The Final Part Of The Plan Development Essay

1311 Words Dec 14th, 2015 6 Pages
The final part of the plan development is provide annual training to the employees. All persons who are involved, from the executives down through the on-site implementation team, must properly audit the plan at least annually ("Best practices in business continuity", n.d.). Employees must be given training about Software side vulnerabilities too which helps organizations to tackle against various type of threats.
Table 4
Software side threats (Harwood, n.d.).
Threat Description of threat Mitigating method
Injection Injection defects will empower the hacker to bypass application access controls and make, change, erase or read information the application can get to. Require proper input validation, and verify all data that is received. This prevent malicious data from being entered into a target application.
Broken authentication and session management Compromised validation procedures lead to information leakage Create strong passwords
Cross-site scripting (xss) Harmful scripts are applied to the web server however they keep running on the customer browser with XSS, attempts are made to execute this dangerous code by injection it running it on the customer browser. Train users in how to detect and identify suspicious links, which can restrict the access to high risk sites.
Security misconfiguration Applications or hardware might have improper settings and configurations which can lead to serious risks. Try to remove or control access to non-essential applications.


Related Documents