Question

You are hired as a penetration testing engineer at Ivy Medical Centre (IMC) located in Dandenong, Australia. The centre provides medical services mostly to pensioners, and KMC is determined to provide the highest security and privacy for their patients and visitors.
On your arrival, you have learnt that IMC provides anonymous FTP access to their database to external members. In addition, you have learnt that many hospital staff members are not adequately trained in cybersecurity and often fall for victim to phishing or other attacks. You realise you must consider a more preventative security solution for the protection of hospital data. As the hospital staff members are not well trained, zero day attack seems a major issue.

Answer 1

Penetrative testing engineer knows most of the way how hacker can get access or penetrate the data system.

The penetrative testing engineer must have knowledge of ethical hacking and should know to test and explore technical and non-technical ways how a hacker can breach security and gain system access.

As a penetrative testing engineer at Ivy medical centre (IMC) following steps I will take to provide data security and privacy to my customers to my customers.

First I will start a training and awareness program for the employees of medical centre about cyber security.

I will go for outsourcing cyber security third party expert so that organisation won't have any threat regarding access to the database to external members.

I will implement a security assessment program so that all the risks and threats regarding to the data can be identified.

I will acquire a cyber insurance forIvy Medical Centre (IMC).

I will tell all the employees of of Ivy medical centre to enable two factor authentication so that they can get some extra security while login.

I will arrange a training program to identify the phishing attacks and train all the employees about phishing attacks.

If you have any doubt you can comment.

like if you got your answer.