TCSE1ICB Introduction to Cybersecurity

Get Expert's Help on Risk Management Plan

Hire a tutor for this answer

We have Professional Tutors available for all subjects, Unlock Your Potential with Personalized Tutoring

LiveChat / WhatsApp

Our expert tutors are available 24/7 to help you achieve your academic goals

Ask a New Question

We provide personalized tutoring and homework assistance services to help students of all levels succeed.

You are an entrepreneur looking to start DigiWords Inc, a platform for self-publishing e-books. Authors and independent publishers can upload their manuscripts as electronic files to the platform, which then converts them into multiple e-book formats for various devices. Before submitting your application to register your business, you also need to submit a Cybersecurity Risk Management Plan for your business. The purpose of this plan is to protect intellectual property and financial data, ensure that your business meets with regulatory requirements, and create confidence in your clients that you are treating security of their data seriously. Your plan should be simple (easy to understand), but also dynamic, as you may change systems as business progresses in coming years.

1.   Preparation for risk analysis [20 marks]

  1. Set scope and focus [10 marks/100 words]
  2. Describe the overall goal and target of analysis (e.g. put the diagram that shows the interaction of users and IT systems) [10 marks]

2.  High level analysis [20 marks]

  1. Identify involved parties or stakeholders (e.g. supplier) [ 5 marks]
  2. Identify assets (e.g. customer database, customer satisfaction) [5 marks]
  3. Draw a relationship between For example, asset diagram of a fictional AutoEngine

Inc company is depicted below. [5 marks] You can use https://app.diagrams.net/ or any other drawing software

  1. List initial threats in the following format [5 marks]
Cause of the threat (Who or What?) What may happen (risk)? Enabler
e.g. Hacker Extract customer database Through SQL injection

3.  Likelihood, Consequence scale, Risk function and evaluation Criteria [30 marks]

  • Likelihood (certain, likely, possible, unlikely, rare) [ 10 marks]
Likelihood Description
e.g. certain 10 times per year or a significant number of similar occurrences already on record

 

  • Consequence scale (Hint: catastrophic, serious, moderate, minor, insignificant) [10 marks]
Consequence Description
e.g. Catastrophic Range of 65% affected or downtime in range of [1month, 1 year] Or the ICT director has been jailed
Risk function (e.g. for customer database)
Consequence/Likelihood Insignificant Minor Moderate Serious Catastrophic
Rare
Unlikely
Possible
Likely

 

  • Risk Function and evaluation criteria [10 marks] This table is for one asset (customer database)

Shade: green for “acceptable”, yellow for “monitor” and red for “needs to be treated”

4.  Risk Treatment [30 marks]

4.1 Draw your own diagram that shows the interaction of a given threat and each asset with the likelihood between them. For instance, the same company in 2(c) has a diagram that looks like the following [10 marks]

  • Draw your own diagram that shows the interaction of a given threat and each asset, labelling the harm the threat causes (as R1, 2, etc.) between them. For instance, the same company in 2(c) has a diagram that looks like the following: [10 marks]
  • List treatment as follows: [10 marks]
Treatment Cost Risk Risk reduction
Treatment 1: increase employee awareness low Risk 1 Risk 1: unacceptable to acceptable

Solution

Hire Expert Tutors

Get Professional Tutoring at Low Price in Australia


Professional

Tutoring Services

25,187+

Orders Delivered

4.9/5

5 Star Rating

621

PhD Experts

 

Amazing Features

Plagiarism Free

Top Quality

Best Price

On-Time Delivery

100% Money Back

24 x 7 Support

TOP