Full soft, Inc. is a large software development company based in New York City. Full soft's software
Question:
Full soft, Inc. is a large software development company based in New York City. Full soft's software product development code is kept confidential in an effort to safeguard the company's competitive advantage in the marketplace. You are a security professional who reports into Full soft's infrastructure operations team.
Full soft's chief security officer (CSO) wants analysis performed and a high-level plan created to mitigatefuture risks, threats, and vulnerabilities. As part of this request, you and your team members will design a plan for performing a gap analysis. An IT gap analysis may be a formal investigation or an informal survey of an organization's overall IT security. The first step of a gap analysis is to compose clear objectives and goals concerning an organization's IT security. For each objective or goal, the person performing the analysis must gather information about the environment, determine the present status, and identify what must be changed to achieve goals. The analysis most often reveals gaps in security between "where you are" and "where you want to be."
Scenario:
Future IT is an IT company which provide different IT services such as application development, technicalissues resolution, software support, Internet services, database services and others. It is operating all acrossAustraliawiththebranches in majorcitiessuchasMelbourne,Sydney,Perth andBrisbane.
It has around 133,240 clients and has been providing services to them from the last five years. The company hasbeenconsistent withprovidingservices andis givingtoughcompetitionin the industry.
Future IT has a large database of employees and customer, which contain sensitive information. If thesensitive information is breached, it will impact not only customers but will also impact the organizationreputationinthemarket.
Future IT have an orthodox incident response plan strategy which was developed five years ago and has notbeen updated since then. The incident response doesn't cover most of the key points which need to becovered incaseofan incident.
Theincident responseplanof FutureIt isgivenbelow: