Saturday, December 21, 2019

Sonys Operations And Development Of Business Continuity Plan

The Sony was hacked in November 2014 by the group calling itself GOP or Guardians of Peace. With the disturbing images and threats displayed on the monitors and that was painful for Sony Entertainment. The routine work collapsed as server was down and in IT system all data wiped (Lavasoft, 2011). As per management information 100 terabytes of data released on internet which includes, employee personal information, salaries, emails, and social security numbers. The message delivered to Sony that, we have taken all your secret and important data (SANS, 2015). However, Sony has significant importance on the maintenance and development of business continuity plan and which is detection and prevention of disaster. Furthermore, business†¦show more content†¦According to Info Security, the members of hacking group DreTrolling claimed that they were able to access emails and passwords of gamers. Because of these issues there are many critics on Sony’s email encryption and IT security. If company’s server and mainframe are not protected then it is uncomplicated for hackers (Baker Finkle, 2011). In 2011, the investigation of massive data breach in Sony PlayStation and Entertainment network which revealed that Sony failed to use firewall to protect networks and caught into massive data beach. To avoid future attacks the document outlined to increase data security by using encryption. In addition other implementation included like unauthorized access or anomalies on the network (SANS, 2015). Security Critical Control The critical control security focuses on security functions that are effective to latest technology threats. These security controls prioritize on smaller number of action controls to aiming that must do first. Many organizations have adopted critical controls to prevent from future attacks and reduced risk by utilizing the controls (SANS, 2015). Following are critical controls: †¢ Application Software Security †¢ Wireless Access Control †¢ Data Recovery Capability †¢ Limitation and Control of Network Ports, Protocols, and Services †¢ Controlled Use of Administrative Privileges †¢ Maintenance, Monitoring, and Analysis of Audit Logs †¢ Data Protection †¢ Secure

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.