1ADVANCED MEDICOS LIMITED SECURITY Table of Contents 1. Task-1: Identification and Management of Asset:.................................................................2 1.1. Identification and classification:.....................................................................................2 1.1.1. Description of Assets:..............................................................................................2 1.1.2. Assigning of Unique ID:..........................................................................................3 1.1.3. Classification of Assets:...........................................................................................5 1.2. Information Security governance:...................................................................................6 1.3. Security Policies:.............................................................................................................6 2. Task-2: Vulnerability and Risk Management:.......................................................................7 2.1. Enterprise Risk Management:.........................................................................................7 2.2. Vulnerability Assessment Table (TVA Worksheet):......................................................9 2.3. Risk Management Strategy:..........................................................................................10 2.4. Risk Assessment Table:................................................................................................11 3. References:...........................................................................................................................13
2ADVANCED MEDICOS LIMITED SECURITY 1. Task-1: Identification and Management of Asset: 1.1. Identification and classification: 1.1.1. Description of Assets: Advanced Medicos Limited (AML) is a company within the field of healthcare that sells medicated products. The company is an enterprise that consists of multiple assets and a huge network over which the entire business of the company is carried out. However, it has been identified that the network of the company has been lately facing some issues related to security in regards to the network (Chenand Song2016). For provisioning the company with the required amount of security, important assets of information need to be identified. Some of the information assets that belongs to Advanced Medicos Limited (AML) are, i)PhysicalDatabase-thephysicaldatabaseexistswithinthecountrythatis primarily used for the purpose of storing all the personal information belonging to the customers of the company. ii)Server- these are the servers that is located at the server room of the company that can be accessed by all the employees of the organization. iii)ADSL router- is the one that provides internet connectivity to all the devices connected to the network. iv)40 personal computers- is used by the employees to carry out the minimum work on a daily basis. v)10 VoIP phones- are used by the employees to carry out communication with clients or other offices. vi)2 Web server- this provides with the functionalities of web services as well as payment procedures (Evans2016).
3ADVANCED MEDICOS LIMITED SECURITY vii)DHCP server- allows the company to keep their network working and provide the end user devices with IP address allocation. viii)Cisco Catalyst Switch- allows to control the network and the amount of internet connectivity that flows through the entire network. ix)Backup computer- this is used for storing the backup files for future references connected to the internal network. x)DNS server- maintains the domain names of all the computers that are connected to the network of the company. 1.1.2. Assigning of Unique ID: The information assets that have been identified within the Advanced Medicos Limited Company have been assigned with some unique numbers for the ease of their identification. These are as follows, Physical Database: Location- Storage Room. Ownership- AML. Unique ID- SA.01 (SA- Storage Asset). Servers Location- Server Room. Ownership- AML. Unique ID- NA.01 (NA- Network Asset). ADSL Router: Location- Work Room.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4ADVANCED MEDICOS LIMITED SECURITY Ownership- AML. Unique ID- NA.02. Personal Computer: Location- Work Room. Ownership- AML. Unique ID- HA.01 (HA- Hardware Asset). VoIP Phones: Location- Work Room. Ownership- AML. Unique ID- NA.03. Web Server: Location- Server Room. Ownership- AML. Unique ID- NA.04. DHCP Server: Location- Server Room. Ownership- AML. Unique ID- NA.05. Cisco Catalyst Switch: Location- Work Room.
