Cyber Security Risk Assessment Report for Gigantic Corporation
VerifiedAdded on 2024/07/01
|22
|6864
|181
AI Summary
This report presents a comprehensive cyber security risk assessment for Gigantic Corporation, conducted by a lead consultant in IT risk assessment. It delves into the threats, vulnerabilities, and consequences associated with cyber security risks, providing a detailed analysis of the organization's current security posture. The report also outlines mitigation strategies, recommendations, and protection mechanisms to enhance the organization's cyber resilience. It aims to bridge the gap between technical experts and stakeholders, translating technical risks into business language for effective decision-making. The report covers various aspects of cyber security, including unauthorized access, spoofing, jamming, denial-of-service attacks, malicious code, and man-in-the-middle attacks. It also examines the vulnerabilities of the organization's network infrastructure, data storage, and operational processes. The report concludes with a summary of the findings, recommendations for improvement, and a discussion of the importance of ongoing cyber security risk management.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ITC 596: IT RISK MANAGEMENT
ASSESSMENT 3
Cyber security
1
ASSESSMENT 3
Cyber security
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Executive summary......................................................................................................................... 3
1. Introduction..................................................................................................................................6
2. Overview of risk assessment....................................................................................................... 8
3. Risk Assessment based on Threat, Vulnerability, and Consequences.........................................9
3.1 Risk Assessment.................................................................................................................... 9
3.2 Key threat agents..................................................................................................................10
3.3 Mitigating the risks.............................................................................................................. 16
3.4 Recommendations................................................................................................................ 16
4. Summary....................................................................................................................................18
4.1 Literature review of protection mechanism.........................................................................18
5. Conclusion................................................................................................................................. 20
6. References..................................................................................................................................21
2
Executive summary......................................................................................................................... 3
1. Introduction..................................................................................................................................6
2. Overview of risk assessment....................................................................................................... 8
3. Risk Assessment based on Threat, Vulnerability, and Consequences.........................................9
3.1 Risk Assessment.................................................................................................................... 9
3.2 Key threat agents..................................................................................................................10
3.3 Mitigating the risks.............................................................................................................. 16
3.4 Recommendations................................................................................................................ 16
4. Summary....................................................................................................................................18
4.1 Literature review of protection mechanism.........................................................................18
5. Conclusion................................................................................................................................. 20
6. References..................................................................................................................................21
2
Executive summary
The report is reflected by an IT risk assessment lead consultant to the Gigantic Corporation’s
management system. This report describes a cyber security system which aims to provide
security and protection from cyber attacks and crimes. The report also involves the translation of
technical risks in the form of business language for facilitating effectual decision making. The
report also describes the interfacing between technical experts and stakeholders. The report is
based on management of risks that occur due to an implementation of cyber security project. The
report discusses policies and procedures of an organization in the context of cyber security.
The main part of report covers the purpose, scope, overview of technology and risk assessment.
In this report, the cyber security system is described as the risk assessment project which
involves various pros and cons. An overview of risk assessment is described along with their
cause and effects. The risk management approaches and methods also provided with some risks
and threats. The impact of threats and vulnerabilities are also described in the below report along
with threat agents. The losses of confidential data and information are also described in risk
assessment project report. The report also explains a cyber security system of an organization
which leads to some risks and difficulties. The threats and their description are presented by a
table that defines different threats of cyber security. The vulnerabilities due to threat agents are
shown in a tabular form. The risk assessment area involves various factors with mitigation and
management procedures. The legal term and policies of company are also included for
initializing the risk assessment project.
The cyber security system is a design and practices which protects the networks and data from
the attack, damages, and authorized access. The effective cyber security reduces the threats of
attacks and protects businesses from unauthorized exploitation with respect to networks and
devices. This report provides a solution to identify attackers and criminals by using this risk
assessment approach. There are also some recommendations provided that impact the growth of
an organization. At last, a solution is provided along with some recommendations based on a risk
assessment report. A summary is described in the context of an overall report on the cyber
security of an organization. The overview of cyber security is explained as follows:
The cyber security plays a vital role in IT industry that manages network system to protect
information and data. The increasing technology and smart devices create complexity for
protection. The organization faces many challenges and risks with cyber security that decays the
potential growth as well as reputation. The internet connected systems include hardware and
software tools and data that might be protected through cyber security approach. The
organization leads to loss of computational data and physical data due to cyber attacks. The
unauthorized access of data and information can be protected through both physical and cyber
security system. The cyber system involves data loss and information theft due to external and
internal attacks. The cyber security comprises the information security that maintains the
confidential data and information of company which included in the risk management report.
Some recommendations are included in this report as mention below:
Information update
Follow the company's rules and procedures
Updating the software version
Insurance of cyber data
Website protection with security layers
3
The report is reflected by an IT risk assessment lead consultant to the Gigantic Corporation’s
management system. This report describes a cyber security system which aims to provide
security and protection from cyber attacks and crimes. The report also involves the translation of
technical risks in the form of business language for facilitating effectual decision making. The
report also describes the interfacing between technical experts and stakeholders. The report is
based on management of risks that occur due to an implementation of cyber security project. The
report discusses policies and procedures of an organization in the context of cyber security.
The main part of report covers the purpose, scope, overview of technology and risk assessment.
In this report, the cyber security system is described as the risk assessment project which
involves various pros and cons. An overview of risk assessment is described along with their
cause and effects. The risk management approaches and methods also provided with some risks
and threats. The impact of threats and vulnerabilities are also described in the below report along
with threat agents. The losses of confidential data and information are also described in risk
assessment project report. The report also explains a cyber security system of an organization
which leads to some risks and difficulties. The threats and their description are presented by a
table that defines different threats of cyber security. The vulnerabilities due to threat agents are
shown in a tabular form. The risk assessment area involves various factors with mitigation and
management procedures. The legal term and policies of company are also included for
initializing the risk assessment project.
The cyber security system is a design and practices which protects the networks and data from
the attack, damages, and authorized access. The effective cyber security reduces the threats of
attacks and protects businesses from unauthorized exploitation with respect to networks and
devices. This report provides a solution to identify attackers and criminals by using this risk
assessment approach. There are also some recommendations provided that impact the growth of
an organization. At last, a solution is provided along with some recommendations based on a risk
assessment report. A summary is described in the context of an overall report on the cyber
security of an organization. The overview of cyber security is explained as follows:
The cyber security plays a vital role in IT industry that manages network system to protect
information and data. The increasing technology and smart devices create complexity for
protection. The organization faces many challenges and risks with cyber security that decays the
potential growth as well as reputation. The internet connected systems include hardware and
software tools and data that might be protected through cyber security approach. The
organization leads to loss of computational data and physical data due to cyber attacks. The
unauthorized access of data and information can be protected through both physical and cyber
security system. The cyber system involves data loss and information theft due to external and
internal attacks. The cyber security comprises the information security that maintains the
confidential data and information of company which included in the risk management report.
Some recommendations are included in this report as mention below:
Information update
Follow the company's rules and procedures
Updating the software version
Insurance of cyber data
Website protection with security layers
3
Data backup on regular basis
Enable firewall network and firewall applications
Follow cyber security term and conditions
Check network authorization and protection
Installation of cameras and scanners at organizations
Prevention from data loss
The report also contains a brief summary of the risk management report which involves the
implementation of security processes. The result finds some methods for prevention and
mitigations that controls the cyber risks of an organization. The techniques and recommendations
are useful for financial growth as well as business growth.
