Acme Brewing, a small microbrewery & pub with roughly 15 employees, has recently suffered some cybersecurity problems due to various issues on their part. These issues include:
The HR director releasing confidential employee information as a result of a phishing email
The loss of the company website due to corruption of the WordPress install and the company did not have a working backup
A customer accusing the company of leaking their credit card details. It has not been confirmed that the leak came from Acme, but the customer is upset and blaming Acme.
You have been hired as a security consultant by Acme and have been tasked to help them identify and explain these security issues and why they should worry about them. Acme has chalked these issues up to normal operating procedures and the owners insist that every company suffers these problems because the Internet is full of bad guys attacking everyone. They are also more focused on beer. It is clear they do not fully comprehend the ramifications of a poor cybersecurity attitude. Acme does have 1 IT support person, but they focus on more day to day issues and are not very versed in best security practices.
Your task is to create a report to present to Acme’s ownership team. This report needs to explain what cybersecurity is, why it is important, and what can happen to Acme if they continue operating with this attitude. This report needs to be formatted in a business professional manner, spell checked, and complete. Make sure to utilize the knowledge you have gained throughout this course to address the issues and create a holistic approach for Acme. Both the concepts from the ISACA material along with the PCI-DSS will be needed to create a successful report.
Your task is to create a report for the company that identifies:
The 3 problems identified above that Acme has encountered. This should include what the company needs to do to avoid data loss & data breach issues in the future including what the company could have done to prevent the ones they’ve already encountered.
A broad overview of what data security means and why it is important – these are basic cybersecurity concepts.
What the company needs to do to try and address the overall lack of good security practices in the company culture.
Brief explanation of the PCI-DSS, it’s make up, and why it is important for Acme Brewing to understand and utilize it.