5ADVANCED MEDICOS LIMITED SECURITY Ownership- AML. Unique ID- NA.06. Backup storage computer: Location- Storage Room. Ownership- AML. Unique ID- SA.02. DNS Server: Location- Server Room. Ownership- AML. Unique ID- NA.07. 1.1.3. Classification of Assets: WFAInformation AssetAsset Class 10Physical DatabasePublic information 4ServerInternal information 7ADSL RouterInternal information 1Personal ComputerRestricted information 5VoIP PhonesInternal information 6Web ServerInternal information 2DHCP ServerRestricted information 8Cisco Catalyst SwitchInternal information 3Backup Storage ComputerRestricted information 9DNS ServerInternal information
6ADVANCED MEDICOS LIMITED SECURITY 1.2. Information Security governance: For provisioning the information assets with the required amount of security, the following information security governance areas shall be covered by Advanced Medicos Limited (AML), i)Governing the operations belonging to AML as well as protecting the critically existing information assets of the company as well (Shameli-Sendi,Aghababaei- Barzegarand Cheriet2016). ii)Provisioning the market shares as well as the stock prices of the organizations with the required amount of protection. iii)Governingtheparticularconductofalltheemployeesbelongingtothe organization. iv)Provisioning the reputation of Advanced Medicos Limited (AML) with protection in and around the global market and the field of healthcare. v)Ensuringthefactthatalltherequirementsassociatedwithcomplianceare successfully met (Dasand De Guise2019). 1.3. Security Policies: Thefollowingshouldbetheprimarysecuritypoliciesforsafeguardingthe information of the AML Company. These are, i)Confidentiality- data as well as the information assets of the organization should only be granted with an access to the people that have the authorization and should not be leaked to the ones not having a genuine authorization (Safa,Von Solmsand Futcher 2016).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7ADVANCED MEDICOS LIMITED SECURITY ii)Integrity- the data shall be kept intact, correct as well as accurate along with keeping the IT systems fully functional. iii)Availability- this refers to an objective that specifically indicates the information or the system that is at disposal to the users who have the authorization and when it is needed. 2. Task-2: Vulnerability and Risk Management: 2.1. Enterprise Risk Management: The following are the steps for Enterprise Risk Management that shall be followed by Advanced Medicos Limited (AML) for mitigating the risks (Wressell,Rasmussenand Driscoll2018). These are, i)Leadership as well as commitment- this is the step where the leader of the organization shall pass on every information to individual employees of the organization regarding the business objectives, the culture as well as the strategies aligned to the business. ii)Integration- this is the component of the enterprise risk management framework that has a complete dependency upon a proper integration of risk management approachandtherelativemethodsintoalltheaspectsofthecompany (Abrahamsenet al.2017). iii)Design- this step refers to the entire designing of how the risk management approach shall be carried out towards a successful as well as an effective risk management within the company. iv)Implementation- this step refers to the proper implementation of the designed approach into the aspects of the company.
8ADVANCED MEDICOS LIMITED SECURITY v)Evaluation- is the reporting of how well the risk management approach has been integrated within the aspects of the company. vi)Improvement- this step improves the places where the risk management approach was not that helpful and needs improvement for better services (Kirichenko, Radivilovaand Carlsson2018).
9ADVANCED MEDICOS LIMITED SECURITY 2.2. Vulnerability Assessment Table (TVA Worksheet): Asset1- Physical Database Asset2- Server Asset3- ADSL Router Asset4- PC Asset5- VoIP Phone Asset6- Web Server Asset7- DHCP Server Asset8- Cisco Switch Asset9- Backup PC Asset10- DNS Server Threat-1Unauthorized Access from External sources. Brute-force attack Misuseby potential hackers. Malware.Unauthorized accessfrom external sources during transmission (Blakemore 2016). Brute-force attack Unauthorized access leadingto incorrect TCP/IP configuration Address Resolution Protocol (ARP) attack PhishingTyposquatting Threat-2Hackingby cyber criminals. Denial-of- Service (Puthalet al. 2017). Trespassing of network Botnets.Denial-of- service Denial-of- Service. Overwriting of DNS Switch Spoofing Malware and Viruses Denial-of- service Priority For Vulnerability 12876341095
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10ADVANCED MEDICOS LIMITED SECURITY 2.3. Risk Management Strategy: Risk management plan – single risk Company name:Advanced Medicos Limited (AML)Completed by:Student name Work area:Cybersecurity managementDate completed:date Threat identification Denial of Service is an attack that is caused to workstations or the servers where the hackers put a lock on the system and only provision the user with the key when a ransom is received. Risk assessment What harm could the threat cause? This particular threat can cause a massive effect upon the business proceedings of the company by stealing the data or might as well by keeping it locked and placing the business on an entire halt (Sapienzaet al. 2017). Whatisthe likelihoodofthis happening The threat is likely to occur less but have a long lasting impact. Existingcontrol measure To have a proper installation of firewall at the entry point of the network can potentially decrease the occurrence of this threat and its entry into the network. ConsequenceHigh. LikelihoodModerate. Outcome Making the business go on a halt for limited period until the ransomisgivenandthepasswordisprovidedbythe hacker. Control measures(students can revise this part and provide their own desired controls-some examples are as follows) Detective controls Constant monitoring over the entry points of the network to check the entry of such attacks. Corrective controls Checking over the resources that have been attacked and paying the ransom to get hold of those resources. PreventiveUsage of“Consistency of Mitigation”for monitoring over the network to identify such bad elements and their existence and to mitigate them straightaway.
