Report on Risk and Threat to Caduceus

25 Pages5698 Words242 Views

Added on 2020-04-07

Report on Risk and Threat to Caduceus

Added on 2020-04-07

Related Documents

Running head: IT/IS RISK MANAGEEMENTIT/IS Security ManagementName of the StudentName of the UniversityAuthor Note

1IT/IS SECURITY MANAGEMENTTable of ContentsIntroduction......................................................................................................................................2Usage of Salient Features of an Established Risk Mitigation Framework:.....................................2Identification and Analysis of the Threats and Vulnerabilities within Caduceus...........................5The Technical Threats.................................................................................................................5The operational threats................................................................................................................6Managerial risks...........................................................................................................................7Impact Analysis...............................................................................................................................7Data Collection and Analysis......................................................................................................7Planning Data Collection and Analysis.......................................................................................8Data Collection............................................................................................................................9Quantitative and Qualitative Approaches in Impact Evaluation.................................................9Threats, risk and vulnerabilities assessment..............................................................................11Risk severity matrix...................................................................................................................16Legal and Regulatory Requirements.............................................................................................16Conclusion.....................................................................................................................................18References:....................................................................................................................................20

2IT/IS SECURITY MANAGEMENTIntroductionThe Caduceus Partners Pty Ltd, Australia, also recognized as Caduceus, has specializedin supplying the infrastructural services to the medical services. It has comprised of the StrategicIS/IT division, the ream responsible to oversee the IT infrastructure. Moreover, it has beenlooking actively for the latest technologies and applications bringing value to the organization. The internet security management at Caduceus has been the set of procedures andpolicies to manage the sensitive data of the organization systematically. The aim has been tominimize the risk and assure the business continuity through limiting the effect of the securitybreach proactively. The report has identified the key components of the risks, threat and vulnerabilities alongwith effect on Caduceus. It has determined the future scopes of risk management and the securityrisk mitigation procedures. The study has provided the solution for the risks and produced aneffective risk analysis. Usage of Salient Features of an Established Risk Mitigation Framework:The risk management framework for the IS/IT Risk Management Project is needed to bedeveloped to eradicate the risks related to the development or inclusion of the technologies. Theframework is intended to deal with the variation of risks from the nominal values designedinherent by any manufacturing process. For mitigating the risks the processes and productsshould be characterized clearly (Shamala, Ahmad and Mariana 2013). The simulations arehelpful tools for modeling the behavior of the process and the product. The outcomes of thenumerical simulations help in recognizing the optimal design and conditions. Despite all this, the

3IT/IS SECURITY MANAGEMENTpresented uncertainties in the product and the process parameters, the effect on the capability andperformance could use in manufacturing the related products. This are evaluated and the relatedrisks for the basic parameters are to be decreased or mitigated completely by the framework. In this report the ISO/IEC 27001 is chosen for controlling the selection addressing themultiple risks. It has been the internationally identified excellent framework that could helpCaduceus to protect and manage the data resources such that stay secure and safe (Safa, Von andFurnell 2016). This has been helping to continually review and the refine the method done bythis, not for the present and also for the future. In this way the ISO/IEC 27001 could protect thebusiness of Caduceus along with their reputation and adding value. As documented, theframework was created with the intention to deliver the model to establish, implement, operate,monitor, review, maintain and develop the IS\IT management system (Safa et al. 2015). It hasbeen using the risk-based top down approach. I have been technologically neutral in nature. Thespecification has been defining the following planning process. Defining the security policy.Defining the scope of ISMS.Conducting the risk assessment.Managing of the identified risks.Selecting the control objectives and controls for implementation.Preparing the statement of applicability (Ogutcu, Testik and Chouseinoglou2016).

4IT/IS SECURITY MANAGEMENTThe above specification has been including the details to documentation, management,roles, continual improvement and internal audits, preventive and corrective actions. The standardhas needed the cooperation. This has been among every sections of Caduceus. The standard has not been mandating the particular controls on information security.However it has been providing the controlling of checklists considered in the codes of practice ofISO/IEC 27002:2005. The later one has been describing the comprehensive set of the controls ofinformation security aims. This has been setting the generally accepted of the good practice ofthe security controls. The ISMS has been the system of documents, processes, technology and individuals thathas been helping to monitor, manage, improve and audit of the information security of Caduceus.It has been helping to control the security practices at a place cost-effectively and consistently(Cheng et al. 2013). The ISO 27001-compliant ISMS have been depending on the risk assessments regularly(Carter and Zheng 2015). Thus it has been helpful to recognize and the control the securitythreats as the risk appetite and the tolerance of Caduceus.

5IT/IS SECURITY MANAGEMENTIdentification and Analysis of the Threats and Vulnerabilities within CaduceusThe Technical ThreatsThreats DescriptionInadequate procedure The foreseeable events have not beensupported by the accurate and the completetraining and documentation. Improper operation The equipment operating beyond the capacityof the constraints of the manufacturer(Siponen, Mahmood and Pahnila 2014). Improper Hardware The prescribed hardware has been configuredduring is configured other than the proposedmanner while installing. Improper software configuration The suggested software configured other thanthe prescribed way while installing. Unauthorized logical access Retrieving the use of the system where noaccess in authorized (Fenz et al. 2014). Malfeasance Having the system usage more than what hasbeen authorized. Exceeding licensing or unsanctioned use Using the authorized system resources for theunauthorized reasons. Over or under classification The labeling of the resources at improper levelof sensitivity for Caduceus. Malicious software It purposes is to deteriorate the performance ifthe system, destroying or modifying the data,subvert the security in any way. The operational threatsThreats DescriptionCyber risk and the data security The cyber criminals have not beendiscriminating between the companies on thebasis of location and size (Peltier 2016). Regulation The regulatory change is not consistent for lastfew years. This has been the top-most risk forany company. Along with the changes comethe elevated operational risks. It needs to bemanaged appropriately for IS/IT Management.

End of preview

Want to access all the pages? Upload your documents or become a member.

Information Security Management for CloudXYZ: Risk Assessment and Mitigation

|18

|3419

|275

Importance of Cyber Security Risk Management in E-commerce Companies

|729

|432

Professional Practice in IT Assignment

|1013

|26

IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022

|29

|6717

|25

Organizational Readiness and Risk Assessment for ISO 27001:2013 Certification

|1054

|440

Cloud Architecture Risk Assessment

|19

|3285

|104

Report on Risk and Threat to Caduceus

Report on Risk and Threat to Caduceus

End of preview

Information Security Management for CloudXYZ: Risk Assessment and Mitigationlg...

Importance of Cyber Security Risk Management in E-commerce Companieslg...

Professional Practice in IT Assignmentlg...

IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022lg...

Organizational Readiness and Risk Assessment for ISO 27001:2013 Certificationlg...

Cloud Architecture Risk Assessmentlg...

Information Security Management for CloudXYZ: Risk Assessment and Mitigation

Importance of Cyber Security Risk Management in E-commerce Companies

Professional Practice in IT Assignment

IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022

Organizational Readiness and Risk Assessment for ISO 27001:2013 Certification

Cloud Architecture Risk Assessment