The mitigation steps and recommendations are described for improvement in cyber security
network system which can identify the threats and risk. The risk measures and their controls also
implemented with the help of some mitigation strategies and recommendations.
System maintenance and physical security
Identify external and internal attackers
Improve the security policies
Password generation and layer prevention
Documentation for legal policies and accessing of information
Protect website and information with the segmentation method
Develop a training system for employees
Employ strict policies for vendor and outsiders
Monitoring of cyber prevention system
Use IPS and IDS for protection
Installation of the latest version of the software
Detection of malware and hackers
Use antivirus applications for strong security
Identify the criminal activity through spam emails and unauthorized user
Risk prevention devices and planning
Prevent organization information from unauthorized access
Plan a risk management regarding IT industry
The cyber security risk assessment report also includes the summary of the overall report which
depicts some protection mechanisms. The protection mechanisms are introduced for increasing
the network security of an organization. Some key points are included in the protection
mechanism that allows the user to develop in the cyber system.
The protection mechanism overview involves some key methods for improvement as shown
below:
Encryption of data
Enabling firewalls
Employ a protection layer and protection sphere
Use of intrusion prevention and intrusion detection
Scanning and auditing process
Vulnerability scanners
Backup of data
4
Enable firewall network and firewall applications
Follow cyber security term and conditions
Check network authorization and protection
Installation of cameras and scanners at organizations
Prevention from data loss
The report also contains a brief summary of the risk management report which involves the
implementation of security processes. The result finds some methods for prevention and
mitigations that controls the cyber risks of an organization. The techniques and recommendations
are useful for financial growth as well as business growth.
The mitigation steps and recommendations are described for improvement in cyber security
network system which can identify the threats and risk. The risk measures and their controls also
implemented with the help of some mitigation strategies and recommendations.
System maintenance and physical security
Identify external and internal attackers
Improve the security policies
Password generation and layer prevention
Documentation for legal policies and accessing of information
Protect website and information with the segmentation method
Develop a training system for employees
Employ strict policies for vendor and outsiders
Monitoring of cyber prevention system
Use IPS and IDS for protection
Installation of the latest version of the software
Detection of malware and hackers
Use antivirus applications for strong security
Identify the criminal activity through spam emails and unauthorized user
Risk prevention devices and planning
Prevent organization information from unauthorized access
Plan a risk management regarding IT industry
The cyber security risk assessment report also includes the summary of the overall report which
depicts some protection mechanisms. The protection mechanisms are introduced for increasing
the network security of an organization. Some key points are included in the protection
mechanism that allows the user to develop in the cyber system.
The protection mechanism overview involves some key methods for improvement as shown
below:
Encryption of data
Enabling firewalls
Employ a protection layer and protection sphere
Use of intrusion prevention and intrusion detection
Scanning and auditing process
Vulnerability scanners
Backup of data
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Software updating process and installation
Secure customer data and information
The conclusion also included in the risk management report which describes the overall project
implementation process in IT risk assessment control framework. The risk control techniques
and methods also defined regarding in an organization. Cyber security risk assessment and
management helps the corporation from data and information loss.
5
Secure customer data and information
The conclusion also included in the risk management report which describes the overall project
implementation process in IT risk assessment control framework. The risk control techniques
and methods also defined regarding in an organization. Cyber security risk assessment and
management helps the corporation from data and information loss.
5
1. Introduction
The risk with technology is increasing day by day as mentioned in the IT risk assessment report.
The report is based on Risk assessment in IT Corporation with cyber security. As a lead
consultant of ‘IT risk assessment’ in Gigantic Corporation cyber security, the management report
is described. The detail information of cyber security in Gigantic Corporation has been presented
with management report. The term cyber security defines the management and mitigation of risk
assessment in organizations to protect their critical assets. The cyber security is a priority for any
organization to protect their data and information form hacking. The cyber risk is increasing
rapidly in few organizations that impact the organization’s assets. The risk management of cyber
security system describes threats and vulnerabilities.
The cyber security plays a vital role in IT industry that manages network system to protect
information and data. The increasing technology and smart devices create complexity for
protection. The internet connected systems include hardware and software tools and data that
might be protected through cyber security approach. The organizations face many difficulties
due to loss of computational data and physical data. Cyber system creates several risks in
transferring and receiving the data that can mitigate through cyber security model and
approaches (Ashibani, et. al., 2107). Cyber security also involves the cyberspace which utilizes
electronic communication medium for online global network system with the help of virtual
networks. The Cyberspace is a big platform of computer networks which provide facility to
employ IP and TCP protocols for exchanging the worldwide information through
communication. The virtual world and interactive environment is the main feature of cyberspace
which provides a wide range of network over the worldwide.
A cyberspace helps user to provide different communication medium via various methods and
techniques. It also permits users to exchange the information, interaction, switches ideas,
engagement of social activities; develop business ideas and other communication activity (Chen,
et. al., 2018). The cyberspace helps to control the risk and overcome the threats through an
interactive environment.
Purpose
The purpose of the report is to provide a risk assessment report on management by interfacing
between stakeholders of company and technologists. The report will explain the technical
difficulties in Gigantic Corporation with the cyber security. Apart from this, the threats,
vulnerabilities, and consequences also will be discussed on the behalf of IT control framework.
The impact of risk assessment with the result also will be identified for mitigation plan.
Project scope
The project scope includes some benefits of cyber security system in an organization where some
factors affect the security. The risk assessment is developed for interfacing of web applications
in a business environment. The risk management covers all policies and procedures of
organization which help to maintain the data and information. The assessment includes various
methods and models which lead to improving that cyber security system. It will help to protect
legal and confidential information of company. The cyber security risks impact the
organizational security and protection which identifies some threats and vulnerabilities. The
assessment report collects the all affecting factors to resolve the management issues.
6
The risk with technology is increasing day by day as mentioned in the IT risk assessment report.
The report is based on Risk assessment in IT Corporation with cyber security. As a lead
consultant of ‘IT risk assessment’ in Gigantic Corporation cyber security, the management report
is described. The detail information of cyber security in Gigantic Corporation has been presented
with management report. The term cyber security defines the management and mitigation of risk
assessment in organizations to protect their critical assets. The cyber security is a priority for any
organization to protect their data and information form hacking. The cyber risk is increasing
rapidly in few organizations that impact the organization’s assets. The risk management of cyber
security system describes threats and vulnerabilities.
The cyber security plays a vital role in IT industry that manages network system to protect
information and data. The increasing technology and smart devices create complexity for
protection. The internet connected systems include hardware and software tools and data that
might be protected through cyber security approach. The organizations face many difficulties
due to loss of computational data and physical data. Cyber system creates several risks in
transferring and receiving the data that can mitigate through cyber security model and
approaches (Ashibani, et. al., 2107). Cyber security also involves the cyberspace which utilizes
electronic communication medium for online global network system with the help of virtual
networks. The Cyberspace is a big platform of computer networks which provide facility to
employ IP and TCP protocols for exchanging the worldwide information through
communication. The virtual world and interactive environment is the main feature of cyberspace
which provides a wide range of network over the worldwide.
A cyberspace helps user to provide different communication medium via various methods and
techniques. It also permits users to exchange the information, interaction, switches ideas,
engagement of social activities; develop business ideas and other communication activity (Chen,
et. al., 2018). The cyberspace helps to control the risk and overcome the threats through an
interactive environment.
