ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Advanced Medicos Limited Security.

Verified

Added on  2022/08/31

|15
|2386
|14
AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: - ADVANCED MEDICOS LIMITED SECURITY
ADVANCED MEDICOS LIMITED SECURITY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1ADVANCED MEDICOS LIMITED SECURITY
Table of Contents
1. Task-1: Identification and Management of Asset:.................................................................2
1.1. Identification and classification:.....................................................................................2
1.1.1. Description of Assets:..............................................................................................2
1.1.2. Assigning of Unique ID:..........................................................................................3
1.1.3. Classification of Assets:...........................................................................................5
1.2. Information Security governance:...................................................................................6
1.3. Security Policies:.............................................................................................................6
2. Task-2: Vulnerability and Risk Management:.......................................................................7
2.1. Enterprise Risk Management:.........................................................................................7
2.2. Vulnerability Assessment Table (TVA Worksheet):......................................................9
2.3. Risk Management Strategy:..........................................................................................10
2.4. Risk Assessment Table:................................................................................................11
3. References:...........................................................................................................................13
Document Page
2ADVANCED MEDICOS LIMITED SECURITY
1. Task-1: Identification and Management of Asset:
1.1. Identification and classification:
1.1.1. Description of Assets:
Advanced Medicos Limited (AML) is a company within the field of healthcare that
sells medicated products. The company is an enterprise that consists of multiple assets and a
huge network over which the entire business of the company is carried out. However, it has
been identified that the network of the company has been lately facing some issues related to
security in regards to the network (Chen and Song 2016). For provisioning the company with
the required amount of security, important assets of information need to be identified. Some
of the information assets that belongs to Advanced Medicos Limited (AML) are,
i) Physical Database- the physical database exists within the country that is
primarily used for the purpose of storing all the personal information belonging to
the customers of the company.
ii) Server- these are the servers that is located at the server room of the company that
can be accessed by all the employees of the organization.
iii) ADSL router- is the one that provides internet connectivity to all the devices
connected to the network.
iv) 40 personal computers- is used by the employees to carry out the minimum work
on a daily basis.
v) 10 VoIP phones- are used by the employees to carry out communication with
clients or other offices.
vi) 2 Web server- this provides with the functionalities of web services as well as
payment procedures (Evans 2016).
Document Page
3ADVANCED MEDICOS LIMITED SECURITY
vii) DHCP server- allows the company to keep their network working and provide the
end user devices with IP address allocation.
viii) Cisco Catalyst Switch- allows to control the network and the amount of internet
connectivity that flows through the entire network.
ix) Backup computer- this is used for storing the backup files for future references
connected to the internal network.
x) DNS server- maintains the domain names of all the computers that are connected
to the network of the company.
1.1.2. Assigning of Unique ID:
The information assets that have been identified within the Advanced Medicos
Limited Company have been assigned with some unique numbers for the ease of their
identification. These are as follows,
Physical Database:
Location- Storage Room.
Ownership- AML.
Unique ID- SA.01 (SA- Storage Asset).
Servers
Location- Server Room.
Ownership- AML.
Unique ID- NA.01 (NA- Network Asset).
ADSL Router:
Location- Work Room.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4ADVANCED MEDICOS LIMITED SECURITY
Ownership- AML.
Unique ID- NA.02.
Personal Computer:
Location- Work Room.
Ownership- AML.
Unique ID- HA.01 (HA- Hardware Asset).
VoIP Phones:
Location- Work Room.
Ownership- AML.
Unique ID- NA.03.
Web Server:
Location- Server Room.
Ownership- AML.
Unique ID- NA.04.
DHCP Server:
Location- Server Room.
Ownership- AML.
Unique ID- NA.05.
Cisco Catalyst Switch:
Location- Work Room.
Document Page
5ADVANCED MEDICOS LIMITED SECURITY
Ownership- AML.
Unique ID- NA.06.
Backup storage computer:
Location- Storage Room.
Ownership- AML.
Unique ID- SA.02.
DNS Server:
Location- Server Room.
Ownership- AML.
Unique ID- NA.07.
