Reference no: EM132502536 , Length: word count:4500 + 14 PPT

PBL - Cyber Security Risk Assessment - Risk Assessment Report

In this assessment, students must perform a risk analysis of a scenario organisation's cyber risk, identify threats and vulnerabilities of information assets, forecast the consequences of a successful attack and recommend how each threat should be treated.

The risk assessment must be able to cater for accidental or deliberate hardware, software and network failures or attacks. Please be aware that you will need to make assumptions and guestimates for this assessment to make your risk assessment plausible. It is perfectly okay to do this.

Topics -

The following are three scenarios to be used for the cyber security risk assessment report for Assessment.

Scenario 1 - You have worked for Commonwealth Bank for a number of years as a Security Analyst. You have recently been promoted to their head office as an IT Security Manager. You discover that, in the week prior to your arrival, the bank was the victim of a cyber-attack. You discover that they have not completed a risk assessment for a number of months. Therefore, you decide to conduct a comprehensive risk assessment of their Data Centre, which is contained in their head office, and serves the wider network and branches.

Scenario 2 - You work for a well-known retailer, Target Australia. They recently had a major attack on their IT systems. While dealing with the aftermath of the attack, it became apparent that their cyber security risk assessment was woefully inadequate and extremely outdated. You have been tasked with creating a new cyber security risk assessment. Your risk assessment should be able to be applied to all of the retail outlet's facilities, buildings and networks.

Scenario 3 - You work for an organization in an IT or IT security capacity. You can use your own organisation for the scenario.

There are many risk assessment templates available on the Internet which show what should be covered in a risk assessment report. Please review some of these (3 or more) and use them as a guide to creating your own risk assessment report. This is a major task. If done properly, it will take you many weeks to complete. Do not wholesale copy what are in the templates as the University plagiarism software will pick it up and you will fail the assessment.

Try to think of the important issues to the scenario organisation that you have chosen as all risk assessment reports will not be the same - they are designed to be specific to an organisation (or organisation type). It is understood that there is an element of guess-work in this but you should be able to create a good risk assessment report with the limited information you have. You should conduct preliminary research on the organisation that you are basing your RA on (structure, size, locations, management structure etc.) this way you are more likely to produce a piece of work that is realistic.

In the report you should highlight how you arrived at your likelihood, impact and overall risk rating for each of your risks/threats.

Your risk assessment controls and recommendations should be supported by references and citations.

You must justify and support why you have chosen a particular control/solution/response/recommendation.

More Scenarios - Write and present an issue-specific policy for:

- Bring Your Own Device (BYOD)

- Social networking at work

- Use of file sharing technologies

- Mobile phones

- Appropriate use of email

Include components such as management decisions, roles and responsibilities matrix, scope, communication plan etc.

Attachment:- Cyber Security Risk Assessment File.rar