Cybersecurity Risk Assessment for Gigantic Corporation: Threats, Vulnerabilities, and Mitigation Measures
Added on 2024-06-27
22 Pages6941 Words382 Views
|
|
|
ASSESSMENT ITEM: 3
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
Executive Summary
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
It causes loss of productivity.
It causes reputational damage.
It may hamper intellectual property loss.
Cyber-attacks may leave an impact on the profits.
Adverse media coverage can be faced by the corporation.
It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
It causes loss of productivity.
It causes reputational damage.
It may hamper intellectual property loss.
Cyber-attacks may leave an impact on the profits.
Adverse media coverage can be faced by the corporation.
It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
Keep the applications in the updated version as per the stated guidelines.
Enabling VPN (virtual private network) in the computer systems.
Taking the back-up of the data from the system on regular basis to avoid any future
problems.
Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
Keep the applications in the updated version as per the stated guidelines.
Enabling VPN (virtual private network) in the computer systems.
Taking the back-up of the data from the system on regular basis to avoid any future
problems.
Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
Using smart password while setting the credentials for the system or any files which
cannot be easily hacked by the hackers.
Executives should be involved in the cybersecurity issues and decisions because this
issue needs to be considered well while taking the important decisions by the upper-level
management.
cannot be easily hacked by the hackers.
Executives should be involved in the cybersecurity issues and decisions because this
issue needs to be considered well while taking the important decisions by the upper-level
management.
Contents
Executive Summary.........................................................................................................................1
1. Introduction..............................................................................................................................5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment....................................................................................................................7
2.2 Threat Agents.......................................................................................................................12
2.3 Vulnerabilities......................................................................................................................14
2.4 Recommendations................................................................................................................16
2.5 Mitigation Measures............................................................................................................17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................22
4. Conclusion..............................................................................................................................23
Executive Summary.........................................................................................................................1
1. Introduction..............................................................................................................................5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment....................................................................................................................7
2.2 Threat Agents.......................................................................................................................12
2.3 Vulnerabilities......................................................................................................................14
2.4 Recommendations................................................................................................................16
2.5 Mitigation Measures............................................................................................................17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................22
4. Conclusion..............................................................................................................................23
1. Introduction
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber Security Risk Assessment Report for Gigantic Corporationlg...
|22
|6864
|181
IT Risk Assessment and Cyber Security Lead Consultant for Gigantic Corporationlg...
|10
|3551
|91
IT Risk Management: Threats, Vulnerabilities and Prevention Methodslg...
|21
|4785
|434
Cyber Security Assignment (Solved)lg...
|10
|4262
|85
Cybersecurity Issues and Solutions for ZP Printing Organizationlg...
|12
|2673
|184
Network Security Analysis: Cyber Securitylg...
|10
|1925
|30