Scribd
Upload
827 views2 pages

Integrated Defense PWC

This document discusses integrated defense strategies that can protect against both deliberate attacks and unintentional threats for Boldi AG. A layered approach would classify vital assets from the innermost layer to outward facing boundaries. Overlapping layered strategies, procedures, and details would reduce the impact of information risks.

Uploaded by

Aviraj Sarkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
827 views2 pages

Integrated Defense PWC

This document discusses integrated defense strategies that can protect against both deliberate attacks and unintentional threats for Boldi AG. A layered approach would classify vital assets from the innermost layer to outward facing boundaries. Overlapping layered strategies, procedures, and details would reduce the impact of information risks.

Uploaded by

Aviraj Sarkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

integrated defense is a universal concept that applies to deliberate attacks and non-

intentional threats such as acts of nature. A layered approach to Boldi AG’s


information security would involve classification from the innermost layer of vital
assets, core functions, processes, data and information to the public-facing
boundary points. These interlocking layered strategies, tactical procedures and
operational details would reduce the potential impact of information risks.

1. Intoduction
2. Recent attack on Boldi AG’s competitor
3. Warn them about the three dangers:

 ignoring “blind spots” in their defenses,


 blindly trusting in their systems, processes, and people, plus
 not checking up to see if these are actually working correctly.

Call

“Hi, after considering the dangers you flagged, we’ve identified a potential blind spot. We
have been storing our back-up systems images and database back-ups at an offsite
facility that is not monitored 24/7. This means that we cannot exclude with 100%
certainty that unauthorised persons could enter that facility. Feel free to call me if you
have any questions. Thanks.”

4. Problem: Blindspot- storing backup systems images and database backup at an


offsite facility- not monitored 24X7.
5. Minimum of best practices:

 physically protect information systems


 control access by all users
 control disclosure and disposal of information
 train all staff regularly

To wrap up the call, you explain that in a broader sense information security must
be actively managed. A risk management framework can provide top-down
guidance to organisations in setting the necessary organisational attitude and
mindset.

6. Solution: Risk management framework because their last information risk analysis
was conducted in 2014.
Part 1

We need to consider the information provided in the voicemail. Please differentiate


first due care from due diligence for information risk management. Afterwards, use
your new knowledge to analyse what Boldi AG did wrong. Was it due care, due
diligence or both? 

Our Cybersecurity team will include your findings in the final pitch presentation with
your detailed explanation.

Part 2

Based on the key principles of defense, what basic options does Boldi AG have for
limiting or containing damage from risk? 

Hint: the abbreviation of the options is Deter, Detect, Prevent, Avoid. Please briefly
explain each one. 

Before you answer in an email to Stefan (please use one PowerPoint slide of your
deck), think about how Boldi AG can react to an attack like the one experienced by
their competitor. 

This experience is self-paced. However, Stefan is completing the pitch in 1 hour and
need your valuable input. We recommend you spend no more than that completing
this task.

You might also like