Purpose
The purpose of the report is to provide a risk assessment report on management by interfacing
between stakeholders of company and technologists. The report will explain the technical
difficulties in Gigantic Corporation with the cyber security. Apart from this, the threats,
vulnerabilities, and consequences also will be discussed on the behalf of IT control framework.
The impact of risk assessment with the result also will be identified for mitigation plan.
Project scope
The project scope includes some benefits of cyber security system in an organization where some
factors affect the security. The risk assessment is developed for interfacing of web applications
in a business environment. The risk management covers all policies and procedures of
organization which help to maintain the data and information. The assessment includes various
methods and models which lead to improving that cyber security system. It will help to protect
legal and confidential information of company. The cyber security risks impact the
organizational security and protection which identifies some threats and vulnerabilities. The
assessment report collects the all affecting factors to resolve the management issues.
6
Apart from this, the cyber security model is useful for maintaining, transmitting and receiving
the data and information with control measures and these are also useful for prevention of loss
and damage. The organizational security system analyses some threat agents and attackers but
according to provided scenario, the technologist and stakeholders will discuss some
recommendations. These recommendations will helpful for enhancing security in Gigantic
Corporation and prevent financial loss.
7
the data and information with control measures and these are also useful for prevention of loss
and damage. The organizational security system analyses some threat agents and attackers but
according to provided scenario, the technologist and stakeholders will discuss some
recommendations. These recommendations will helpful for enhancing security in Gigantic
Corporation and prevent financial loss.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2. Overview of risk assessment
The IT risk assessment in an organization identifies and controls the technical difficulties and
risks that occur due to cyber attacks. The risk assessment and their management are useful for
prevention form loss of data and security. The management of risk will help in improving the
cyber security in organizations that will also save both time and money (Alali, et. al., 2018).
Figure 1: Model for risk assessment
Source: (Mani, et. al., 2015)
The risk assessment model presents the several threats and source which creates some threat
event. The benefit of this model involves some security controls and their vulnerabilities that
affect the organizational growth.
The strategies and plans for identifying and removing the cyber risks in an organization with an
opinion of decision makers & technologists:
Identifying cyber risk an organization's assets that could be affected form attacks.
Identify the cyber risks and their impact on organization so the decision makers can
implement their ideas (Abdo, et. al., 2018).
Analyze the risk management and security plans for the protection of assets and values.
Evaluate security threats and challenges that can be occurred due to cyber attacks.
Plan a strategy of security risk management that can prevent form losses of data.
Recognize the threats in a particular system and plan a strategy for execution with
recommendation.
Recognize the vulnerability of the cyber security system and find out the solutions.
Provide security measures and controls, bug fixes and mitigations for risk management in
IT sector.
Design a protocol for minimizing the risk assessment and cyber security system.
The management of IT risk includes the appropriate methods for execution the cyber risk with
technical team (Mayer, et. al., 2018). Some threats and vulnerabilities can be identified through
cyber security components.
8
The IT risk assessment in an organization identifies and controls the technical difficulties and
risks that occur due to cyber attacks. The risk assessment and their management are useful for
prevention form loss of data and security. The management of risk will help in improving the
cyber security in organizations that will also save both time and money (Alali, et. al., 2018).
Figure 1: Model for risk assessment
Source: (Mani, et. al., 2015)
The risk assessment model presents the several threats and source which creates some threat
event. The benefit of this model involves some security controls and their vulnerabilities that
affect the organizational growth.
The strategies and plans for identifying and removing the cyber risks in an organization with an
opinion of decision makers & technologists:
Identifying cyber risk an organization's assets that could be affected form attacks.
Identify the cyber risks and their impact on organization so the decision makers can
implement their ideas (Abdo, et. al., 2018).
Analyze the risk management and security plans for the protection of assets and values.
Evaluate security threats and challenges that can be occurred due to cyber attacks.
Plan a strategy of security risk management that can prevent form losses of data.
Recognize the threats in a particular system and plan a strategy for execution with
recommendation.
Recognize the vulnerability of the cyber security system and find out the solutions.
Provide security measures and controls, bug fixes and mitigations for risk management in
IT sector.
Design a protocol for minimizing the risk assessment and cyber security system.
The management of IT risk includes the appropriate methods for execution the cyber risk with
technical team (Mayer, et. al., 2018). Some threats and vulnerabilities can be identified through
cyber security components.
8
3. Risk Assessment based on Threat, Vulnerability, and Consequences
3.1 Risk Assessment
The term threat to cyber security defines a serious or possible danger that causes harm to the
network system. Some threats of cyber security system that may or may not occur in corporation
are mentioned below:
Unauthorized access of data - The unauthorized access in the cyber security system of a
company can be harmful to information leakage. Unauthorized access includes the access
to websites, systems, server and programs with the help of another ID and account. The
hackers can easily detect or identify the pin or password for access the confidential data
(Shin, et. al., 2017).
Spoofing of credentials- The malicious person or party is the main cause of spoofing
that loss the data. A spoofing attack occurs in a cyber security system when a suspicious
or unauthorized user attacks on the network system. It may be in any form such as
website spoofing, e-mail spoofing, password spoofing, and IP spoofing.
Jamming- The jamming attack on cyber security impacts the security system of an
organization that leads to loss of information. Jamming breaks the signal and information
that impacts the communication system of an organization.
Denial-of-service (DoS) attack- Hackers and attackers send request to network for
authentication of accessing legal data. In cyber security system, the DoS prevent service
from attack but it interrupts a specific system.
Malicious attack- In cyber security system, a malicious code is used to theft data and
damages the security system. It generates vulnerabilities in the system that causes the
potential damage to security.
Man-in-the-middle attack- In cyber security system, the man-in-the-middle attack uses
to interrupt connection between the two-person or parties. The attackers relay the
communication and steal the confidential information through a conversation between
two parties.
The threats and risks are identified through evaluation of a cyber security framework which
describes different stages of risk and threat occurrence. The frame involves the steps to identify
the risk to their recovery mechanisms. The below framework describes the process of cyber
security which will be helpful for risk assessment project and risk management. The cyber
security in organization utilizes the below framework to execute the project in risk management
which will help in dealing with technical difficulties that occurs due to physical or non-physical
risk (Chen, et. al., 2018).
9
3.1 Risk Assessment
The term threat to cyber security defines a serious or possible danger that causes harm to the
network system. Some threats of cyber security system that may or may not occur in corporation
are mentioned below:
Unauthorized access of data - The unauthorized access in the cyber security system of a
company can be harmful to information leakage. Unauthorized access includes the access
to websites, systems, server and programs with the help of another ID and account. The
hackers can easily detect or identify the pin or password for access the confidential data
(Shin, et. al., 2017).
Spoofing of credentials- The malicious person or party is the main cause of spoofing
that loss the data. A spoofing attack occurs in a cyber security system when a suspicious
or unauthorized user attacks on the network system. It may be in any form such as
website spoofing, e-mail spoofing, password spoofing, and IP spoofing.
Jamming- The jamming attack on cyber security impacts the security system of an
organization that leads to loss of information. Jamming breaks the signal and information
that impacts the communication system of an organization.
Denial-of-service (DoS) attack- Hackers and attackers send request to network for
authentication of accessing legal data. In cyber security system, the DoS prevent service
from attack but it interrupts a specific system.
Malicious attack- In cyber security system, a malicious code is used to theft data and
damages the security system. It generates vulnerabilities in the system that causes the
potential damage to security.
