Cyber Security Risk Assessment for SCU: Identifying Threats and Risks
VerifiedAdded on 2022/09/17
|10
|2256
|21
Report
AI Summary
This report provides a detailed analysis of cyber security risk assessment within an educational institute context. It emphasizes the essentiality of risk assessment as the most critical step in developing and managing cyber security. The report identifies limitations in current risk assessment meth...
Running head: CYBER SECURITY
CYBER SECURITY
Name of the Student
Name of the Organization
Author Note
CYBER SECURITY
Name of the Student
Name of the Organization
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CYBER SECURITY
Table of Contents
Essentiality of the assessment of risk.........................................................................................2
Identification of the Critical asset..............................................................................................3
Template.....................................................................................................................................4
Identification of different kinds of Threats................................................................................5
Threat landscape for the website of the educational institute....................................................6
References..................................................................................................................................8
CYBER SECURITY
Table of Contents
Essentiality of the assessment of risk.........................................................................................2
Identification of the Critical asset..............................................................................................3
Template.....................................................................................................................................4
Identification of different kinds of Threats................................................................................5
Threat landscape for the website of the educational institute....................................................6
References..................................................................................................................................8
2
CYBER SECURITY
Essentiality of the assessment of risk
Risk assessment is a kind of particular term which has been noticed to have been well
utilised for the basic purpose of the description of the total or rather the overall procedure. It
has also been utilised for describing specific kind of particular method where a huge number
of hazards and factors of risk are identified very much easily which will be actually having
huge strength of causing huge harm or rather damage (Öğütçü, Testik and Chouseinoglou
2016). It can be properly said that the specific cyber security assessment is a kind of
procedure with the help of which there can be a proper analysis, calculation and an
identification of risk as well.
This is actually considered to be the one and only way which will be possibly making
sure that all the different kinds of controls of cyber security which have been opted actually
must be well appropriate to a huge number and different kinds of risks, which the educational
institute may be widely facing (Al-Janabi and Al-Shourbaji 2016). The risk assessment of the
cyber security possess with the huge capability of appropriate identification of various data
assets as well as information which will be actually hugely affected by a particular kind of
greatly dangerous cyber-attacks like different kinds or types of computer systems, essential
data and information of the student and also the hardware. It has been known that it is a bit
tough and difficult thing to offer a proper training to the total team which will be held
responsible for handling all kinds of different activities which will be directly associated with
huge risk or rather the assessment of risk (Safa et al. 2015).
The particular evaluation of different types of risks and the proper estimation are the
two things which must be considered very much essential and must be well performed
(Shamala, Ahmad and Yusoff 2013). This must be properly followed by a specific kind of
process of the particular selection of different controls for treating different kinds of risks
CYBER SECURITY
Essentiality of the assessment of risk
Risk assessment is a kind of particular term which has been noticed to have been well
utilised for the basic purpose of the description of the total or rather the overall procedure. It
has also been utilised for describing specific kind of particular method where a huge number
of hazards and factors of risk are identified very much easily which will be actually having
huge strength of causing huge harm or rather damage (Öğütçü, Testik and Chouseinoglou
2016). It can be properly said that the specific cyber security assessment is a kind of
procedure with the help of which there can be a proper analysis, calculation and an
identification of risk as well.
This is actually considered to be the one and only way which will be possibly making
sure that all the different kinds of controls of cyber security which have been opted actually
must be well appropriate to a huge number and different kinds of risks, which the educational
institute may be widely facing (Al-Janabi and Al-Shourbaji 2016). The risk assessment of the
cyber security possess with the huge capability of appropriate identification of various data
assets as well as information which will be actually hugely affected by a particular kind of
greatly dangerous cyber-attacks like different kinds or types of computer systems, essential
data and information of the student and also the hardware. It has been known that it is a bit
tough and difficult thing to offer a proper training to the total team which will be held
responsible for handling all kinds of different activities which will be directly associated with
huge risk or rather the assessment of risk (Safa et al. 2015).
The particular evaluation of different types of risks and the proper estimation are the
two things which must be considered very much essential and must be well performed
(Shamala, Ahmad and Yusoff 2013). This must be properly followed by a specific kind of
process of the particular selection of different controls for treating different kinds of risks
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CYBER SECURITY
which will be identified ultimately. It is really very much essential to have a proper review as
well as monitoring of the specific kind of environment of the particular educational institute
which must be remaining hugely concerned about all the various types of risks for detecting
different types of required changes within the educational organization and also for an
appropriate maintenance of the proper overview of the entire procedure of the management of
risk (Love et al. 2014). There is one particular important thing which is to be well
remembered and that is nothing but the feasibility of the utilisation of the assessment of risk
which will be eventually be acting as a proper aid to the entire procedure of making different
kinds of decisions.
