PRT571 Cyber Security Risk Assessment Report: AI Applications
VerifiedAdded on 2023/01/18
|22
|4725
|55
Report
AI Summary
This report presents a comprehensive cyber security risk assessment, analyzing threats and impacts across three distinct scenarios: Commonwealth Bank, Target Australia, and an unnamed ABC organization. The assessment includes a characterization of each system, detailing data storage methods, vendors, and data access methods. It identifies specific cyber threats like server failures, data breaches, and ineffective monitoring systems, and evaluates their impact and likelihood, using a risk calculation matrix. The report also examines existing and proposed control environments, suggesting measures like enhanced encryption, data loss prevention software, and improved vendor management. The analysis emphasizes the importance of cyber security principles, including confidentiality, integrity, and availability, in safeguarding information assets and mitigating potential risks. The report highlights the need for proactive risk assessment and implementation of robust security measures to protect organizations from cyber threats.
Running head: SECURITY AND RISK MANAGEMENT
Security and Risk Management
Name of the student:
Name of the university
Author note:
Security and Risk Management
Name of the student:
Name of the university
Author note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1SECURITY AND RISK MANAGEMENT
Abstract
The following report is prepared so as to point out the importance of Cyber security risk
analysis for every business field. The report presents a brief description of the cyber security
analysis procedure and following that, the cyber security risk assessment is prepared based on
three different scenarios. For each and every scenario, the respected cyber security threats are
identified and their impacts are analyzed and rated depending in its likelihood and value.
Abstract
The following report is prepared so as to point out the importance of Cyber security risk
analysis for every business field. The report presents a brief description of the cyber security
analysis procedure and following that, the cyber security risk assessment is prepared based on
three different scenarios. For each and every scenario, the respected cyber security threats are
identified and their impacts are analyzed and rated depending in its likelihood and value.
2SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction:...............................................................................................................................3
Discussion:.................................................................................................................................4
Cyber security analysis for-.......................................................................................................4
Scenario 1: Cyber Security Risk Assessment for Commonwealth Bank...............................4
Scenario 2: Cyber Security Risk Assessment for Target Australia........................................9
Scenario 3: Cyber Security Risk Assessment for ABC organisation:..................................14
Conclusion:..............................................................................................................................18
References:...............................................................................................................................19
Table of Contents
Introduction:...............................................................................................................................3
Discussion:.................................................................................................................................4
Cyber security analysis for-.......................................................................................................4
Scenario 1: Cyber Security Risk Assessment for Commonwealth Bank...............................4
Scenario 2: Cyber Security Risk Assessment for Target Australia........................................9
Scenario 3: Cyber Security Risk Assessment for ABC organisation:..................................14
Conclusion:..............................................................................................................................18
References:...............................................................................................................................19
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3SECURITY AND RISK MANAGEMENT
Introduction:
Cyber space is defined as the interconnected world of digital technology. Cyberspace
is often used by security professionals, in the military fields and by technology strategists in
order to describe the global domain of technology. Cyber space forms the heart of our
modern technology-based society and has its impact on almost all parts of our lives including
service centers and business fields. As almost all parts of our modern life are connected with
the cyberspace hence the growing threat with it is also increasing. Any threat in cyber space
affects both the private and public sector of the society. The increased threat in the cyber
space allows some black hat people to use the cyber space for malicious activity, exploiting
the operational activity of the computer networks that area used in the cyber space. With the
increased amount of cyber risks in modern organisation, the information assets of every
organisation are at the verge of cyber risks (Ali and Awad 2018). The different types of cyber
threats that are emerging as a result of it includes phishing, Ransomware attacks, crypto
jacking, cyber physical attacks, state sponsored attacks, IoT attacks and third-party attacks
(Nurse, Creese and De Roure 2017). Most of the employees within organisations are unaware
of the different cyber space threats and cyber risks that are often taking up major of the
credential information from the organization’s database (Sadgrove 2016). As a result of the
potential cyber risks in organization’s information assets, cyber attackers are enabled with
stealing user logins, personal financial information and many more (Latif et al. 2014) Thus,
for all these reasons it is necessary that organisations should take up and implement cyber
security risk assessment with in their organizational system in order to plan, develop and
finally implement effective measures to secure the information assets of the organisation
from the potential cyber threats (Shameli-Sendi, Aghababaei-Barzegar and Cheriet 2016.). In
this respect, organisations besides implementing a proper cyber risk assessment, should also
follow the cyber security principles to safeguard the information assets (Fenz et al. 2014).
