You can download the solution Decision Types – Assignment Collaboration With Google Drive for free. For further assistance in Information Technology Assignments please check our offerings in Information Technology assignment solutions. Our subject-matter experts provide online assignment help to Information Technology students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.
(ExpertAssignmentHelp does not recommend anyone to use this sample as their own work.)
Question
Task Description
You are interviewed by Southern Cross University for a position of cybersecurity consultant to work in a university’s cybersecurity program. As part of the interview, you are required to complete the following tasks:
Task 1: discuss why risk assessment is the most critical step in developing and managing cyber security in the university and identify the limitations of the current
risk assessment methods.
Task 2: develop five questions that allow you to identify the most critical information assets of the university. Create a WFA template to rank the assets.
Task 3: identify the top five threats to the university information assets. Support you finding by quoting reputable sources of information.
Task 4: let’s assume that the university website is one of the most critical information asset of the university. Discuss how the top five threats could/could
not impact the asset. Rank the threats based on their levels of impact on the asset. Support your discussion by quoting reputable sources of information.
Solution
Task 1 – The importance of risk assessment
Cyber security Risk assessment
Business organizations face risks every day and these risks, if not analyzed and evaluated early, may result in loss of important company information. The frequency and scope of cyber security risks has expanded with an increase in the usage of ICT and internet in the organizational processes. The most common cyber risks faced by organizations nowadays include misuse of their information by some unauthorized users, unauthorized access to the company's private information (accidental or malicious), loss of data, disruption of productivity and service and unintentional exposure of information or leakage of confidential company data. The cyber security risk assessment can be defined as the process of identification, analysis and evaluation of the risks for managing them and making sure that the organization is not exposed to outside threats. Cyber security risk assessment is critical for an organization to understand and eliminate the operational risks such as organizational functions, image, reputation, and mission (Chabinsky, 2015).
Steps of cyber security risk assessment
As per the cyber security risk assessment framework suggested by NIST, the risk assessment process includes six major steps:
1. Identification of the information assets handled primarily by the organization (function, process or application)
2. Location of the information assets and finding out where they reside within the company.
3. Classification of the information assets in discrete categories such as regulated information or public information.
4. Conducting a threat modeling exercise which will result in ranking the threats to the company's cyber security on the basis of their priority; it will help in labeling the risks as high, medium or low and determining a likelihood rating.
5. Calculation of the risk rating through a simple equation:
Risk Rating = Impact (if exploited) * Likelihood (of exploit in the assessed control environment)
6. Finalizing the data and making an effective plan for sensible security (TechTarget, 2018).
The most important step in the process of risk assessment is adequate preparation. It includes understanding the purpose and scope of risk assessment, setting out the ground rules, analyzing the information sources, constraints and assumptions and using an analytical approach accordingly.
For complete solution please download from the link below
(Some parts of the solution has been blurred due to privacy protection policy)