Man-in-the-middle attack- In cyber security system, the man-in-the-middle attack uses
to interrupt connection between the two-person or parties. The attackers relay the
communication and steal the confidential information through a conversation between
two parties.
The threats and risks are identified through evaluation of a cyber security framework which
describes different stages of risk and threat occurrence. The frame involves the steps to identify
the risk to their recovery mechanisms. The below framework describes the process of cyber
security which will be helpful for risk assessment project and risk management. The cyber
security in organization utilizes the below framework to execute the project in risk management
which will help in dealing with technical difficulties that occurs due to physical or non-physical
risk (Chen, et. al., 2018).
9
Figure 2: Cyber security framework
Source: (www.threatprotect.co.uk, 2018)
Some threats and threat agents are defined in below table with their impact on risk assessment
project. The below threats depicts the losses and harms which are the main cause of cybercrime.
3.2 Key threat agents
The threat agent could be any human or malicious attacker or can say a system application and
software which create threats in cyber security. The threat agents are mentioned below:
Terrorists
Malicious codes
Hackers and attackers
Organization’s employees
Corporation competitor
Thieves and robbers
Software applications
Viruses
Malware
Table 1: Threat Agents
Threats Threat agents Description Impact
Buffer overflow or
Denial of service
attack
Professional
criminals and
terrorists
This kind of threat
leads to legal loss of
organizations data.
High
Bypass Thief and This leads to damage High
10
Source: (www.threatprotect.co.uk, 2018)
Some threats and threat agents are defined in below table with their impact on risk assessment
project. The below threats depicts the losses and harms which are the main cause of cybercrime.
3.2 Key threat agents
The threat agent could be any human or malicious attacker or can say a system application and
software which create threats in cyber security. The threat agents are mentioned below:
Terrorists
Malicious codes
Hackers and attackers
Organization’s employees
Corporation competitor
Thieves and robbers
Software applications
Viruses
Malware
Table 1: Threat Agents
Threats Threat agents Description Impact
Buffer overflow or
Denial of service
attack
Professional
criminals and
terrorists
This kind of threat
leads to legal loss of
organizations data.
High
Bypass Thief and This leads to damage High
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
authentication professional attackers to the security
system.
Unauthorized access Malicious attacker The unauthorized
access impacts on the
network system and
cause of data loss.
High
Jamming Professional hackers The system or
network requires the
large setup of
equipment and
communication
medium which
affects the
transmission of data.
High
Man-in-the-middle
attack
Attackers The attacker collects
information that
causes the
information & legal
loss.
High
Malicious code Malicious hacker and
coder
The malicious code
creates viruses in a
cyber system that
leads to corrupt files
and data.
High
Analysis:
The above table explains the various threats of cyber security that are the main cause of risks.
The threat agent is also described which creates threats in cyber security of an organization and
impacts of threats on system and network is also presented. The above table describes the threats
analysis with threat actors.
Table 2: Risk assessment, threats, and vulnerabilities
S. No. Risk asset Vulnerability Threat Value of asset
1. Networks Wrong identity Unauthorized
access to data
4
2. Networks Wrong identity Man-in-middle
attack
4
11
system.
Unauthorized access Malicious attacker The unauthorized
access impacts on the
network system and
cause of data loss.
High
Jamming Professional hackers The system or
network requires the
large setup of
equipment and
communication
medium which
affects the
transmission of data.
High
Man-in-the-middle
attack
Attackers The attacker collects
information that
causes the
information & legal
loss.
High
Malicious code Malicious hacker and
coder
The malicious code
creates viruses in a
cyber system that
leads to corrupt files
and data.
High
Analysis:
The above table explains the various threats of cyber security that are the main cause of risks.
The threat agent is also described which creates threats in cyber security of an organization and
impacts of threats on system and network is also presented. The above table describes the threats
analysis with threat actors.
Table 2: Risk assessment, threats, and vulnerabilities
S. No. Risk asset Vulnerability Threat Value of asset
1. Networks Wrong identity Unauthorized
access to data
4
2. Networks Wrong identity Man-in-middle
attack
4
11
3. Networks Wrong identity Spoofing of
credentials
4
4. Check in
procedure
Back up issue Malicious attack 4
5. Scanners and
detectors
Weak network
communication
Jamming 3
6. State databases Capacity of
device
Denial of service
attack
4
7. State databases Lack of
transparency
principle
Data access in
an unauthorized
way
4
Analysis:
The above table evaluates the risk assessment, threats, and vulnerabilities along with asset value.
Each threat explains the vulnerability and asset value and also defines which risk is assessed
according to threat.
Cyber security risks
Online transactions, emails, online marketing, social media, and other online activities are the
main causes of cyber security risk that affects the management and financial growth of company.
A ‘cyber risk’ in an organization occurs due to cyber security system errors and some threats.
The loss of data and damages in IT system affects the reputation of company as well as financial
growth. The value of threats and vulnerability explains the actual risk in which various harmful
elements are included. A risk in cyber security leads to cyber loss which affects the security,
trust, and information (Ganin, et. al., 2017).
Some common security risks and threats are described as follows:
Viruses- The viruses are any kind of software and program that transferred into a system for
corrupting the files and data. The virus can delete and corrupt the system and its program and
also damage the information.
Malicious spyware- This type of threat is generated by cyber attackers or criminals to discover
the information of victims. The Trojan application is useful for malicious spyware.
Botnet- Hackers and attackers create a group that connects each computer to internet with the
help of Trojan horse and it is called a zombie. These botnets increases virus attacks in the cyber
security system as well as denial of attack.
Spam- The spam is an unnecessary message that arrives in the email or email inbox. It is process
of sending and receiving information in unauthorized way and creates junk mails. It can cause
security and information loss due to frauds.
12
credentials
4
4. Check in
procedure
Back up issue Malicious attack 4
5. Scanners and
detectors
Weak network
communication
Jamming 3
6. State databases Capacity of
device
Denial of service
attack
4
7. State databases Lack of
transparency
principle
Data access in
an unauthorized
way
4
Analysis:
The above table evaluates the risk assessment, threats, and vulnerabilities along with asset value.
Each threat explains the vulnerability and asset value and also defines which risk is assessed
according to threat.
Cyber security risks
Online transactions, emails, online marketing, social media, and other online activities are the
main causes of cyber security risk that affects the management and financial growth of company.
A ‘cyber risk’ in an organization occurs due to cyber security system errors and some threats.
The loss of data and damages in IT system affects the reputation of company as well as financial
growth. The value of threats and vulnerability explains the actual risk in which various harmful
elements are included. A risk in cyber security leads to cyber loss which affects the security,
trust, and information (Ganin, et. al., 2017).
Some common security risks and threats are described as follows:
Viruses- The viruses are any kind of software and program that transferred into a system for
corrupting the files and data. The virus can delete and corrupt the system and its program and
also damage the information.
Malicious spyware- This type of threat is generated by cyber attackers or criminals to discover
the information of victims. The Trojan application is useful for malicious spyware.
Botnet- Hackers and attackers create a group that connects each computer to internet with the
help of Trojan horse and it is called a zombie. These botnets increases virus attacks in the cyber
security system as well as denial of attack.
Spam- The spam is an unnecessary message that arrives in the email or email inbox. It is process
of sending and receiving information in unauthorized way and creates junk mails. It can cause
security and information loss due to frauds.
12
Malware- the malicious software and programs use for corrupt the system for an example
spyware, viruses, Trojan horses and worms. The malware affects the security system as well as
data loss. It steals the useful information and controls the whole cyber system.
