TCSE1ICB Assessment 3: Cybersecurity Risk Management Plan

Get Expert's Help on Individual Assignment

You are an entrepreneur looking to start DigiWords Inc, a platform for self-publishing e-books. Authors and independent publishers can upload their manuscripts as electronic files to the platform, which then converts them into multiple e-book formats for various devices. Before submitting your application to register your business, you also need to submit a Cybersecurity Risk Management Plan for your business. The purpose of this plan is to protect intellectual property and financial data, ensure that your business meets with regulatory requirements, and create confidence in your clients that you are treating security of their data seriously. Your plan should be simple (easy to understand), but also dynamic, as you may change systems as business progresses in coming years.

1.   Preparation for risk analysis [20 marks]

  1. Set scope and focus [10 marks/100 words]
  2. Describe the overall goal and target of analysis (e.g. put the diagram that shows the interaction of users and IT systems) [10 marks]

2.  High level analysis [20 marks]

  1. Identify involved parties or stakeholders (e.g. supplier) [ 5 marks]
  2. Identify assets (e.g. customer database, customer satisfaction) [5 marks]
  3. Draw a relationship between For example, asset diagram of a fictional AutoEngine

Inc company is depicted below. [5 marks] You can use https://app.diagrams.net/ or any other drawing software

  1. List initial threats in the following format [5 marks]
Cause of the threat (Who or What?) What may happen (risk)? Enabler
e.g. Hacker Extract customer database Through SQL injection

3.  Likelihood, Consequence scale, Risk function and evaluation Criteria [30 marks]

  • Likelihood (certain, likely, possible, unlikely, rare) [ 10 marks]
Likelihood Description
e.g. certain 10 times per year or a significant number of similar occurrences already on record

 

  • Consequence scale (Hint: catastrophic, serious, moderate, minor, insignificant) [10 marks]
Consequence Description
 e.g. Catastrophic Range of 65% affected or downtime in range of [1month, 1 year] Or the ICT director has been jailed
Risk function (e.g. for customer database)
Consequence/Likelihood Insignificant Minor Moderate Serious Catastrophic
Rare
Unlikely
Possible
Likely

 

  • Risk Function and evaluation criteria [10 marks] This table is for one asset (customer database)

Shade: green for “acceptable”, yellow for “monitor” and red for “needs to be treated”

4.  Risk Treatment [30 marks]

4.1 Draw your own diagram that shows the interaction of a given threat and each asset with the likelihood between them. For instance, the same company in 2(c) has a diagram that looks like the following [10 marks]

  • Draw your own diagram that shows the interaction of a given threat and each asset, labelling the harm the threat causes (as R1, 2, etc.) between them. For instance, the same company in 2(c) has a diagram that looks like the following: [10 marks]
  • List treatment as follows: [10 marks]
Treatment Cost Risk Risk reduction
Treatment 1: increase employee awareness low Risk 1 Risk 1: unacceptable to acceptable

Expert's Answer

help

Hire Expert 

Get a Professional Help


200
Select FileChangeRemove

TOP

Limited Time Offer! - 20% OFF on all Services Get Expert Assistance Today!

X