe5d00
[Accessed 11 December 2018].
Rouse, M., 2018. pen test (penetration testing). [Online]
Available at: https://searchsecurity.techtarget.com/definition/penetration-testing
[Accessed 3 May 2019].
Sarmah, H., 2019. 5 Reasons Why One Should Learn Cyber Security In 2019. [Online]
Available at: https://www.analyticsindiamag.com/5-reasons-why-one-should-learn-cyber-security-in-
2019/
[Accessed 3 May 2019].
ACSC, 2017. Australian Cyber Security Centre. [Online]
Available at: https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
[Accessed 12 December 2018].
ACSC, 2019. Strategies to Mitigate Cyber Security Incidents. [Online]
Available at: https://acsc.gov.au/infosec/mitigationstrategies.htm
Andrijcic, E. & Horowitz, B., 2016. A Macro Economic Framework for Evaluation of Cyber Security Risks‐
Related to Protection of Intellectual Property. Risk analysis, 26(4), pp. 907-923.
Arlitsch, K. & Edelman, A., 2014. Staying safe: Cyber security for people and organizations. Journal of
Library Administration, 54(1), pp. 46-56.
Barkly, 2018. 5 Cybersecurity Statistics Every Small Business Should Know in 2018. [Online]
Available at: https://blog.barkly.com/small-business-cybersecurity-statistics-2018
Bassi, B., 2019. 6 Common Website Security Vulnerabilities. [Online]
Available at: https://www.commonplaces.com/blog/6-common-website-security-vulnerabilities/
[Accessed 25 May 2019].
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pen test and BIA 16
cloudflare.com, 2019. What is a DDoS Attack?. [Online]
Available at: https://www.cloudflare.com/en-in/learning/ddos/what-is-a-ddos-attack/
[Accessed 22 May 2019].
export.gov, 2019. United Kingdom - Cyber-Security. [Online]
Available at: https://www.export.gov/article?id=United-Kingdom-Cyber-Security
[Accessed 14 March 2019].
guru99.com, 2019. Penetration Testing Tutorial: What is PenTest?. [Online]
Available at: https://www.guru99.com/learn-penetration-testing.html
[Accessed 25 May 2019].
Guru99, 2019. What is Social Engineering? Attacks, Techniques & Prevention. [Online]
Available at: https://www.guru99.com/how-to-hack-using-social-enginering.html
[Accessed 25 May 2019].
Rouse, M., 2015. business impact analysis (BIA). [Online]
Available at: https://searchstorage.techtarget.com/definition/business-impact-analysis
[Accessed 25 May 2019].
Rouse, M., 2015. VPN (virtual private network). [Online]
Available at: https://searchnetworking.techtarget.com/definition/virtual-private-network
[Accessed 22 May 2019].
Swinhoe, D., 2017. What is a man-in-the-middle attack? How MitM attacks work and how to prevent
them. [Online]
Available at: https://www.csoonline.com/article/3340117/what-is-a-man-in-the-middle-attack-how-
mitm-attacks-work-and-how-to-prevent-them.html
[Accessed 25 May 2019].
Tiwari, A., 2018. What Is Social Engineering? What Are Different Types Of Social Engineering Attacks?.
[Online]
Available at: https://fossbytes.com/what-is-social-engineering-types-techniques/
[Accessed 25 May 2019].
cloudflare.com, 2019. What is a DDoS Attack?. [Online]
Available at: https://www.cloudflare.com/en-in/learning/ddos/what-is-a-ddos-attack/
[Accessed 22 May 2019].
export.gov, 2019. United Kingdom - Cyber-Security. [Online]
Available at: https://www.export.gov/article?id=United-Kingdom-Cyber-Security
[Accessed 14 March 2019].
guru99.com, 2019. Penetration Testing Tutorial: What is PenTest?. [Online]
Available at: https://www.guru99.com/learn-penetration-testing.html
[Accessed 25 May 2019].
Guru99, 2019. What is Social Engineering? Attacks, Techniques & Prevention. [Online]
Available at: https://www.guru99.com/how-to-hack-using-social-enginering.html
[Accessed 25 May 2019].
Rouse, M., 2015. business impact analysis (BIA). [Online]
Available at: https://searchstorage.techtarget.com/definition/business-impact-analysis
[Accessed 25 May 2019].
Rouse, M., 2015. VPN (virtual private network). [Online]
Available at: https://searchnetworking.techtarget.com/definition/virtual-private-network
[Accessed 22 May 2019].
Swinhoe, D., 2017. What is a man-in-the-middle attack? How MitM attacks work and how to prevent
them. [Online]
Available at: https://www.csoonline.com/article/3340117/what-is-a-man-in-the-middle-attack-how-
mitm-attacks-work-and-how-to-prevent-them.html
[Accessed 25 May 2019].
Tiwari, A., 2018. What Is Social Engineering? What Are Different Types Of Social Engineering Attacks?.
[Online]
Available at: https://fossbytes.com/what-is-social-engineering-types-techniques/
[Accessed 25 May 2019].
Pen test and BIA 17
Weber, J. L., 2019. What Is Business Impact Analysis & Why Is It Important?. [Online]
Available at: https://www.projectmanager.com/blog/business-impact-analysis
[Accessed 25 May 2019].
Whitaker, A. & Newman, D. P., 2005. Penetration Testing and Network Defense: Penetration Testing _1.
s.l.:Cisco Press..
www.guru99.com, 2019. Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example. [Online]
Available at: https://www.guru99.com/fuzz-testing.html
[Accessed 25 May 2019].
Yadav, A., 2018. Network Design: Firewall, IDS/IPS. [Online]
Available at: https://resources.infosecinstitute.com/network-design-firewall-idsips/
[Accessed 14 March 2019].
Weber, J. L., 2019. What Is Business Impact Analysis & Why Is It Important?. [Online]
Available at: https://www.projectmanager.com/blog/business-impact-analysis
[Accessed 25 May 2019].
Whitaker, A. & Newman, D. P., 2005. Penetration Testing and Network Defense: Penetration Testing _1.
s.l.:Cisco Press..
www.guru99.com, 2019. Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example. [Online]
Available at: https://www.guru99.com/fuzz-testing.html
[Accessed 25 May 2019].
Yadav, A., 2018. Network Design: Firewall, IDS/IPS. [Online]
Available at: https://resources.infosecinstitute.com/network-design-firewall-idsips/
[Accessed 14 March 2019].
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.