Phishing- the cyber criminals uses phishing that represents them an authorized company and
website. It could be in any form such as emails and messages that are used to steal data and
information by criminals.
Computer worm- it is a type of software that copies all data from one computer to another
without human interference. Worms are used to copy any information in less time that causes
loss of system as well as security.
Vulnerabilities
The word vulnerability refers to weakness that arises in organization due to some failure. This
failure can be either weakness in management or system. In the context of cyber security, the
vulnerabilities of system occur due to failure of system and threats (Ficco, et. al., 2017). The
vulnerability creates by a threat actor that leads to risk of cyber security. There are some
examples that describe the vulnerabilities as follows:
Failure of system and network
Transmission of data mistake
Data encryption mistake
SQL injection
Missing authentication
Buffer overflow
Authorization failure
Bugs and viruses
Downloading unauthorized files and websites
URL redirection and path traversal
Vulnerabilities General threats & risks Consequences
Network infrastructure Spoofing attack It leads to data losses and
damages the network system.
Man in the middle attack It harms the communication
system and leaks the
confidential information.
Daniel of services attack It affects the host and loss of
legal information.
Worm & viruses Viruses corrupt the files and
system software. It also harms
the software applications.
13
spyware, viruses, Trojan horses and worms. The malware affects the security system as well as
data loss. It steals the useful information and controls the whole cyber system.
Phishing- the cyber criminals uses phishing that represents them an authorized company and
website. It could be in any form such as emails and messages that are used to steal data and
information by criminals.
Computer worm- it is a type of software that copies all data from one computer to another
without human interference. Worms are used to copy any information in less time that causes
loss of system as well as security.
Vulnerabilities
The word vulnerability refers to weakness that arises in organization due to some failure. This
failure can be either weakness in management or system. In the context of cyber security, the
vulnerabilities of system occur due to failure of system and threats (Ficco, et. al., 2017). The
vulnerability creates by a threat actor that leads to risk of cyber security. There are some
examples that describe the vulnerabilities as follows:
Failure of system and network
Transmission of data mistake
Data encryption mistake
SQL injection
Missing authentication
Buffer overflow
Authorization failure
Bugs and viruses
Downloading unauthorized files and websites
URL redirection and path traversal
Vulnerabilities General threats & risks Consequences
Network infrastructure Spoofing attack It leads to data losses and
damages the network system.
Man in the middle attack It harms the communication
system and leaks the
confidential information.
Daniel of services attack It affects the host and loss of
legal information.
Worm & viruses Viruses corrupt the files and
system software. It also harms
the software applications.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Dependency of power system Buffer overflow The malicious actor creates this
problem through overwrite an
excess of data.
Malicious attack This attack leads to potential
damage to security system
through malicious codes.
System breakdown It impacts the production
system in an organization.
Inappropriate protection Jamming Jamming creates problem in
signal transmission and
reception and it is cause of
international intrusion in a
network.
Man-in-the-middle attack Interference in communication
and secretly theft of personal
conversion of two persons.
Spoofing of credentials Loss of data
System damage
Security break
DoS attack Loss of legal data
Publically accessible channels Jamming Transmission and reception of
information is the main problem
Unauthorized data access Loss of personal ID and
passwords
Malicious code It creates a virus and damages
the system applications
Flood and buffer overflow Excess of data
Space consuming
Security affects
Analysis:
The above table represents the different vulnerabilities and their areas in cyber security along
with each threat and risk of project and system. Some common risks and threats are analyzed that
14
problem through overwrite an
excess of data.
Malicious attack This attack leads to potential
damage to security system
through malicious codes.
System breakdown It impacts the production
system in an organization.
Inappropriate protection Jamming Jamming creates problem in
signal transmission and
reception and it is cause of
international intrusion in a
network.
Man-in-the-middle attack Interference in communication
and secretly theft of personal
conversion of two persons.
Spoofing of credentials Loss of data
System damage
Security break
DoS attack Loss of legal data
Publically accessible channels Jamming Transmission and reception of
information is the main problem
Unauthorized data access Loss of personal ID and
passwords
Malicious code It creates a virus and damages
the system applications
Flood and buffer overflow Excess of data
Space consuming
Security affects
Analysis:
The above table represents the different vulnerabilities and their areas in cyber security along
with each threat and risk of project and system. Some common risks and threats are analyzed that
14
shows specific vulnerability and their consequences. The description of consequences defines the
impact of threats on the development of a cyber security risk assessment project.
Elements of the cyber security
There are some elements are involved in cyber security that described as follows:
Application security-
It is used to protect the software and hardware applications from damages and threats. The threat
can be in any form such as failure of devices, Does attack and malicious codes.
Network security-
This kind of security involves the network system protection in which network system of an
organization gets protected through any external or internal attackers (Alguliyev, et. al., 2018).
Information security-
The information security includes some strategies which help in managing documents, tools,
counter threat and data in the form of digital or non-digital document (Nurse, et. al., 2017). The
main aim of information security is to protect confidential and legal data of employees as well as
company.
Plan for disaster recovery-
This plan explains the safety measures to reduce the effect of any kind of tragedy and loss. It is
an approach or method for instructions that involves the disaster recovery plans and strategies.
Operational security-
This security element is also known as ‘OPSEC’ in which information assets are classified. It is
used to protect and secure the information assets that commonalty uses in many private business
sectors. The operation security process consists of five steps as follows:
Identification of critical information
Determination of threats
Examine vulnerabilities
Risk assessment
Apply suitable method for mitigation
Figure 3: Operational security process
15
Information identification
identify threat
Examine vulnerabilities
Risk assesment
Implementation
impact of threats on the development of a cyber security risk assessment project.
Elements of the cyber security
There are some elements are involved in cyber security that described as follows:
Application security-
It is used to protect the software and hardware applications from damages and threats. The threat
can be in any form such as failure of devices, Does attack and malicious codes.
Network security-
This kind of security involves the network system protection in which network system of an
organization gets protected through any external or internal attackers (Alguliyev, et. al., 2018).
Information security-
The information security includes some strategies which help in managing documents, tools,
counter threat and data in the form of digital or non-digital document (Nurse, et. al., 2017). The
main aim of information security is to protect confidential and legal data of employees as well as
company.
Plan for disaster recovery-
This plan explains the safety measures to reduce the effect of any kind of tragedy and loss. It is
an approach or method for instructions that involves the disaster recovery plans and strategies.
Operational security-
This security element is also known as ‘OPSEC’ in which information assets are classified. It is
used to protect and secure the information assets that commonalty uses in many private business
sectors. The operation security process consists of five steps as follows:
Identification of critical information
Determination of threats
Examine vulnerabilities
Risk assessment
Apply suitable method for mitigation
Figure 3: Operational security process
15
Information identification
identify threat
Examine vulnerabilities
Risk assesment
Implementation
Source: (By Author)
Benefits of cyber security
It protects personal information of employees.
It helps to protect personal websites of an organization.
It is useful for employees to work in a safe environment.
It prevents from viruses and worms.
Cyber security provides protection from spyware.
Cyber security controls the management and enhances productivity.
It provides protection from cyber attacks and cyber crimes (Ficco, et. al., 2017).
It helps the technical experts in controlling crimes.
The cyber security provides security solution for IT industries.
3.3 Mitigating the risks
Elimination of external factors and network errors that causes any kind of revelation
Maintenance of system control and devices that are main cause of physical harm.
Data segmentation for secure and strong transmission.
