logo

Information Security Management

This assignment requires students to plan, conduct and document a risk assessment based on a given scenario, using applicable standards and methods for information security and risk management. The report should include proper referencing of published information and demonstrate the ability to find and evaluate appropriate information about threats, vulnerabilities, and patches.

11 Pages3202 Words65 Views
   

Added on  2023-01-18

About This Document

The report discusses the risk mitigation technique for the network of CONVXYZ using ISO 31000:2018 standard. It analyzes owner specifications, assets, threats, likelihood level computation, and risk identification.

Information Security Management

This assignment requires students to plan, conduct and document a risk assessment based on a given scenario, using applicable standards and methods for information security and risk management. The report should include proper referencing of published information and demonstrate the ability to find and evaluate appropriate information about threats, vulnerabilities, and patches.

   Added on 2023-01-18

ShareRelated Documents
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
(CONVXYZ)
Name of the student:
Name of the university:
Author Note
Information Security Management_1
INFORMATION SECURITY MANAGEMENT 1
Executive summary
The CONVXYZ provides various real estate services and conveyancing operations from their lawyers. Here,
the ISO 31000:2018 standard is chosen as the risk mitigation technique for the network of CONVXYZ. The
report demonstrates various owner specifications along with the analysis of secondary and primary assets.
Then the vulnerabilities and threats are discussed. After that, the likelihood of particular computation is
demonstrated in the study with the help of Boston grid framework. At last, various risks of CONVXYZ’s
network security risks are identified.
Information Security Management_2
INFORMATION SECURITY MANAGEMENT 2
Table of Contents
1. Introduction:..................................................................................................................................................3
2. Understanding the owner specification:........................................................................................................3
3. Understanding the assets:.............................................................................................................................3
4. Discussion on threats:....................................................................................................................................4
5. Understanding the Likelihood level computation:.........................................................................................7
6. Impact table specification:.............................................................................................................................7
7. Risk identification:..........................................................................................................................................8
8. Conclusion:.....................................................................................................................................................9
9. References:..................................................................................................................................................10
Information Security Management_3
INFORMATION SECURITY MANAGEMENT 3
1. Introduction:
The CONVXYZ is an estate and conveyancing service located in the United Kingdom. They are
intended to provide various real estate services. Further, they have been conveyancing services from the side
of their employed lawyers. Here, their security system aims to minimise or secure the loss of their businesses.
To mitigate the various risks, for this case the ISO 31000:2018 standard is deployed. The main benefit
of the standard lies in the fact that it can provide various guides to manage risks at CONVXYZ. Further, these
applications can be customized to the business and its context. Moreover, it has been providing the common
measure in controlling any risk and this has not been sector or industry specific. Apart from this, it is usable
across the whole life of CONVXYZ and applies to any activity. This involves decision making at every level.
In the following study, the owner specifications are demonstrated. Next, the secondary and primary
assets are discussed. Then one threat and vulnerability is analyzed for every resource. Besides, a likelihood
level of computation is discussed through the help of Boston grid along with impact level specifications.
Lastly, risks are determined with its level through the Boston grid risk matrix.
2. Understanding the owner specification:
It is vital that the personnel of project management gains particular training for managing the risk.
These owners here might lack particular specific experience and expertise to determine the risk of the project
without any assistances. Hence, the real identification of the risks might be carried out by the representatives
of the owners through contractors (Singhal and Ou 2017). This can be done through external and internal
advisors and consultants. Further, the function of the risk identification must not be left with any scope that
should be covered explicitly in various documents of the project.
The aim behind the risk determination has been to avoid the omissions. Besides, this also involves
the avoiding of adverse pitfalls to get distracted through various factors that are never the core reasons.
These are just the symptoms. Thus, through treating the symptoms, instead of the root causes, the
appearance of the activity can be provided and this will never solve the issue. However, it must be kept in
mind that determinations of symptoms are far simpler that finding the root causes behind that. Hence, the
project owners must specify that the process of risk identification moves beyond the actual symptoms. The
disinterested owners, while outside at many times can perform the tasks (Liu and Liu 2016).
3. Understanding the assets:
The assets to be considered for the risk identification of CONVXYZ are highlighted below. Besides,
there types are also mentioned.
Type Resources Justification of their types
Primary Firewall, router, web-server,
email server
These primary assets are
imported in the first place for
importing particular type of
external assets. They have been
Information Security Management_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Information Security Management
|9
|2997
|41

CONVXYZ Risk Assessment
|19
|3223
|38

Risk Assessment on Network of CONVXYZ
|16
|3227
|104

Information Security Management: Risk Assessment and Recommendations
|11
|2902
|54

Management of Information Security
|15
|2804
|294

Risk Assessment on Network Infrastructure of CONVXYZ
|27
|3351
|91