1.1.3. Classification of Assets:
WFA Information Asset Asset Class
10 Physical Database Public information
4 Server Internal information
7 ADSL Router Internal information
1 Personal Computer Restricted information
5 VoIP Phones Internal information
6 Web Server Internal information
2 DHCP Server Restricted information
8 Cisco Catalyst Switch Internal information
3 Backup Storage Computer Restricted information
9 DNS Server Internal information
Document Page
6ADVANCED MEDICOS LIMITED SECURITY
1.2. Information Security governance:
For provisioning the information assets with the required amount of security, the
following information security governance areas shall be covered by Advanced Medicos
Limited (AML),
i) Governing the operations belonging to AML as well as protecting the critically
existing information assets of the company as well (Shameli-Sendi, Aghababaei-
Barzegar and Cheriet 2016).
ii) Provisioning the market shares as well as the stock prices of the organizations
with the required amount of protection.
iii) Governing the particular conduct of all the employees belonging to the
organization.
iv) Provisioning the reputation of Advanced Medicos Limited (AML) with protection
in and around the global market and the field of healthcare.
v) Ensuring the fact that all the requirements associated with compliance are
successfully met (Das and De Guise 2019).
1.3. Security Policies:
The following should be the primary security policies for safeguarding the
information of the AML Company. These are,
i) Confidentiality- data as well as the information assets of the organization should only
be granted with an access to the people that have the authorization and should not be
leaked to the ones not having a genuine authorization (Safa, Von Solms and Futcher
2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
7ADVANCED MEDICOS LIMITED SECURITY
ii) Integrity- the data shall be kept intact, correct as well as accurate along with keeping
the IT systems fully functional.
iii) Availability- this refers to an objective that specifically indicates the information or
the system that is at disposal to the users who have the authorization and when it is
needed.
2. Task-2: Vulnerability and Risk Management:
2.1. Enterprise Risk Management:
The following are the steps for Enterprise Risk Management that shall be followed by
Advanced Medicos Limited (AML) for mitigating the risks (Wressell, Rasmussen and
Driscoll 2018). These are,
i) Leadership as well as commitment- this is the step where the leader of the
organization shall pass on every information to individual employees of the
organization regarding the business objectives, the culture as well as the strategies
aligned to the business.
ii) Integration- this is the component of the enterprise risk management framework
that has a complete dependency upon a proper integration of risk management
approach and the relative methods into all the aspects of the company
(Abrahamsen et al. 2017).
iii) Design- this step refers to the entire designing of how the risk management
approach shall be carried out towards a successful as well as an effective risk
management within the company.
iv) Implementation- this step refers to the proper implementation of the designed
approach into the aspects of the company.
Document Page
8ADVANCED MEDICOS LIMITED SECURITY
v) Evaluation- is the reporting of how well the risk management approach has been
integrated within the aspects of the company.
vi) Improvement- this step improves the places where the risk management approach
was not that helpful and needs improvement for better services (Kirichenko,
Radivilova and Carlsson 2018).
Document Page
9ADVANCED MEDICOS LIMITED SECURITY
2.2. Vulnerability Assessment Table (TVA Worksheet):
Asset1-
Physical
Database
Asset2-
Server
Asset3-
ADSL
Router
Asset4-
PC
Asset5-
VoIP
Phone
Asset6-
Web
Server
Asset7-
DHCP
Server
Asset8-
Cisco
Switch
Asset9-
Backup
PC
Asset10-
DNS
Server
Threat-1 Unauthorized
Access from
External
sources.
Brute-force
attack
Misuse by
potential
hackers.
Malware. Unauthorized
access from
external
sources
during
transmission
(Blakemore
2016).
Brute-force
attack
Unauthorized
access
leading to
incorrect
TCP/IP
configuration
Address
Resolution
Protocol
(ARP)
attack
Phishing Typosquatting
Threat-2 Hacking by
cyber
criminals.
Denial-of-
Service
(Puthal et al.
2017).
Trespassing
of network
Botnets. Denial-of-
service
Denial-of-
Service.
Overwriting
of DNS
Switch
Spoofing
Malware
and Viruses
Denial-of-
service
Priority
For
Vulnerability
1 2 8 7 6 3 4 10 9 5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10ADVANCED MEDICOS LIMITED SECURITY
2.3. Risk Management Strategy:
Risk management plan – single risk
Company name: Advanced Medicos Limited (AML) Completed by: Student name
Work area: Cybersecurity management Date completed: date
Threat identification
Denial of Service is an attack that is caused to workstations or the servers where the
hackers put a lock on the system and only provision the user with the key when a ransom
is received.
Risk assessment
What harm could
the threat cause?
This particular threat can cause a massive effect upon the
business proceedings of the company by stealing the data or
might as well by keeping it locked and placing the business on
an entire halt (Sapienza et al. 2017).
What is the
likelihood of this
happening
The threat is likely to occur less but have a long lasting impact.