Implementation of logging system for monitoring and set up the role-based access control
system.
Implementation of patches and update the software application program according to
necessity and recognize vulnerabilities.
Utilization of secure methods of remote access eg. Virtual Private Network.
Create strong passwords for protection.
Apply strict policies and rule for employees as well as vendors.
Develop a cyber security training system.
Detect the threats and implement security measures.
Plan a risk management for control the cyber risks and crimes.
3.4 Recommendations
The cyber security risk assessment project explains some risk recommendations for security of
organizations such as email security, social security, network security and authentication of
passwords. The recommendations are provided for security of employees as well as company so
that management and stakeholders can take a right decision. Some common recommendations
are mentioned below:
The installation of software should be proper and keep update the antivirus with patched
software.
The password should be complex and strong for every application of cyber security
system and change password once in year.
The email is a resource of information leakage so it should be limited and restricted from
which sensitive data and information cannot be delivered.
The social engineering also creates unauthorized access, so it is important to keep
knowledge about social media scams and frauds. The company should not be posted any
personal information on social media sites (Rege, et. al., 2018).
Backup of information and device security is also important for cyber security because it
protects the organizational information as well as data.
16
Benefits of cyber security
It protects personal information of employees.
It helps to protect personal websites of an organization.
It is useful for employees to work in a safe environment.
It prevents from viruses and worms.
Cyber security provides protection from spyware.
Cyber security controls the management and enhances productivity.
It provides protection from cyber attacks and cyber crimes (Ficco, et. al., 2017).
It helps the technical experts in controlling crimes.
The cyber security provides security solution for IT industries.
3.3 Mitigating the risks
Elimination of external factors and network errors that causes any kind of revelation
Maintenance of system control and devices that are main cause of physical harm.
Data segmentation for secure and strong transmission.
Implementation of logging system for monitoring and set up the role-based access control
system.
Implementation of patches and update the software application program according to
necessity and recognize vulnerabilities.
Utilization of secure methods of remote access eg. Virtual Private Network.
Create strong passwords for protection.
Apply strict policies and rule for employees as well as vendors.
Develop a cyber security training system.
Detect the threats and implement security measures.
Plan a risk management for control the cyber risks and crimes.
3.4 Recommendations
The cyber security risk assessment project explains some risk recommendations for security of
organizations such as email security, social security, network security and authentication of
passwords. The recommendations are provided for security of employees as well as company so
that management and stakeholders can take a right decision. Some common recommendations
are mentioned below:
The installation of software should be proper and keep update the antivirus with patched
software.
The password should be complex and strong for every application of cyber security
system and change password once in year.
The email is a resource of information leakage so it should be limited and restricted from
which sensitive data and information cannot be delivered.
The social engineering also creates unauthorized access, so it is important to keep
knowledge about social media scams and frauds. The company should not be posted any
personal information on social media sites (Rege, et. al., 2018).
Backup of information and device security is also important for cyber security because it
protects the organizational information as well as data.
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
A company should be aware of legal and ethical conditions that will protect from any
illegal crime and activity. Download only legal files from legal websites to secure the
information.
Cyber criminal can theft the data from machines by using machines and other devices.
Thus the personal data and information should not be saved in another device.
Apart from above recommendation, some important points are included as described below:
Recognize the drawbacks of system and management will be useful for project implementation
and risk control.
Identification of the risks and threats
Classification of the framework for risk management
Governance of security with implementation of project
Follow the government rule and policies and improve them, awareness of risk
management process and planning.
Insurance of company for future security and protection.
Provide training to each and every employee about risk management program.
Review of audit concerning security, separation of corporate information and customer
information (Chen, et. al., 2018).
Follow the cyber security policies for risk management and risk controls.
17
illegal crime and activity. Download only legal files from legal websites to secure the
information.
Cyber criminal can theft the data from machines by using machines and other devices.
Thus the personal data and information should not be saved in another device.
Apart from above recommendation, some important points are included as described below:
Recognize the drawbacks of system and management will be useful for project implementation
and risk control.
Identification of the risks and threats
Classification of the framework for risk management
Governance of security with implementation of project
Follow the government rule and policies and improve them, awareness of risk
management process and planning.
Insurance of company for future security and protection.
Provide training to each and every employee about risk management program.
Review of audit concerning security, separation of corporate information and customer
information (Chen, et. al., 2018).
Follow the cyber security policies for risk management and risk controls.
17
4. Summary
The protection mechanisms involve possible solutions which help in providing cyber security
and cyber insurance. Apart from this, another possible control devices are provided that enhances
security and authentication from illegal access. It can be installation of anti-virus, updating of
software application, use anti-malware, use updating version of software programs, keep strong
password, use follow security standards and policies, disaster recovery process also will help to
enhance the protection of organization as well as their data. The security mechanisms protect the
organizational and employees information with the help of recovery in cyber security system.
The threats and vulnerabilities in cyber system affect the business growth as well as company's
reputation (Settanni, et. al., 2017). The risk management also impacts on organizational
development which could because of many external and internal losses. These security methods
will help to improve the risk management system and implement latest cyber security techniques
for protection of organization reputation.
4.1 Literature review of protection mechanism-
Cyber security needs various techniques for protection in industries which helps in IT risk
management and risk control. The network security employs some protection mechanism that
supports the IT risk controls and their management. The report contains the IT risk assessment
for Gigantic Corporation for minimizing technical difficulties in a corporation. Some protection
mechanisms are described for cyber security and IT risk assessment as follows:
Protection spheres-
The layer of network architecture consists of protection layer after every layer of network that
prevents the unauthorized access. The in-built software firewalls and host IDPS supports the
technology from accessing the data.
Data encryption-
Encrypt the data to avoid attacks and also to provide confidential data and information. Router,
end system, and server will also be useful for encryption in network security. Use code as
encryption key to protect organization’s information and data (Rege, et. al., 2018).
Firewalls-
Use of firewalls in networks and applications provide security and protection from hacking and
steal of data. The firewall creates a boundary between the internet and an organizational network.
It implements the security policies at network system and protection layer (Radanliev, et. al.,
2018). A firewall is a useful device that allows http application for filter which helps in blocking
the malicious attack. Firewall uses filtering to provide protection from unnecessary traffic which
can harm the network and software applications.
Enabling IDS (Intrusion detection system) –
The IDS helps in detection of illegal activity at system administrator and identifies malicious
codes with the help of email and logging. The IDS works as a device for inspection of malicious
traffic and provide real-time network security and protection with the help of host monitoring.
Scanning and auditing –
Data collection is helpful for analyzing the activities of data in a network system which helps in
accessing the guest and host. Scanning helps in to identify the login & log out of user and
18
The protection mechanisms involve possible solutions which help in providing cyber security
and cyber insurance. Apart from this, another possible control devices are provided that enhances
security and authentication from illegal access. It can be installation of anti-virus, updating of
software application, use anti-malware, use updating version of software programs, keep strong
password, use follow security standards and policies, disaster recovery process also will help to
enhance the protection of organization as well as their data. The security mechanisms protect the
organizational and employees information with the help of recovery in cyber security system.
The threats and vulnerabilities in cyber system affect the business growth as well as company's
reputation (Settanni, et. al., 2017). The risk management also impacts on organizational
development which could because of many external and internal losses. These security methods
will help to improve the risk management system and implement latest cyber security techniques
for protection of organization reputation.