Identification of the Critical asset
An asset of information is specifically a type of the body of knowledge which must be
both well organized as well as managed as one particular unit. It can be well managed
properly as a specific kind of unit in a certain kind of way that it will be becoming properly
understandable, secured and also shared (Peltier 2016). It is to be well known that all the
different assets of data and information possess with a specific kind of value which will be
properly manageable. It can also be very much properly said that all the different assets of
information are particularly those kinds of assets of the overall University which is actually
properly known to be having the financial value and even some different types of value as
well.
That certain types of value may be including the specific kinds of assets which will be
entirely physical (Arachchilage and Love 2014). Hence, it is considered to be very much
essential to well identify all of them wherever they will be kept and identify particularly who
is actually entirely responsible. It must be well known that the University in total must be
hugely developing an appropriate type of register of the asset of the information for giving
CYBER SECURITY
which will be identified ultimately. It is really very much essential to have a proper review as
well as monitoring of the specific kind of environment of the particular educational institute
which must be remaining hugely concerned about all the various types of risks for detecting
different types of required changes within the educational organization and also for an
appropriate maintenance of the proper overview of the entire procedure of the management of
risk (Love et al. 2014). There is one particular important thing which is to be well
remembered and that is nothing but the feasibility of the utilisation of the assessment of risk
which will be eventually be acting as a proper aid to the entire procedure of making different
kinds of decisions.
Identification of the Critical asset
An asset of information is specifically a type of the body of knowledge which must be
both well organized as well as managed as one particular unit. It can be well managed
properly as a specific kind of unit in a certain kind of way that it will be becoming properly
understandable, secured and also shared (Peltier 2016). It is to be well known that all the
different assets of data and information possess with a specific kind of value which will be
properly manageable. It can also be very much properly said that all the different assets of
information are particularly those kinds of assets of the overall University which is actually
properly known to be having the financial value and even some different types of value as
well.
That certain types of value may be including the specific kinds of assets which will be
entirely physical (Arachchilage and Love 2014). Hence, it is considered to be very much
essential to well identify all of them wherever they will be kept and identify particularly who
is actually entirely responsible. It must be well known that the University in total must be
hugely developing an appropriate type of register of the asset of the information for giving
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBER SECURITY
help to both for the specific purpose of both tracking as well as managing all the different
information assets.
Information asset is thought of to be very much critical and this is mainly because the
educational institute which is the university or rather some other educational organizations
must have a specific database, an appropriate set of a large number of various agreements as
well as contracts or even some of the particular samples of the researches in a very much
careful way (Johnson 2015). It is to be well kept in the mind that the procedure of
maintaining is both essential as well as tough at the same time. Hence, the particular register
of the information asset is considered to be very much important.
There are some of the questions which will be helping to properly identify all the
different assets which will be hugely critical within the educational organization. Questions
are as follows:
Name the various kinds of risks which will be well associated with the information which
is totally inaccurate.
Will the information that will be having a particular type of lifestyle be easily
manageable?
Will the asset of information have a specific type of highly special value to the entire
educational organization?
Will the particular asset of information cost huge expense for the needed information?
What will be the exact effect upon the huge efficiency of the operation if someone will be
not be accessing the information with an ease?
Template
Information Asset Rank Description
CYBER SECURITY
help to both for the specific purpose of both tracking as well as managing all the different
information assets.
Information asset is thought of to be very much critical and this is mainly because the
educational institute which is the university or rather some other educational organizations
must have a specific database, an appropriate set of a large number of various agreements as
well as contracts or even some of the particular samples of the researches in a very much
careful way (Johnson 2015). It is to be well kept in the mind that the procedure of
maintaining is both essential as well as tough at the same time. Hence, the particular register
of the information asset is considered to be very much important.
There are some of the questions which will be helping to properly identify all the
different assets which will be hugely critical within the educational organization. Questions
are as follows:
Name the various kinds of risks which will be well associated with the information which
is totally inaccurate.
Will the information that will be having a particular type of lifestyle be easily
manageable?
Will the asset of information have a specific type of highly special value to the entire
educational organization?
Will the particular asset of information cost huge expense for the needed information?
What will be the exact effect upon the huge efficiency of the operation if someone will be
not be accessing the information with an ease?