Introduction:
Cyber space is defined as the interconnected world of digital technology. Cyberspace
is often used by security professionals, in the military fields and by technology strategists in
order to describe the global domain of technology. Cyber space forms the heart of our
modern technology-based society and has its impact on almost all parts of our lives including
service centers and business fields. As almost all parts of our modern life are connected with
the cyberspace hence the growing threat with it is also increasing. Any threat in cyber space
affects both the private and public sector of the society. The increased threat in the cyber
space allows some black hat people to use the cyber space for malicious activity, exploiting
the operational activity of the computer networks that area used in the cyber space. With the
increased amount of cyber risks in modern organisation, the information assets of every
organisation are at the verge of cyber risks (Ali and Awad 2018). The different types of cyber
threats that are emerging as a result of it includes phishing, Ransomware attacks, crypto
jacking, cyber physical attacks, state sponsored attacks, IoT attacks and third-party attacks
(Nurse, Creese and De Roure 2017). Most of the employees within organisations are unaware
of the different cyber space threats and cyber risks that are often taking up major of the
credential information from the organization’s database (Sadgrove 2016). As a result of the
potential cyber risks in organization’s information assets, cyber attackers are enabled with
stealing user logins, personal financial information and many more (Latif et al. 2014) Thus,
for all these reasons it is necessary that organisations should take up and implement cyber
security risk assessment with in their organizational system in order to plan, develop and
finally implement effective measures to secure the information assets of the organisation
from the potential cyber threats (Shameli-Sendi, Aghababaei-Barzegar and Cheriet 2016.). In
this respect, organisations besides implementing a proper cyber risk assessment, should also
follow the cyber security principles to safeguard the information assets (Fenz et al. 2014).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SECURITY AND RISK MANAGEMENT
The three security objectives of information security principles include confidentiality,
Integrity and Availability (Soomro, Shah and Ahmed 2016). Implementation of Cyber
Security principles in organisation helps in identifying the security issues before hackers can
get hold of it and use it for the purpose of hacking and stealing information for the company’s
datacenter (McIlwraith 2016). This report is prepared so as to highlight the importance of
implementing a response plan towards inevitable cyber threats and the application of cyber
security principals to the real world organisations.
Discussion:
Performing the cyber security risk assessment is an important part of any
organization’s information security management (Ahmad, Maynard and Park 2014). In every
organisation, there are some level of security risks that are present for which the critical data
sets of the information assets are at the risk of cyber issues (Farooq et al. 2015). For this
reason, organisations need to prepare a cyber risk assessment report so as to address the
security risks and to protect the information assets of the organisation.
Cyber security analysis for-
Scenario 1: Cyber Security Risk Assessment for Commonwealth Bank
Characterization of the system:
Commonwealth bank is one of the important and well-known banks in Australia, with
its wide spreading business across united states, United Kingdom and New Zealand. It was
founded in the year 1911 as a government bank and I the year 1991 as a public company. It
has its headquarters at Darling Harbor, Sydney, Australia. The Commonwealth Bank has
about 1,100+ branches with about 4300+ ATM services worldwide. Its total assets range to
about A$933.078 billion.
The three security objectives of information security principles include confidentiality,
Integrity and Availability (Soomro, Shah and Ahmed 2016). Implementation of Cyber
Security principles in organisation helps in identifying the security issues before hackers can
get hold of it and use it for the purpose of hacking and stealing information for the company’s
datacenter (McIlwraith 2016). This report is prepared so as to highlight the importance of
implementing a response plan towards inevitable cyber threats and the application of cyber
security principals to the real world organisations.
