Week 1: Lab Attack Simulation

Choice made	Why
I choose to use a 3rd party pentester to try to find any vulnerabilities with the application.	This wouldn't delay the launch of the app as much as working on it internally. If they leak any sensitive information we can sue them if they break contract.
I choose to pick the middle priced solution which was a 3rd party team that was recommended by an internal employee.	They have a good reputation and were vouched for by an internal employee. It doesn't cost too much either.
Use internal active directory to enforce strict access policies.	This prevents unwanted access from non authorized employees. It is also the cheapest option.
I choose to encrypt my intellectual property because IP can be one of the must valuable things a company has.	In the case of an attack the attacker would be able to only steal our encrypted data.
I choose to invest in breach technology.	This means we can see and respond to a breach in data as soon as possible.
I choose to let the journalist test the app in a controlled environment.	This gives us the press coverage we need for the app but also limits what the journalist can do in the app.
I choose to refuse to the let the journalist test the application outside of the company environment.	This is to reduce any risk of unwanted individuals finding day one exploits of my application.
Use the breach detection software.	We payed for it so we are gonna use it.
We deployed our app with no security issues!!!!!

Choice made

Why

I choose to use a 3rd party pentester to try to find any vulnerabilities with the application.

This wouldn't delay the launch of the app as much as working on it internally. If they leak any sensitive information we can sue them if they break contract.

I choose to pick the middle priced solution which was a 3rd party team that was recommended by an internal employee.

They have a good reputation and were vouched for by an internal employee. It doesn't cost too much either.

Use internal active directory to enforce strict access policies.

This prevents unwanted access from non authorized employees. It is also the cheapest option.

I choose to encrypt my intellectual property because IP can be one of the must valuable things a company has.

In the case of an attack the attacker would be able to only steal our encrypted data.

I choose to invest in breach technology.

This means we can see and respond to a breach in data as soon as possible.

I choose to let the journalist test the app in a controlled environment.

This gives us the press coverage we need for the app but also limits what the journalist can do in the app.

I choose to refuse to the let the journalist test the application outside of the company environment.

This is to reduce any risk of unwanted individuals finding day one exploits of my application.

Use the breach detection software.

We payed for it so we are gonna use it.

We deployed our app with no security issues!!!!!

PreviousWeek 1 NextWeek 1a: Legal Analysis

Last updated 1 year ago