Reference no: EM132952914 , Length: 1650 Words

Assessment item - Risk Assessment

TASK

SoftArc Engineering Ltd (SEL) is a civil engineering company which works across Australia as well as in New Zealand, Fiji, Vanuatu, Indonesia, Timor Leste and Papua New Guinea.

SEL has a small data centre at its main site in Bathurst where the company's servers and data storage is located. The company has the following server infrastructure:

• 2 x Active Directory domain controllers on Windows Server 2008 R2, (2 x Xeon 3.6GHZ, 8GB RAM, 140GB HDD);
• 3 x SQL Server 2003 database servers on Windows Server 2003 (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array);
• 1 x Exchange 2007 email server on Windows Server 2008 R2 (2 x Xeon 3.6GHZ, 8GB RAM, 250GB RAID-1 array);
• 4 x Windows Server 2003 File and Print servers (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-1 array);
• 2 x Windows Server 2008 R2 running Microsoft SharePoint 2013 (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array);
• 2 x Red Hat Enterprise 5 Linux servers running Apache and Tomcat (2 x Xeon 2.8GHZ, 16GB RAM, 140GB HDD)
• 1 x Cisco ASA 5512-X firewall running v9.6 ASA software.

The company has some 70 engineering and support staff that work on different projects for clients in various locations in Australia and overseas. The support staff are mainly based in Bathurst, but engineering staff are located in different parts of Australia, New Zealand, and Papua New Guinea. Most of the support staff have access to a PC, although some support staff share a PC with other staff. The engineering staff all connect remotely to the SEL data centre from their laptops. The SEL data centre infrastructure has not been updated for some time and the SEL Board is concerned that they may be exposed to a cyber attack as they are now starting to work on various Government projects in different countries.

Tasks:
You have been employed by SEL as their first ever Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company's risks. You are required to produce for the next SEL Board meeting:
1. A document that summarizes the major IT risks that SEL currently faces. This document should identify the major risks and their impact, likelihood and consequence. It should also discuss the possible controls to mitigate these risks.
2. A complete Risk Register for SEL. This risk register must contain, as a minimum:
a. A description of all risks identified for each IT asset, data set or process. This must not be restricted just to major risks.
b. A summary of the impact or consequence to each IT asset, data set or process, if the identified risk was to arise.
c. The likelihood of this risk occurring.
d. The inherent risk assessment (this is the assessed, raw/untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence).
e. The key controls to mitigate the risk (NOTE: it is possible that there may be more than one (1) control needed. Each control should be listed on a separate line)
f. The residual risk assessment (this is the assessed risk in a process or activity, in terms of likelihood and consequence, after controls are applied to mitigate the risk)
g. Prioritisation of the risk (what is the priority order for the risks to be addressed).

Your Risk Register should be in table format using the following column headings:
• Risk
• Impact
• Likelihood
• Assessment
• Controls
• Residual Risk
• Priority
Your summary document should provide references in APA 7 format.

RATIONALE
This assessment task will assess the following learning outcome/s:
• be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
• be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
• be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk

PRESENTATION
When submitting your assignment be sure to meet the following presentation requirements:
• Question 2 must be submitted in tabular format.
• Assignments are required to be submitted in either Word format (.doc, or .docx), Open Office format (.odf), Rich Text File format (.rtf), or .pdf format. Each assignment must be submitted as a single document.
• Assignments should be typed using a 11 or 12 point font.
• This assignment should be referenced using APA 7 format.

Attachment:- IT Risk Management.rar