IS-3110 Week 6 Lab/Homework
The company should start the risk mitigation process by identifying assets. A complete asset inventory of all systems, services and data will help them determine the asset value. This value will help determine the impact to the company if the assets are lost damaged or stolen.
The next process will be to define scope of risk management for the company. They will need to determine what operations are critical to the company by doing a business impact analysis. They will need to evaluate the impact on customer service, data access, mission-critical systems, and applications.
The company will need to look at the seven domains of their IT infrastructure and identify the threats and vulnerabilities to determine how each domain will be mitigated. They will need to ensure all controls are in-place to address the threats and vulnerabilities that were identified.
It is very important that the company understands and complies with all laws and/or standards that apply to them. Because they will be selling their products online, they must understand and comply with the Payment Card Industry Data Security Standard (PCI DSS). In order to accept credit card payments from any of the major cards such as MasterCard, Visa and American Express the company will need to do a self-assessment and get (PCI DSS) certified. They will need to have safeguards across all seven domains.
The company will need to assess security and safeguards or