Problem:
Amanda and Chris McDermott own a small business, Plastic Dollars, that produces and maintains stored value cards for retailers. Most of the cards they sell are gift cards, such as those available in various restaurants and stores. They just started their business two years ago, but this year they hope to sell about four million dollars worth of cards. Depending on the arrangement with the business, they may or may not maintain the database that contains the card owner's name and the current value on the card. Their revenue comes from the percentage of retail value they charge businesses for the cards. Therefore, although the business is doing well, money is still tight.
Plastic Dollars employs five people, including Chris and Amanda. Two of the employees are full-time, and the other is a part-time worker who is also a college student. The business has two servers and three client computer work stations. They also have three phone lines that allow them to communicate with various retail and restaurant establishments in real time. The company has been "hit" a few times by various programmed threats. Chris and Amanda use anti-virus software, but they aren't always careful about keeping it up to date. They know they should do more but they don't think the cost is worth it. Although they have no disaster recovery plan, they do back up their files every three hours, by encrypting and compressing their data and uploading it to a remote location.
Q1. Evaluate the risks to Plastic Dollars of programmed threats. What are the potential direct and indirect costs associated with these risks?
Q2. Develop a security plan for Plastic Dollars that will protect them against blended and other programmed threats.