Discussion:
Performing the cyber security risk assessment is an important part of any
organization’s information security management (Ahmad, Maynard and Park 2014). In every
organisation, there are some level of security risks that are present for which the critical data
sets of the information assets are at the risk of cyber issues (Farooq et al. 2015). For this
reason, organisations need to prepare a cyber risk assessment report so as to address the
security risks and to protect the information assets of the organisation.
Cyber security analysis for-
Scenario 1: Cyber Security Risk Assessment for Commonwealth Bank
Characterization of the system:
Commonwealth bank is one of the important and well-known banks in Australia, with
its wide spreading business across united states, United Kingdom and New Zealand. It was
founded in the year 1911 as a government bank and I the year 1991 as a public company. It
has its headquarters at Darling Harbor, Sydney, Australia. The Commonwealth Bank has
about 1,100+ branches with about 4300+ ATM services worldwide. Its total assets range to
about A$933.078 billion.
5SECURITY AND RISK MANAGEMENT
Data contained in it:
The common wealth bank facilitates a wide variety of services such as financial
services in the field of business, retail, institutional banking and areas involving funds
management.
Vendors of the bank:
The vendors who were utilized under the Commonwealth Bank in Australia includes-
Workday a leading cloud service provider, Algosec- a well-known service provider to
manage the security in business process and many more. Over and about 20 million of
customers uses the services provided by the Commonwealth bank of Australia.
Data access method:
The Common wealth bank of Australia uses the open data access method in order to
access its data sets. Customers are provided with full right to access their data. Like all other
banking systems, the data flow procedure of the common wealth bank is similar.
Data storage method:
All the information that get transferred within the system of the Common wealth
bank related to transfer of money or account details of customers are stored in a huge data
center that is owned by the organisation.
Threats that are faced in the organisation:
It has been reported that the data center of the Common wealth bank of Australia, recently
faced some threats at their data center where the majority of the information of the
organisation gets stored (Jouini, Rabai and Aiss 2014). The different types of risks that gets
associated with data centers of any organization includes-
Data contained in it:
The common wealth bank facilitates a wide variety of services such as financial
services in the field of business, retail, institutional banking and areas involving funds
management.
Vendors of the bank:
The vendors who were utilized under the Commonwealth Bank in Australia includes-
Workday a leading cloud service provider, Algosec- a well-known service provider to
manage the security in business process and many more. Over and about 20 million of
customers uses the services provided by the Commonwealth bank of Australia.
Data access method:
The Common wealth bank of Australia uses the open data access method in order to
access its data sets. Customers are provided with full right to access their data. Like all other
banking systems, the data flow procedure of the common wealth bank is similar.
Data storage method:
All the information that get transferred within the system of the Common wealth
bank related to transfer of money or account details of customers are stored in a huge data
center that is owned by the organisation.
Threats that are faced in the organisation:
It has been reported that the data center of the Common wealth bank of Australia, recently
faced some threats at their data center where the majority of the information of the
organisation gets stored (Jouini, Rabai and Aiss 2014). The different types of risks that gets
associated with data centers of any organization includes-
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6SECURITY AND RISK MANAGEMENT
1. Server failure
2. Ineffective monitoring of behavior
3. Inefficient management of the data center keys
4. Malfunctioning of the equipment in each of the machine cabinets
5. Ineffective inventory management procedure
6. External hackers
7. Network connection failure
8. Lack of high-level management staffs
9. Undetected coming of smoke that can lead to fire incidents
10. Ineffective notification systems during emergencies.
In the year 2016, the common wealth bank faced a major data breach at there datacenters
(Sallam 2015). Among all the mentioned risks that can occur in any data crenters, the risks
that kely took place at the data center of the common wealth bank includes-
1. Ineffective notification system: One of the major concerns that was raised as a result
of the data breach at the datacenter, was that the Common wealth bank failed to notify
its customers about the data breach even before the media came to knew about it.
