Botium Toys
Summary:
Google Cybersecurity Certificate project
Skills developed:
This was a fictional Business Security Audit of a fictional business called "Botium Toys" as part of one of my Google Cybersecurity Certificate Practical Modules.
The following text is a representation of a security audit after detecting the organization's assets, threats, vulnerabilities and risks and with them, create the following audit.
The following systems are in scope: accounting, endpoint detection, firewalls, intrusion detection system, and SIEM tool. These systems will be evaluated for:
Multiple controls need to be developed and implemented to meet the audit goals, including:
After this first internal audit on Botium Toys, there are certainly a lot of policies, controls, and procedures to put in place, but it is ok! We can fix them together.
The most important part right now is to work as a team to address these vulnerabilities and solve them to stop potential threats and risks in the future of this company.
It is recommended that critical findings relating to compliance with PCI DSS and GDPR be promptly addressed since Botium Toys accepts online payments from customers worldwide, including the E.U.
Additionally, since one of the goals of the audit is to adapt to the concept of least permissions, SOC1 and SOC2 guidance related to user access policies and overall data safety should be used to develop appropriate policies and procedures.
Having disaster recovery plans and backups is also critical because they support business continuity in the event of an incident. Integrating an IDS and AV software into the current systems will support our ability to identify and mitigate potential risks, and could help with intrusion detection since existing legacy systems require manual monitoring and intervention.
To further secure assets housed at Botium Toys’ single physical location, locks, and CCTV should be used to secure physical assets (including equipment) and to monitor and investigate potential threats. While not necessary immediately, using encryption and having a time-controlled safe, adequate lighting, locking cabinets, fire detection and prevention systems, and signage indicating alarm service providers will further improve Botium Toys’ security posture.
As my current career objective is to become a Security Analyst, I finished this certificate to land an entry-level position in the near future.
Other Projects