4.1 Literature review of protection mechanism-
Cyber security needs various techniques for protection in industries which helps in IT risk
management and risk control. The network security employs some protection mechanism that
supports the IT risk controls and their management. The report contains the IT risk assessment
for Gigantic Corporation for minimizing technical difficulties in a corporation. Some protection
mechanisms are described for cyber security and IT risk assessment as follows:
Protection spheres-
The layer of network architecture consists of protection layer after every layer of network that
prevents the unauthorized access. The in-built software firewalls and host IDPS supports the
technology from accessing the data.
Data encryption-
Encrypt the data to avoid attacks and also to provide confidential data and information. Router,
end system, and server will also be useful for encryption in network security. Use code as
encryption key to protect organization’s information and data (Rege, et. al., 2018).
Firewalls-
Use of firewalls in networks and applications provide security and protection from hacking and
steal of data. The firewall creates a boundary between the internet and an organizational network.
It implements the security policies at network system and protection layer (Radanliev, et. al.,
2018). A firewall is a useful device that allows http application for filter which helps in blocking
the malicious attack. Firewall uses filtering to provide protection from unnecessary traffic which
can harm the network and software applications.
Enabling IDS (Intrusion detection system) –
The IDS helps in detection of illegal activity at system administrator and identifies malicious
codes with the help of email and logging. The IDS works as a device for inspection of malicious
traffic and provide real-time network security and protection with the help of host monitoring.
Scanning and auditing –
Data collection is helpful for analyzing the activities of data in a network system which helps in
accessing the guest and host. Scanning helps in to identify the login & log out of user and
18
username as well as their entry record. It is a kind of vulnerability for a security policy that can
only examine through professionals.
Intrusion prevention system (IPS) –
The malicious attacks and activities in the network are monitored through an IPS system which
helps to block the attacks and activities. Enable IDPS will help to identify doubtful activity and
provide protection from harm.
Data backup-
The data backup is necessary for prevention from financial and economic loss of company. It is
the main cause of cyber as well as the company's loss which can be prevented through the online
backup of data and information on websites (Settanni, et. al., 2017).
19
only examine through professionals.
Intrusion prevention system (IPS) –
The malicious attacks and activities in the network are monitored through an IPS system which
helps to block the attacks and activities. Enable IDPS will help to identify doubtful activity and
provide protection from harm.
Data backup-
The data backup is necessary for prevention from financial and economic loss of company. It is
the main cause of cyber as well as the company's loss which can be prevented through the online
backup of data and information on websites (Settanni, et. al., 2017).
19
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5. Conclusion
The above report analyzed various techniques for cyber security IT risk management of Gigantic
Corporation. The IT experts and technologists evaluate the technical difficulties for IT risk
control and management which helps in decision making. The interaction of stakeholders and IT
lead consultant will produce an effective result. The report analyzed the risk management report
with the help of cyber security system which helps in detecting threats and risks. The
vulnerabilities also analyzed with help of asset values which describes the consequences of IT
risk management in an organization. The recommendation and mitigations are utilized for the
security and protection of cyber network system. The protection mechanisms are also examined
with recovery methods to prevent and control the network threats and risks. The backup of data,
malicious detection, IPS and IDS, software updating, training, authentication, auditing all are
described in above risk management project. The report also examined the legal risks of cyber
security in corporation which associated with privacy and security. The attacks and illegal
authentication is also considered in project implementation with control solution in cyber crimes.
The main objective of project is to implement cyber security policies in a risk management
framework which will be helpful for organizational growth and security of data. Cyber space is
also explained in brief with the benefits of network system. The report also examined some
common risks and threats in the form of malicious spyware, viruses, and malware. Cyber
security elements and benefits are also included in risk assessment. The risk assessment report is
analyzed with different methods which allow cyber security solutions such as firewalls, data
encryption, and proxy server. The overall implementation of cyber control measures is examined
in the project assessment project with the help of protection mechanisms. Evaluation of various
threats and threat agents also involved in a table format with the vulnerability assets. Cyber
security control framework involves the mitigation and protection methods to develop the
management project in organization.
20
The above report analyzed various techniques for cyber security IT risk management of Gigantic
Corporation. The IT experts and technologists evaluate the technical difficulties for IT risk
control and management which helps in decision making. The interaction of stakeholders and IT
lead consultant will produce an effective result. The report analyzed the risk management report
with the help of cyber security system which helps in detecting threats and risks. The
vulnerabilities also analyzed with help of asset values which describes the consequences of IT
risk management in an organization. The recommendation and mitigations are utilized for the
security and protection of cyber network system. The protection mechanisms are also examined
with recovery methods to prevent and control the network threats and risks. The backup of data,
malicious detection, IPS and IDS, software updating, training, authentication, auditing all are
described in above risk management project. The report also examined the legal risks of cyber
security in corporation which associated with privacy and security. The attacks and illegal
authentication is also considered in project implementation with control solution in cyber crimes.
The main objective of project is to implement cyber security policies in a risk management
framework which will be helpful for organizational growth and security of data. Cyber space is
also explained in brief with the benefits of network system. The report also examined some
common risks and threats in the form of malicious spyware, viruses, and malware. Cyber
security elements and benefits are also included in risk assessment. The risk assessment report is
analyzed with different methods which allow cyber security solutions such as firewalls, data
encryption, and proxy server. The overall implementation of cyber control measures is examined
in the project assessment project with the help of protection mechanisms. Evaluation of various
threats and threat agents also involved in a table format with the vulnerability assets. Cyber
security control framework involves the mitigation and protection methods to develop the
management project in organization.
20
6. References
Abdo, H., Kaouk, M., Flaus, J. M., & Masse, F. (2018). A safety/security risk analysis
approach of Industrial Control Systems: A cyber bowtie–combining new version of
attack tree with bowtie analysis. Computers & Security, 72, 175-195.
Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A., & Bhuiyan, M. Z. A. (2018).
Improving risk assessment model of cyber security using fuzzy logic inference
system. Computers & Security, 74, 323-339.
Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and
their security issues. Computers in Industry, 100, 212-223.
Ashibani, Y., & Mahmoud, Q. H. (2017). Cyber physical systems security: Analysis,
challenges, and solutions. Computers & Security, 68, 81-97.
Busby, J. S., Green, B., & Hutchison, D. (2017). Analysis of Affordance, Time, and
Adaptation in the Assessment of Industrial Control System Cybersecurity Risk. Risk
Analysis, 37(7), 1298-1314.
Celesti, A., Fazio, M., Galletta, A., Carnevale, L., Wan, J., & Villari, M. (2019). An
approach for the secure management of hybrid cloud–edge environments. Future
Generation Computer Systems, 90, 1-19.
Chen, Y., Hong, J., & Liu, C. C. (2018). Modelling of intrusion and defense for
assessment of cyber security at power substations. IEEE Transactions on Smart
Grid, 9(4), 2541-2552.
D’Andreagiovanni, M., Baiardi, F., Lipilini, J., Ruggieri, S., & Tonelli, F. (2017,
September). Sequential Pattern Mining for ICT Risk Assessment and Prevention.
In International Conference on Software Engineering and Formal Methods(pp. 25-39).
De Jong, M., Papaefthymiou, G., & Palensky, P. (2018). A framework for incorporation
of infeed uncertainty in power system risk-based security assessment. IEEE Transactions
on Power Systems, 33(1), 613-621.
Ficco, M., Choraś, M., & Kozik, R. (2017). Simulation platform for cyber-security and
vulnerability analysis of critical infrastructures. Journal of computational science, 22,
179-186.
