User Account

All Pages

Calculate risk for each vulnerability

Assignment Help Business Management
Reference no: EM133824534

Homework

Given: The student is given a scenario where an organization's sensitive data are leaked due to a breach and information about their currently implemented security defense system/measures are provided. The student is also given a list that contains a full list of assets inventory for the organization, including all descriptions and monetary values.

XYZ Company Background:

XYZ Corporation is a small-medium-sized technology company specializing in software development and IT solutions. The company employs approximately 200 employees and handles sensitive data from clients in various industries, including financial institutions and healthcare providers. XYZ Corporation takes data security seriously and has implemented several security defense systems and measures to protect its assets.

Current Security Defense Systems/Measures:

I. Firewall and Intrusion Detection System: XYZ Corporation has deployed a robust firewall and intrusion detection system to monitor network traffic and prevent unauthorized access to its internal systems. The system is designed to identify and block suspicious activities.

II. Access Control and Authentication: The company enforces strong access control policies, requiring employees to use unique usernames and passwords to access their systems. Additionally, two-factor authentication (2FA) is implemented for accessing critical systems and databases.

III. Encryption: XYZ Corporation uses encryption techniques to safeguard sensitive data both at rest and during transit. All data stored on servers and databases are encrypted, and secure communication protocols (such as SSL/TLS) are utilized for data transmission.

IV. Regular Software Updates and Patches: The company has a strict policy of regularly updating software and applying security patches to mitigate vulnerabilities. This includes operating systems, applications, and third-party software.

V. Employee Training and Awareness: XYZ Corporation conducts regular security awareness training programs for employees to educate them about data protection best practices, such as recognizing phishing attempts and the importance of strong passwords.

Company Assets and Inventory:

1) Servers and Networking Equipment: Dell PowerEdge R740 Server (x3) - $10,000 each
2) Cisco Catalyst 3850 Switch (x2) - $5,000 each
3) Juniper SRX340 Firewall - $8,000
4) Databases and Storage Systems: Oracle Database Server - $20,000
5) NetApp FAS2650 Storage System - $15,000
6) Workstations and Laptops: HP EliteBook 840 G7 (x50) - $1,500 each
7) Dell OptiPlex 7070 Desktop (x25) - $1,200 each
8) Software Licenses: Microsoft Office 365 Enterprise License - $12,000
9) Adobe Creative Cloud License - $6,000
10) Client Data: Financial Institution Client Data (confidential) - Value not specified
11) Healthcare Provider Client Data (protected health information) - Value not specified

Description of Data Breach Incident:

Despite the implemented security defense systems and measures, XYZ Corporation recently experienced a data breach incident. The breach occurred when a malicious attacker exploited a vulnerability in an outdated software component that had not been patched promptly. The attacker gained unauthorized access to the company's internal network and managed to extract sensitive client data, including financial institution client data and protected health information from healthcare providers. The exact value of the stolen data is yet to be determined, but it poses a significant risk to both the affected clients and XYZ Corporation's reputation.

Upon discovering the breach, XYZ Corporation took immediate action to contain the incident, engage with a cybersecurity forensic firm to investigate the extent of the breach, and notify the affected clients. The company is now working diligently to strengthen its security measures, update all software components, and enhance employee training programs to prevent future breaches and protect its assets and sensitive data.

Required: The student will

I. Assess the current security measures and strategies implemented at this company.

II. Perform a full analysis of possible types of breaches that might take place on those assets (minimum of three breaches) and use a risk analysis and assessment statistical techniques to report the security posture of that organization.

III. Identify and rank company XYZ's assets, threats, and vulnerabilities using a tool (like Excel) that shows all calculations and decision-making logic. Record any assumptions made.

IV. Conduct a detailed Cost Benefit Analysis (CBA) for a chosen control based on prior risk analysis, justify assumptions, and provide a concise conclusion and recommendation regarding the control's purchase.

Task: The homework deliverables are as follows:

I. Part I: Countermeasures: A comprehensive assessment/critique of the listed 5 current security measures adopted by the XYZ company. The description shall include how these measures operate to protect data, which assets they target to protect, whether they are effective, and what are other potential security threats the current defenses impose on the XYZ company.

II. Part II: Attacks: Provide full description of a minimum of 3 attacks (web based, network based, and software based) that can be launched against the company XYZ based on the current security posture as analyzed in part A. For each identified attack, provide sufficient information about the attack type, vulnerability or vulnerabilities that might lead to that attack, asset or assets that might be compromised, and security components that might be compromised, and your suggestion to mitigate that attack.

III. Part III: Risk Analysis: Perform the following tasks with respect to risk analysis of the company XYZ assets: Prioritize Assets, Identify and Prioritize Threats and Vulnerabilities for each asset, Calculate risk for each vulnerability, Prioritize which vulnerability would you address first and why? The risk analysis process shall be done using a tool that can be a full excel spreadsheet showing all calculations and interpretations. Document any assumptions made during your analysis.

IV. Part IV: Cost Benefit Analysis (CBA): You are required to carry out a comprehensive Cost-Benefit Analysis (CBA) for a control measure that you have identified as a potential solution to risks outlined in your earlier risk analysis (Part III). Your analysis should lead to a well-reasoned conclusion on whether the control should be implemented. The CBA process shall be done using a tool that can be a full excel spreadsheet showing all calculations and interpretations. Document any assumptions made during your analysis. Justify each assumption's relevance and reasonableness. Summarize the results of your CBA and present a clear recommendation on whether or not to purchase the control.

Reference no: EM133824534

Questions Cloud

Discuss the scope of the sustainability policy : The facility professional holds a meeting with the stakeholders to discuss the scope of the sustainability policy.
Organisations physical protection systems : Considering migrating the organisation's physical protection systems (PPS) to IP-platforms as part of its overall security convergence initiative
Quantitative analysis of turnover of specialized skills : A Quantitative Analysis of Turnover of Specialized Skills in the Manufacturing Industry.
Conduct the training and development : Online Media solutions have the policy to conduct the training need analysis of the staff members every six months and conduct the training and development
Calculate risk for each vulnerability : Identify and Prioritize Threats and Vulnerabilities for each asset, Calculate risk for each vulnerability, Prioritize which vulnerability would you address.
What would be your recommendations to educators : What would be your recommendations to educators, administrators, policymakers, etc. in reducing implicit biases in the current and future assessments
Future learning arrangements self-evaluation : Brainstorming session to identify and implement improvements in future learning arrangements Self-evaluation- Employee performance review
Organizations use stakeholder analysis to navigate : How can organizations use stakeholder analysis to navigate and adapt to changes in their ecosystem?
Operations beyond templand to neighboring countries : Shinyglas is considering expanding its operations beyond Templand to neighboring countries.

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd