In: Computer Science
You are hired as a penetration testing engineer at Ivy Medical
Centre (IMC) located in Dandenong, Australia. The centre provides
medical services mostly to pensioners, and KMC is determined to
provide the highest security and privacy for their patients and
visitors.
On your arrival, you have learnt that IMC provides anonymous FTP
access to their database to external members. In addition, you have
learnt that many hospital staff members are not adequately trained
in cybersecurity and often fall for victim to phishing or other
attacks. You realise you must consider a more preventative security
solution for the protection of hospital data. As the hospital staff
members are not well trained, zero day attack seems a major
issue.
Penetrative testing engineer knows most of the way how hacker can get access or penetrate the data system.
The penetrative testing engineer must have knowledge of ethical hacking and should know to test and explore technical and non-technical ways how a hacker can breach security and gain system access.
As a penetrative testing engineer at Ivy medical centre (IMC) following steps I will take to provide data security and privacy to my customers to my customers.
First I will start a training and awareness program for the employees of medical centre about cyber security.
I will go for outsourcing cyber security third party expert so that organisation won't have any threat regarding access to the database to external members.
I will implement a security assessment program so that all the risks and threats regarding to the data can be identified.
I will acquire a cyber insurance forIvy Medical Centre (IMC).
I will tell all the employees of of Ivy medical centre to enable two factor authentication so that they can get some extra security while login.
I will arrange a training program to identify the phishing attacks and train all the employees about phishing attacks.
If you have any doubt you can comment.
like if you got your answer.