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., &
Linkov, I. (2017). Multicriteria decision framework for cybersecurity risk assessment and
management. Risk Analysis.
Horcas, J. M., Pinto, M., & Fuentes, L. (2019). Context-Aware Energy-Efficient
Applications for Cyber-Physical Systems. Ad Hoc Networks, 82, 15-30.
Kim, J. (2017). Cyber-security in government: reducing the risk. Computer Fraud &
Security, 2017(7), 8-11.
Labunets, K., Massacci, F., Paci, F., Marczak, S., & de Oliveira, F. M. (2017). Model
comprehension for security risk assessment: an empirical comparison of tabular vs.
graphical representations. Empirical Software Engineering, 22(6), 3017-3056.
Matteini, A., Argenti, F., Salzano, E., & Cozzani, V. (2018). A comparative analysis of
security risk assessment methodologies for the chemical industry. Reliability Engineering
& System Safety.
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., & Wieringa, R. (2018).
An integrated conceptual model for information system security risk management
21
Abdo, H., Kaouk, M., Flaus, J. M., & Masse, F. (2018). A safety/security risk analysis
approach of Industrial Control Systems: A cyber bowtie–combining new version of
attack tree with bowtie analysis. Computers & Security, 72, 175-195.
Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A., & Bhuiyan, M. Z. A. (2018).
Improving risk assessment model of cyber security using fuzzy logic inference
system. Computers & Security, 74, 323-339.
Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and
their security issues. Computers in Industry, 100, 212-223.
Ashibani, Y., & Mahmoud, Q. H. (2017). Cyber physical systems security: Analysis,
challenges, and solutions. Computers & Security, 68, 81-97.
Busby, J. S., Green, B., & Hutchison, D. (2017). Analysis of Affordance, Time, and
Adaptation in the Assessment of Industrial Control System Cybersecurity Risk. Risk
Analysis, 37(7), 1298-1314.
Celesti, A., Fazio, M., Galletta, A., Carnevale, L., Wan, J., & Villari, M. (2019). An
approach for the secure management of hybrid cloud–edge environments. Future
Generation Computer Systems, 90, 1-19.
Chen, Y., Hong, J., & Liu, C. C. (2018). Modelling of intrusion and defense for
assessment of cyber security at power substations. IEEE Transactions on Smart
Grid, 9(4), 2541-2552.
D’Andreagiovanni, M., Baiardi, F., Lipilini, J., Ruggieri, S., & Tonelli, F. (2017,
September). Sequential Pattern Mining for ICT Risk Assessment and Prevention.
In International Conference on Software Engineering and Formal Methods(pp. 25-39).
De Jong, M., Papaefthymiou, G., & Palensky, P. (2018). A framework for incorporation
of infeed uncertainty in power system risk-based security assessment. IEEE Transactions
on Power Systems, 33(1), 613-621.
Ficco, M., Choraś, M., & Kozik, R. (2017). Simulation platform for cyber-security and
vulnerability analysis of critical infrastructures. Journal of computational science, 22,
179-186.
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., &
Linkov, I. (2017). Multicriteria decision framework for cybersecurity risk assessment and
management. Risk Analysis.
Horcas, J. M., Pinto, M., & Fuentes, L. (2019). Context-Aware Energy-Efficient
Applications for Cyber-Physical Systems. Ad Hoc Networks, 82, 15-30.
Kim, J. (2017). Cyber-security in government: reducing the risk. Computer Fraud &
Security, 2017(7), 8-11.
Labunets, K., Massacci, F., Paci, F., Marczak, S., & de Oliveira, F. M. (2017). Model
comprehension for security risk assessment: an empirical comparison of tabular vs.
graphical representations. Empirical Software Engineering, 22(6), 3017-3056.
Matteini, A., Argenti, F., Salzano, E., & Cozzani, V. (2018). A comparative analysis of
security risk assessment methodologies for the chemical industry. Reliability Engineering
& System Safety.
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., & Wieringa, R. (2018).
An integrated conceptual model for information system security risk management
21
supported by enterprise architecture management. Software & Systems Modeling, 43, 1-
28.
Nurse, J. R., Creese, S., & De Roure, D. (2017). Security risk assessment in Internet of
Things systems. IT Professional, 19(5), 20-26.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber Risk
management for critical infrastructure: a risk analysis model and three case studies. Risk
Analysis, 38(2), 226-241.
Radanliev, P., De Roure, D. C., Nicolescu, R., Huth, M., Montalvo, R. M., Cannady, S.,
& Burnap, P. (2018). Future developments in cyber risk assessment for the internet of
things. Computers in Industry, 102, 14-22.
Rege, A., Obradovic, Z., Asadi, N., Singer, B., & Masceri, N. (2017, June). A temporal
assessment of cyber intrusion chains using multidisciplinary frameworks and
methodologies. In Cyber Situational Awareness, Data Analytics And Assessment (Cyber
SA), 2017 International Conference On (pp. 1-7). IEEE.
Settanni, G., Skopik, F., Shovgenya, Y., Fiedler, R., Carolan, M., Conroy, D., ... &
Haustein, M. (2017). A collaborative cyber incident management system for European
interconnected critical infrastructures. Journal of Information Security and
Applications, 34, 166-182.
Shin, J., Son, H., & Heo, G. (2017). Cyber security risk evaluation of a nuclear i&c using
bn and et. Nuclear Engineering and Technology, 49(3), 517-524.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using
probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Van Schaik, P., Jansen, J., Onibokun, J., Camp, J., & Kusev, P. (2018). Security and
privacy in online social networking: Risk perceptions and precautionary
behaviour. Computers in Human Behavior, 78, 283-297.
Zio, E. (2018). The future of risk assessment. Reliability Engineering & System
Safety, 177, 176-190.
22
28.
Nurse, J. R., Creese, S., & De Roure, D. (2017). Security risk assessment in Internet of
Things systems. IT Professional, 19(5), 20-26.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber Risk
management for critical infrastructure: a risk analysis model and three case studies. Risk
Analysis, 38(2), 226-241.
Radanliev, P., De Roure, D. C., Nicolescu, R., Huth, M., Montalvo, R. M., Cannady, S.,
& Burnap, P. (2018). Future developments in cyber risk assessment for the internet of
things. Computers in Industry, 102, 14-22.
Rege, A., Obradovic, Z., Asadi, N., Singer, B., & Masceri, N. (2017, June). A temporal
assessment of cyber intrusion chains using multidisciplinary frameworks and
methodologies. In Cyber Situational Awareness, Data Analytics And Assessment (Cyber
SA), 2017 International Conference On (pp. 1-7). IEEE.
Settanni, G., Skopik, F., Shovgenya, Y., Fiedler, R., Carolan, M., Conroy, D., ... &
Haustein, M. (2017). A collaborative cyber incident management system for European
interconnected critical infrastructures. Journal of Information Security and
Applications, 34, 166-182.
Shin, J., Son, H., & Heo, G. (2017). Cyber security risk evaluation of a nuclear i&c using
bn and et. Nuclear Engineering and Technology, 49(3), 517-524.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using
probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Van Schaik, P., Jansen, J., Onibokun, J., Camp, J., & Kusev, P. (2018). Security and
privacy in online social networking: Risk perceptions and precautionary
behaviour. Computers in Human Behavior, 78, 283-297.
Zio, E. (2018). The future of risk assessment. Reliability Engineering & System
Safety, 177, 176-190.
22
1 out of 22
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.