cyb400 Mod 6 activity Blackstone
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
400
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
2
Uploaded by ABusch18
Mr. Manager:
There are many advantages to pursuing a third party audit. Most notably, it shows that we are doing everything at our disposal to protect our customers’ data. It shows our customers, stakeholders and everyone involved that we value their data and will go above and beyond to protect it. (Demi Ben-Ari, 2023) A third-party audit would also confirm that we adhere to industry standards. This protects our reputation and helps prevent future problems by finding security issues before they become a problem.
A third-party audit can reveal security issues that an internal team may miss. They are looking at our network with fresh eyes. They do not have the bias of having established the network or not wanting to find errors in order to save face. They can be objective about the search and don’t have to worry about office politics or connections. (Jack, 2023) This allows them to be ruthless with their search and confident in their results. In the case study referenced at the end of this email, you will find that even those confident in their network’s security can have mistakes and errors that expose weaknesses. Wayne Fielder discovered that a network he was in charge of protecting had numerous security weaknesses. “The report was a harsh wakeup call for me,” Fielder states. “I could not believe I would leave workstation administrator accounts with null passwords.” (Fielder, Wayne, 2024) The audit from an outside company revealed several vulnerabilities, some of which were basic fixes that had simply gone overlooked for some time. The IT department hadn’t even thought about, for example, the passwords of administrator accounts! They discovered that many aspects of the network they had simply assumed to be safe were riddled with holes. The audit allowed them to see all these vulnerabilities at once and establish a plan of action to solve the problems in the most effective fashion.
Given that we are merging networks and expanding the number of workstations, a third-party audit would benefit us greatly at this time. In the example provided, it was an established network that wasn’t undergoing major changes and multiple vulnerabilities were found. In our case, we are unaware of what our new acquisition might look like in terms of actual security practices. Having an outside source come in to actively seek out vulnerabilities can be of immense help and is definitely something we should consider doing as soon as possible in order to best protect the data we are entrusted with.
All the best,
Alex Blackstone
Resources for further information:
Demi Ben-Ari. (2023, June 20).
4 Reasons You Should Perform a Third Party Cyber Risk Assessment
. Panorays. https://panorays.com/blog/4-reasons-to-perform-a-third-party-
cyber-risk-assessment/
Jack, S. (2023, July 31).
Why is a third-party security risk assessment important?
E-N Computers. https://www.encomputers.com/2023/07/third-party-security-risk-assessment/
Fielder, Wayne. (2024). Recovering From a Failed Security Audit – A Case Study.
https://sansorg.egnyte.com/dl/2iX8eK5DRH
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help