MSc Cyber Security and ForensicsRisk Management Assessment SpecificationCoursework ScenarioYou are required to complete a risk assessment and produce a report to management using the scenario below (in italics) or a similar scenario developed by yourself based on your past/present work experience. If you decide to choose your own scenario, you must providedetails of the context in which the scenario is set.Imagine that you are working as an IT security professional for an organisation called CobWeb. It has 300 employees and one large corporate office with three floors located in central London. Your organisation is a website development company with gross revenue of 5 million pounds per year. Recently, security problems have become a hot topic with management, and you have been asked by the CISO (chief information security officer) to write a security recommendation report for your organisation. The reported security problems include: •Data loss due to employee negligence •Physical break ins •Employees complain that they do not understand what is expected of them from a security standpoint •Network administrator complains that the company allows free access to anything on the network for anyone who asks for it •The CobWeb home web page was recently hacked. Points to consider:1.Research and document using appropriate forms, all the data and information assetsassociated with the organisation. e.g. customer data, employee information etc. Using appropriate mechanisms, identify the most important assets.[15 marks]2.Research and document using appropriate forms, all the threats that are likely to have an impact on the identified data assets.[15 marks]3.Examine each asset– threat pairing and produce a vulnerability matrix based on likelihood / probability values etc.[10 marks]4.Assume there are no specific controls in place to protect the data assets in question. You may assume general controls such as anti-virus software, logical access controls etc. are already in place., however for completeness, you may want to list these as well and then ‘cross them off’ as already existing controls.[0 marks]
Found this document preview useful?
Information Threat Security | Reportlg...
Security Problems and Risk Management of CobWeblg...
Risk Management Assignment - Cloud Serviceslg...
Assessment of Object Oriented Modellg...
Implementing an Information Security Management System (ISMS) for ABC Organizationlg...
Network Security Plan Template- cyber securitylg...