Existing control
measure
To have a proper installation of firewall at the entry point of the
network can potentially decrease the occurrence of this threat
and its entry into the network.
Consequence High.
Likelihood Moderate.
Outcome
Making the business go on a halt for limited period until the
ransom is given and the password is provided by the
hacker.
Control measures (students can revise this part and provide their own desired
controls-some examples are as follows)
Detective
controls
Constant monitoring over the entry points of the network to
check the entry of such attacks.
Corrective
controls
Checking over the resources that have been attacked and
paying the ransom to get hold of those resources.
Preventive Usage of Consistency of Mitigation” for monitoring over the
network to identify such bad elements and their existence
and to mitigate them straightaway.
Document Page
11ADVANCED MEDICOS LIMITED SECURITY
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Installing a firewall Firewall
hardware
Chief
information
security officer
(CISO)’s name
CISO signature
and date
REVIEW
Scheduled review date: / /
Are the control measures in place?
Yes
Are the controls eliminating/minimising the risk?
Yes
Are there any new problems with the risk?
At present, there is no existence of any new problem associated with the risk and the
currently existing infrastructure is well settled to defend the network against this particular
risk.
2.4. Risk Assessment Table:
Item
numb
er
Observati
on
Threat
source
Existing
controls
Likeli
hood
(1-5)
Impact
(1-5)
Risk
Rating
(1-25)
Controls
1 Passwords
to the
computers
can be
guessed or
cracked.
Cyber
criminals or
hackers.
Various
combinati
on of
passwords
that need
to be
given.
4 5 20 Installation
of
antivirus
software to
prevent
unauthoriz
ed access.
2 Unnecessa
ry running
of services
on the web
server.
Unnecessar
y services
None. 3 4 12 Installation
of firewall
to keep a
constant
monitoring
over the
entry
points
(Sapienza
Document Page
12ADVANCED MEDICOS LIMITED SECURITY
et al.
2018).
3 Locking of
system in
return of
ransom.
Online
cybercrimin
al.
None. 3 5 15 Installation
of
antivirus
software to
prevent
such sites
from
where
Ransomwa
re can get
in to the
systems.
4 Stealing of
sensitive
informatio
n on the
computer.
Online
hackers.
None. 2 5 10 No
clicking on
untrusted
links or
accessing
unauthoriz
ed
websites.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
13ADVANCED MEDICOS LIMITED SECURITY
3. References:
Abrahamsen, E.B., Pettersen, K., Aven, T., Kaufmann, M. and Rosqvist, T., 2017. A
framework for selection of strategy for management of security measures. Journal of Risk
Research, 20(3), pp.404-417.
Blakemore, B., 2016. Policing cyber hate, cyber threats and cyber terrorism. Routledge.
Chen, H. and Song, Z., 2016, August. Secure Information Assets with Data: An Information
Security Governance Framework Using Orchestrated Data Analytics from a Holistic
Perspective. In 2016 International Conference on Computer Science and Electronic
Technology. Atlantis Press.
Das, R. and De Guise, P., 2019. Protecting Information Assets and IT Infrastructure in the
Cloud. CRC Press.
Evans, L., 2016. Protecting information assets using ISO/IEC security standards. Information
Management, 50(6), p.28.
Kirichenko, L., Radivilova, T. and Carlsson, A., 2018. Detecting cyber threats through social
network analysis: short survey. arXiv preprint arXiv:1805.06680.
Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to
protect network systems against cyber threats [future directions]. IEEE Consumer
Electronics Magazine, 6(4), pp.24-27.
Safa, N.S., Von Solms, R. and Futcher, L., 2016. Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp.15-18.
Document Page
14ADVANCED MEDICOS LIMITED SECURITY
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K. and Ferrara, E., 2017,
November. Early warnings of cyber threats in online discussions. In 2017 IEEE International
Conference on Data Mining Workshops (ICDMW) (pp. 667-674). IEEE.
Sapienza, A., Ernala, S.K., Bessi, A., Lerman, K. and Ferrara, E., 2018, April. Discover:
Mining online chatter for emerging cyber threats. In Companion Proceedings of the The Web
Conference 2018 (pp. 983-990).
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of
information security risk assessment (ISRA). Computers & security, 57, pp.14-30.
Wressell, J.A., Rasmussen, B. and Driscoll, A., 2018. Exploring the workplace violence risk
profile for remote area nurses and the impact of organisational culture and risk management
strategy. Collegian, 25(6), pp.601-606.
1 out of 15
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]