11ADVANCED MEDICOS LIMITED SECURITY Implementation Associated activitiesResources required Person(s) responsibleSign off and date Installing a firewallFirewall hardware Chief information securityofficer (CISO)’s name CISOsignature and date REVIEW Scheduled review date:// Are the control measures in place? Yes Are the controls eliminating/minimising the risk? Yes Are there any new problems with the risk? At present, there is no existence of any new problem associated with the risk and the currently existing infrastructure is well settled to defend the network against this particular risk. 2.4. Risk Assessment Table: Item numb er Observati on Threat source Existing controls Likeli hood (1-5) Impact (1-5) Risk Rating (1-25) Controls 1Passwords to the computers can be guessed or cracked. Cyber criminals or hackers. Various combinati on of passwords that need to be given. 4520Installation of antivirus software to prevent unauthoriz ed access. 2Unnecessa ry running of services on the web server. Unnecessar y services None.3412Installation of firewall to keep a constant monitoring over the entry points (Sapienza
12ADVANCED MEDICOS LIMITED SECURITY et al. 2018). 3Locking of system in return of ransom. Online cybercrimin al. None.3515Installation of antivirus software to prevent such sites from where Ransomwa re can get in to the systems. 4Stealing of sensitive informatio n on the computer. Online hackers. None.2510No clicking on untrusted links or accessing unauthoriz ed websites.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13ADVANCED MEDICOS LIMITED SECURITY 3. References: Abrahamsen, E.B., Pettersen, K., Aven, T., Kaufmann, M. and Rosqvist, T., 2017. A framework for selection of strategy for management of security measures.Journal of Risk Research,20(3), pp.404-417. Blakemore, B., 2016.Policing cyber hate, cyber threats and cyber terrorism. Routledge. Chen, H. and Song, Z., 2016, August. Secure Information Assets with Data: An Information SecurityGovernanceFrameworkUsingOrchestratedDataAnalyticsfromaHolistic Perspective.In2016InternationalConferenceonComputerScienceandElectronic Technology. Atlantis Press. Das, R. and De Guise, P., 2019.Protecting Information Assets and IT Infrastructure in the Cloud. CRC Press. Evans, L., 2016. Protecting information assets using ISO/IEC security standards.Information Management,50(6), p.28. Kirichenko, L., Radivilova, T. and Carlsson, A., 2018. Detecting cyber threats through social network analysis: short survey.arXiv preprint arXiv:1805.06680. Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to protectnetworksystemsagainstcyberthreats[futuredirections].IEEEConsumer Electronics Magazine,6(4), pp.24-27. Safa, N.S., Von Solms, R. and Futcher, L., 2016. Human aspects of information security in organisations.Computer Fraud & Security,2016(2), pp.15-18.
14ADVANCED MEDICOS LIMITED SECURITY Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K. and Ferrara, E., 2017, November. Early warnings of cyber threats in online discussions. In2017 IEEE International Conference on Data Mining Workshops (ICDMW)(pp. 667-674). IEEE. Sapienza, A., Ernala, S.K., Bessi, A., Lerman, K. and Ferrara, E., 2018, April. Discover: Mining online chatter for emerging cyber threats. InCompanion Proceedings of the The Web Conference 2018(pp. 983-990). Shameli-Sendi,A.,Aghababaei-Barzegar,R.andCheriet,M.,2016.Taxonomyof information security risk assessment (ISRA).Computers & security,57, pp.14-30. Wressell, J.A., Rasmussen, B. and Driscoll, A., 2018. Exploring the workplace violence risk profile for remote area nurses and the impact of organisational culture and risk management strategy.Collegian,25(6), pp.601-606.