You are a new addition of the information assurance staff of a repair parts distributor. You serve companies such as NAPA and AutoZone, however, you are also about to bid on a contract to provide parts distribution to the military. The parts you will provide to the military are not sensitive in themselves, they are normal automotive parts for military vehicles. Your organization is located at four centers in the US: Baltimore, MD; Corpus Christi, TX; Sacramento, CA; and Pensacola, FL. Your headquarters is in Baltimore. All four locations have the operations database at mirrored for ease of access. All four locations lease their buildings and online virtual meeting spaces. Your company has devices that have been identified to be vulnerable when this story was published:
You outsource your network maintenance to a third party contractor. Your leadership is worried about your networks being vulnerable from outside actors because you may be working with the military. You have no control over the vendors that provide parts to you or the organizations you provide them to. Both provide information to your organization for the status of shipments. Currently, both feed information into your computer network databases.
Explain how you are going to assess and prioritize the threats and then what decision you will recommend.