2. Another risk that was identified with the organization’s data breach from its
datacenters was that though the mission to destroy the magnetic tape were
accomplished but still there were no digital certificate that confirms its destruction.
3. Though the bank has confirmed that the account monitoring system was at its own
place during the data breach but still question arises with the sufficient use of these
monitoring systems in order to prevent unauthorized access of the users.
4. With all these mentioned risks that aroused due to the data breach at the common
wealth bank datacenter, another risk which is also identified is the lack in the presence
of high-level management staffs.
1. Server failure
2. Ineffective monitoring of behavior
3. Inefficient management of the data center keys
4. Malfunctioning of the equipment in each of the machine cabinets
5. Ineffective inventory management procedure
6. External hackers
7. Network connection failure
8. Lack of high-level management staffs
9. Undetected coming of smoke that can lead to fire incidents
10. Ineffective notification systems during emergencies.
In the year 2016, the common wealth bank faced a major data breach at there datacenters
(Sallam 2015). Among all the mentioned risks that can occur in any data crenters, the risks
that kely took place at the data center of the common wealth bank includes-
1. Ineffective notification system: One of the major concerns that was raised as a result
of the data breach at the datacenter, was that the Common wealth bank failed to notify
its customers about the data breach even before the media came to knew about it.
2. Another risk that was identified with the organization’s data breach from its
datacenters was that though the mission to destroy the magnetic tape were
accomplished but still there were no digital certificate that confirms its destruction.
3. Though the bank has confirmed that the account monitoring system was at its own
place during the data breach but still question arises with the sufficient use of these
monitoring systems in order to prevent unauthorized access of the users.
4. With all these mentioned risks that aroused due to the data breach at the common
wealth bank datacenter, another risk which is also identified is the lack in the presence
of high-level management staffs.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SECURITY AND RISK MANAGEMENT
Determination of Inherent Risk & Impact:
Identified
Threat
Impact Likelihood Value Risk
calculation
Ineffective
notification
system
Information
which are
involved within
the system gets
compromised
and fails to
notify
customers in
case of any
major data
breach (Solic
Ocevcic and
Golub 2015). In
case of
Commonwealth
bank, the bank
failed to notify
its customers
about the
potential data
breach that took
place even
before the
media took up
the story.
(High): [100]
High
[1.0]
100*1.0=100 Severe
Poor
governance and
risk
management
culture
Data loss/ Data
loss at the third-
party vendors
due to poor
governance and
lack of
controlling the
risks (Pan and
Tomlinson
2016).
(High): [100]
High
[1.0]
100*1.0=100 Severe
Lack of digital
certificate
confirmation
In
Commonwealth
Bank, it was
supposed that
the magnetic
tapes were
High
[1.0]
100*1.0=100 Severe
Determination of Inherent Risk & Impact:
Identified
Threat
Impact Likelihood Value Risk
calculation
Ineffective
notification
system
Information
which are
involved within
the system gets
compromised
and fails to
notify
customers in
case of any
major data
breach (Solic
Ocevcic and
Golub 2015). In
case of
Commonwealth
bank, the bank
failed to notify
its customers
about the
potential data
breach that took
place even
before the
media took up
the story.
(High): [100]
High
[1.0]
100*1.0=100 Severe
Poor
governance and
risk
management
culture
Data loss/ Data
loss at the third-
party vendors
due to poor
governance and
lack of
controlling the
risks (Pan and
Tomlinson
2016).
(High): [100]
High
[1.0]
100*1.0=100 Severe
Lack of digital
certificate
confirmation
In
Commonwealth
Bank, it was
supposed that
the magnetic
tapes were
High
[1.0]
100*1.0=100 Severe
8SECURITY AND RISK MANAGEMENT
destroyed as
they were
intended to but
there is no
digital
certificate
present that
confirms their
destruction and
hence there is a
possibility that
those tapes were
not lost and
risks still lies
within their data
center.