Template
Information Asset Rank Description
5
CYBER SECURITY
Details of the student 1
Teaching and learning 2
Researches 3
Management of facility 4
Finance management 5
Strategic intelligence and
proper reporting
6
Governance or rather policy 7
Alumni and engagement 8
Identification of different kinds of Threats
There are different types of threats which can be observed to the particular kind of
information of the educational organization which will be involving some of the kinds of
different software attacks or even certain malware as well. It is seen that as compared to
various threats, there are basically five threats which will be very much harmful for the total
educational institute involving the DoS attacks, outdated security policies, phishing attacks,
lack of proper security controls and the ransomware attack.
Security threats Rank depending upon the impact
Attacks of denial of service 1
Outdates security policies 5
Phishing 2
Ransomware attacks 3
Lack of proper security controls 4
CYBER SECURITY
Details of the student 1
Teaching and learning 2
Researches 3
Management of facility 4
Finance management 5
Strategic intelligence and
proper reporting
6
Governance or rather policy 7
Alumni and engagement 8
Identification of different kinds of Threats
There are different types of threats which can be observed to the particular kind of
information of the educational organization which will be involving some of the kinds of
different software attacks or even certain malware as well. It is seen that as compared to
various threats, there are basically five threats which will be very much harmful for the total
educational institute involving the DoS attacks, outdated security policies, phishing attacks,
lack of proper security controls and the ransomware attack.
Security threats Rank depending upon the impact
Attacks of denial of service 1
Outdates security policies 5
Phishing 2
Ransomware attacks 3
Lack of proper security controls 4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CYBER SECURITY
Threat landscape for the website of the educational institute
The particular outcome of a survey which has been well done upon all the official
sites of various educational institutes like that of SCU is mainly that in most of the majority
of various cases, all the websites which have been employed for the main purpose of
providing education to all the students regarding the needed criterions as well as testimonials
are very much simplified as well as user friendly (Caldwell 2013). It is a very much well
known fact that all the various software of malware like ransomware is known to be
dispersing over from one system to the other one with the help of various attachments which
are malicious connected with all the various emails which are then sent to the official id of
email of all the different organizations which have been concerned. Mainly for the basic
purpose of providing a safeguard to the institute of education from being wholly
compromised, there is a huge necessity in directly rendering a tough protection to all the
various websites of the institutes of education.
Cyber security is considered to be a pre-requisite for any kind of organization of
education, fetching the actual purpose of providing protection to all the various essential
credentials. It has been observed that ransomware attack is not only capable of deforming the
entire infrastructure of the particular system, but also compel the organizations in retaining
back the specific authorization of the particular website in return of the huge capital. It also
happens that in such a kind of scenario, all the various attacks which are highly facilitated
through the propagation by email, there is a high chances of the incorporation of various
activities of phishing (Hartmann and Steup 2013). In such a kind of scenario, various
attackers highly intends towards gaining the access over the specific password and all the
credentials of user id needed for the purpose of logging in and in this particular due course of
the total process becomes entirely capable enough of changing the specific information which
will be confidential (Cherdantseva et al. 2016). They all may be manipulating the same and
CYBER SECURITY
Threat landscape for the website of the educational institute
The particular outcome of a survey which has been well done upon all the official
sites of various educational institutes like that of SCU is mainly that in most of the majority
of various cases, all the websites which have been employed for the main purpose of
providing education to all the students regarding the needed criterions as well as testimonials
are very much simplified as well as user friendly (Caldwell 2013). It is a very much well
known fact that all the various software of malware like ransomware is known to be
dispersing over from one system to the other one with the help of various attachments which
are malicious connected with all the various emails which are then sent to the official id of
email of all the different organizations which have been concerned. Mainly for the basic
purpose of providing a safeguard to the institute of education from being wholly
compromised, there is a huge necessity in directly rendering a tough protection to all the
various websites of the institutes of education.
Cyber security is considered to be a pre-requisite for any kind of organization of
education, fetching the actual purpose of providing protection to all the various essential
credentials. It has been observed that ransomware attack is not only capable of deforming the
entire infrastructure of the particular system, but also compel the organizations in retaining
back the specific authorization of the particular website in return of the huge capital. It also
happens that in such a kind of scenario, all the various attacks which are highly facilitated
through the propagation by email, there is a high chances of the incorporation of various
activities of phishing (Hartmann and Steup 2013). In such a kind of scenario, various
attackers highly intends towards gaining the access over the specific password and all the
credentials of user id needed for the purpose of logging in and in this particular due course of
the total process becomes entirely capable enough of changing the specific information which
will be confidential (Cherdantseva et al. 2016). They all may be manipulating the same and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER SECURITY
use the similar kind of strategy of the business for some other organizations and thereby there
will be the demolishing of the strategy of the business and also the demolishing of the various
protocols of the website which has been compromised.