(High):[100]
Ineffective
account
monitoring
system
As a result of
the ineffective
account
monitoring
system, the
information that
are stored
related to
account of
customers, gets
compromised,
unauthorized
users gets
access to the
accounting
system and steal
data while
crashing the
system (Ahmad,
Maynard and
Park 2014).
(High):[100]
High
[1.0]
100*1.0=100 Severe
Lack in the
presence of
high-level
management
staff
Lack in
controlling the
security threats
within the
organisation
and thus leading
to data loss
(Islam et al.
2016).
Medium
[.5]
100*.5=50 Elevated
destroyed as
they were
intended to but
there is no
digital
certificate
present that
confirms their
destruction and
hence there is a
possibility that
those tapes were
not lost and
risks still lies
within their data
center.
(High):[100]
Ineffective
account
monitoring
system
As a result of
the ineffective
account
monitoring
system, the
information that
are stored
related to
account of
customers, gets
compromised,
unauthorized
users gets
access to the
accounting
system and steal
data while
crashing the
system (Ahmad,
Maynard and
Park 2014).
(High):[100]
High
[1.0]
100*1.0=100 Severe
Lack in the
presence of
high-level
management
staff
Lack in
controlling the
security threats
within the
organisation
and thus leading
to data loss
(Islam et al.
2016).
Medium
[.5]
100*.5=50 Elevated
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9SECURITY AND RISK MANAGEMENT
(High):[100]
Analysis of the control environment:
Existing controls:
The security policy of the Commonwealth Bank recognizes and commits to sustained
funding in order to secure its data sets. According to the existing security policy of the
Commonwealth bank, the reliable data not only permits the business and individuals to
structure their affairs but also enables them to access their data timely ( Shameli-Sendi,
Cheriet and Hamou-Lhadj 2014). The current existing policy mandates open data access
within their data centers. Other controls like training the employees about the cyber threats,
generation of digital certificates are not in place with the existing controls.
Proposed control:
As with the majority of the threats that are identified with the data center used, it is
recommended to implement more encryption with the data that re stored as well as
transferred, to implement data loss prevention software in order to detect the transmission of
extra filtration. It is also recommended to check the third-party vendors, implement end
point-based security solutions (Safa, Von Solms and Furnell 2016). It is also recommended to
avoid the use of mandating the open data access into the organisations data center. It should
be seen that the data sharing process is driven by market forces.
Scenario 2: Cyber Security Risk Assessment for Target Australia
Target Australia is one of the well-known retailers in Australia. It was founded in the
year 1973 with its headquarters at Geelong, VIC, Australia. Besides this it has it branches in
more than 380 locations.
(High):[100]
Analysis of the control environment:
Existing controls:
The security policy of the Commonwealth Bank recognizes and commits to sustained
funding in order to secure its data sets. According to the existing security policy of the
Commonwealth bank, the reliable data not only permits the business and individuals to
structure their affairs but also enables them to access their data timely ( Shameli-Sendi,
Cheriet and Hamou-Lhadj 2014). The current existing policy mandates open data access
within their data centers. Other controls like training the employees about the cyber threats,
generation of digital certificates are not in place with the existing controls.
Proposed control:
As with the majority of the threats that are identified with the data center used, it is
recommended to implement more encryption with the data that re stored as well as
transferred, to implement data loss prevention software in order to detect the transmission of
extra filtration. It is also recommended to check the third-party vendors, implement end
point-based security solutions (Safa, Von Solms and Furnell 2016). It is also recommended to
avoid the use of mandating the open data access into the organisations data center. It should
be seen that the data sharing process is driven by market forces.
Scenario 2: Cyber Security Risk Assessment for Target Australia
Target Australia is one of the well-known retailers in Australia. It was founded in the
year 1973 with its headquarters at Geelong, VIC, Australia. Besides this it has it branches in
more than 380 locations.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SECURITY AND RISK MANAGEMENT
Service provided and Data used:
The Target Australia retail company offer a wide range of products and services to its
customers based on fashion accessories, electrical appliances and a full range of different
types of toys games more. The company uses data such as credit related information, and
other personal credentials of the customers for their business process.