On the other hand, the attack of DoS has been observed to have gained a strong
ground in this particular scenario which will be possessing of all the important qualities pre-
requisite for the specific accomplishment of the basic purpose of properly gaining an access
which will be totally unauthorized over the website which has been compromised (Conteh
and Schmick 2016). This will be implementing all the various credentials for the huge
fulfilment of all the needs of the business of the organizations with the help the acquisition of
all the various processes as well as policies.
The huge deficit of an appropriate system of security for the particular purpose of
protecting the information which are confidential may be accounting for the huge
vulnerability of the entire website and may also be exposing the entire system towards all the
various external attacks by several cyber predators.
It can be well recommended that for the basic purpose of security, there must be a
provision for a proper backup of the private and confidential information of the institution
which can be hugely turning out to be very much fruitful in the case of any kind of cyber-
attack.
CYBER SECURITY
use the similar kind of strategy of the business for some other organizations and thereby there
will be the demolishing of the strategy of the business and also the demolishing of the various
protocols of the website which has been compromised.
On the other hand, the attack of DoS has been observed to have gained a strong
ground in this particular scenario which will be possessing of all the important qualities pre-
requisite for the specific accomplishment of the basic purpose of properly gaining an access
which will be totally unauthorized over the website which has been compromised (Conteh
and Schmick 2016). This will be implementing all the various credentials for the huge
fulfilment of all the needs of the business of the organizations with the help the acquisition of
all the various processes as well as policies.
The huge deficit of an appropriate system of security for the particular purpose of
protecting the information which are confidential may be accounting for the huge
vulnerability of the entire website and may also be exposing the entire system towards all the
various external attacks by several cyber predators.
It can be well recommended that for the basic purpose of security, there must be a
provision for a proper backup of the private and confidential information of the institution
which can be hugely turning out to be very much fruitful in the case of any kind of cyber-
attack.
8
CYBER SECURITY
References
Al-Janabi, S. and Al-Shourbaji, I., 2016. A study of cyber security awareness in educational
environment in the middle east. Journal of Information & Knowledge Management, 15(01),
p.1650007.
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Caldwell, T., 2013. Plugging the cyber-security skills gap. Computer Fraud &
Security, 2013(7), pp.5-10.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), p.31.
Hartmann, K. and Steup, C., 2013, June. The vulnerability of UAVs to cyber attacks-An
approach to the risk assessment. In 2013 5th international conference on cyber conflict
(CYCON 2013) (pp. 1-23). IEEE.
Johnson, T.A. ed., 2015. Cybersecurity: Protecting critical infrastructures from cyber attack
and cyber warfare. CRC Press.
Love, P.E., Matthews, J., Simpson, I., Hill, A. and Olatunji, O.A., 2014. A benefits
realization management building information modeling framework for asset
owners. Automation in construction, 37, pp.1-10.
CYBER SECURITY
References
Al-Janabi, S. and Al-Shourbaji, I., 2016. A study of cyber security awareness in educational
environment in the middle east. Journal of Information & Knowledge Management, 15(01),
p.1650007.
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Caldwell, T., 2013. Plugging the cyber-security skills gap. Computer Fraud &
Security, 2013(7), pp.5-10.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), p.31.
Hartmann, K. and Steup, C., 2013, June. The vulnerability of UAVs to cyber attacks-An
approach to the risk assessment. In 2013 5th international conference on cyber conflict
(CYCON 2013) (pp. 1-23). IEEE.
Johnson, T.A. ed., 2015. Cybersecurity: Protecting critical infrastructures from cyber attack
and cyber warfare. CRC Press.
Love, P.E., Matthews, J., Simpson, I., Hill, A. and Olatunji, O.A., 2014. A benefits
realization management building information modeling framework for asset
owners. Automation in construction, 37, pp.1-10.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CYBER SECURITY
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Shamala, P., Ahmad, R. and Yusoff, M., 2013. A conceptual framework of info structure for
information security risk assessment (ISRA). Journal of Information Security and
Applications, 18(1), pp.45-52.
CYBER SECURITY
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Shamala, P., Ahmad, R. and Yusoff, M., 2013. A conceptual framework of info structure for
information security risk assessment (ISRA). Journal of Information Security and
Applications, 18(1), pp.45-52.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.