Data storage method:
All the data related to the transactions of the customers and details of products and
services that it offers are stored within the company’s database system.
Threats that are faced in the organisation:
Among the various retail companies around the world, Target Australia also faced
major data security risks in its business process. The company has reported to face risks of
unauthorized activity on their database system at their human resource technology provider
Page Up.
Target Australia Company uses the Page Up in order to manage their employment
related applications and other information that are related to the company. As a result of these
unauthorized activity it led to the loss of some important information related to the customers
names, address, email address and their telephone numbers (Manworren, Letwat and Daily
2016). According to report that was published about the cyber risk that Target faced was that
their computer systems were affected by some viruses that gradually spread through their
entire system causing them to shut down. The virus was reported to have attacked two major
systems within the company from where the details of the transactions were processed. Even
after this attack, Target faced a series of similar attacks through the corresponding years that
led them to close their personal information systems.
Service provided and Data used:
The Target Australia retail company offer a wide range of products and services to its
customers based on fashion accessories, electrical appliances and a full range of different
types of toys games more. The company uses data such as credit related information, and
other personal credentials of the customers for their business process.
Data storage method:
All the data related to the transactions of the customers and details of products and
services that it offers are stored within the company’s database system.
Threats that are faced in the organisation:
Among the various retail companies around the world, Target Australia also faced
major data security risks in its business process. The company has reported to face risks of
unauthorized activity on their database system at their human resource technology provider
Page Up.
Target Australia Company uses the Page Up in order to manage their employment
related applications and other information that are related to the company. As a result of these
unauthorized activity it led to the loss of some important information related to the customers
names, address, email address and their telephone numbers (Manworren, Letwat and Daily
2016). According to report that was published about the cyber risk that Target faced was that
their computer systems were affected by some viruses that gradually spread through their
entire system causing them to shut down. The virus was reported to have attacked two major
systems within the company from where the details of the transactions were processed. Even
after this attack, Target faced a series of similar attacks through the corresponding years that
led them to close their personal information systems.
11SECURITY AND RISK MANAGEMENT
Determination of Inherent Risk & Impact:
Identified
Threat
Impact Likelihood Value Risk
calculation
Denial of
service attack
As a result of
the unknown
installation of
malware in their
systems, one of
the leading US
card issuers got
affected. It was
reported that
about 40000
retailers point of
sale got affected
due to the
breach. The
data breach
affected about
40 million
payment
credentials of
about 70 million
customer
records.
(High):100
High
[1.0]
100*1.0=100 Severe
Phishing email The data breach
at Target
Corporation
started with
sending of
phishing emails
by third party
vendors into
their systems.
This led to the
entire system of
Target company
affected by the
malware that
was injected.
(High):100
High
[1.0]
100*1.0=100 Severe
Unauthorized
access to the
information
systems
As a result of
unauthorized
access facility,
the attackers
High
[1.0]
100*1.0=100 Severe
Determination of Inherent Risk & Impact:
Identified
Threat
Impact Likelihood Value Risk
calculation
Denial of
service attack
As a result of
the unknown
installation of
malware in their
systems, one of
the leading US
card issuers got
affected. It was
reported that
about 40000
retailers point of
sale got affected
due to the
breach. The
data breach
affected about
40 million
payment
credentials of
about 70 million
customer
records.
(High):100
High
[1.0]
100*1.0=100 Severe
Phishing email The data breach
at Target
Corporation
started with
sending of
phishing emails
by third party
vendors into
their systems.
This led to the
entire system of
Target company
affected by the
malware that
was injected.
(High):100
High
[1.0]
100*1.0=100 Severe
Unauthorized
access to the
information
systems
As a result of
unauthorized
access facility,
the attackers
High
[1.0]
100*1.0=100 Severe
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 22
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.