Cyber Security Risk Assessment for Educational Institute

Verified

Added on 2022/10/04

AI Summary

This report presents a cybersecurity risk assessment conducted for an educational institute, addressing the critical role of risk assessment in developing and managing cybersecurity. It identifies limitations of current risk assessment methods and outlines the importance of identifying critical information assets. The report details various threats, including malware attacks, ransomware, denial-of-service attacks, and phishing, and emphasizes the need for data backup and cloud computing solutions. A template is provided for ranking information assets and assessing associated risks. The report also discusses the importance of data accuracy, information lifecycle management, and the value of assets to the organization. The student emphasizes the necessity of data backup to prevent spam attacks and the dangers of malware attacks, particularly in educational settings. The report concludes by highlighting the significance of proactive security measures and the use of cloud computing for data storage and security.

Running head: CYBER SECURITY
CYBER SECURITY
Name of the Student
Name of the Organization
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CYBER SECURITY
Importance fact about the assessment risk:
The overall procedure of the risk analysis and the identifying process is very much
important for the cyber security. There are several education institution are facing the
problem of the risk for the several cyber problems. Hardware, software and the system
problem also done by the assessment of the risk. The data last of the hacking problem is also
a dangerous spam. The estimation as well as the evaluation risk are also visible in this matter.
The process of the selecting controls are taking part to create this problems. It is very much
essential to take care the various risk that are happening in the case of the cyber security. The
organization should be maintained properly to complete the process. If the cyber-attack has
been done by the attacker of the hackers, then all data will be lost or the huge demand has to
be fulfil to the hackers. Risk analysis is needed for the each and every organizations(Öğütçü
et al. 2016). The adoption of the Cloud technology is needed for the proper privacy and the
security. The company or the organization are needed to solve the security problem properly.
The flexibility, agility, security are crucial part of the system. All of these are maintained
through the cloud computing. The interoperability issue and the data ownership also taking
care by the cloud computing. In today’s world, the data mining is done through the data
migration. There are several experts are assigned to take care of the responsibility and the
vendor security. The Department of Administrative Services has been taken care of the cyber
surety from a decade. The multi cloud computing has been done with the different type of
cloud environment. This formation is applicable for the multiple cloud platform and the
services. The cloud operation has been done sometimes with the third party. Data integration
is also done by this procedure. The final procedure and the complexity is needed to be
complete that the organization security remain stable. The SaaS or the software as a service is
the distribution model of the software which is the third party provider which is capable of
the application service (Shamala et al. 2013)

2
CYBER SECURITY
Critical asset Identification:
In a singular entity the asset information has been defined properly. The critical
should be maintained properly and manage through a unit. The attack should be understood
and protected for the system. The assets of the information will be manageable if the
information will be cleared properly. The value of the asset is tend to be physical. It is very
much essential that the identification. Without identification it is impossible to target the
responsible malware. University should develop a register system for maintenance properly.
A database is also needed for all data backup and the security. If any malware attack has been
took place, then it will be easy to format the system and take the essential document from the
backup. The asset storing is needed to complete the procedure of the security. If the cyber-
attack has been happened in the educational institute, then it is difficult to recover it. That is
why the each and every documents should be maintained and have to take the backup
properly. If the backup process has been done properly, then the system reboot process will
be done. The all data of the corrupted device will be removed and the backup data will be
effected. That is why the asset of the data should be recorded. It will take little time if the
system should be rebooted to avoid the attack, but the demand of the hacker does not have to
proceed(Hartmann, K. and Steup, C, 2013)They are targeting the educational organization,
because those organizations are full of sensitive documents with the student details, notes,
results and the questions. That is why, if any of these document missing will hamper the
organization. So it will be great, if all the document have the proper security and the backup.
The backup has been done through the cloud computing or the huge space of the hard drives.
If any attack, like the ransom ware has taken the place; then the system will be rebooted by
the technical support team and all documents should be recovered. So the precaution is
needed properly to complete the security (Cherdantseva et al. 2016)

3
CYBER SECURITY
 What Risks are associated with data, that is not accurate?
 Is the information possess lifecycle is practicable?
 Is the asset information possesses are valuable for the organizations?
 Backup is necessary to prevent the spam attack?
 Is malware attack is dangerous for the cyber security?
Template
Information Asset Rank Description
Student Information 1
Learning and Teaching info 2
Research info 3
Management facility info 4
Management of finance info 5
Strategy, policy and
governance info
6
Strategic intelligence info 7
Alumni and the Engagement
info
8
Identification threat:
Various malware attacks and the virus attacks have been taken part to attack the
educational organization. So proper security is needed to solve this problem. This various
type of threats are discussed below:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CYBER SECURITY
Security threats Rank depending upon the impact
Attacks of denial of service 1
Ransom ware 2
Social engineering 3
Lack of appropriate controls of security 4
Outdated policies of security 5
The education institute is generally using various type of websites. The ransomware
attack has always been made through the website mainly. To keep safe the organization, it is
needed to protect the system properly. Sometimes the attack through the email is also made
by the hackers. The cybersecurity is very much needed for any type of organization. Ransome
ware, DDos, phishing, Key takeaways are the famous attacks that have been done in the
educational structures. Ransome ware is used to collapse the system, and the hacker will ask
a huge amount of money for the decryption key to open the system. The email attack has
been made through the phishing attack. The mail will corrupt and the system for the essential
purpose. The DDos has been used to attack the educational institute for the several essential
notes and the system will collapse permanatly for this attack. This attack can be done through
the dark web, which will cost only five dollars. The tactics of the attack can also be done by
the calling from the hacker. The educational field is full of the important and sensitive
documents. That is why the hackers always try to attack this organization. Sometimes the
attack has been made through the websites also. The website is crashing as well as the

5
CYBER SECURITY
malware attack has been made through the hackers. If the hackers will not get the demand
amount of money or the required demand. Then the website may be crushed for ever as well
as the all documentation will be lost. That is why the data backup is needed. If any copied
data is storing is the other database, as well as if the organization will use cloud computing;
then the data will be stored as the cluster. If any of the data or the cluster will be lost, then the
copy of the data should be fetched through the cloud or the secondary storage device. Now
each and every organization has its own limit to store data, from the beginning to the current
date the data storing is needed. That is why the big data problem has been arising. That is
why nowadays the data storing is done by the Hadoop concept. Data storing, securing and the
fetching; all process are doen properly through cloud computing (Arachchilage et al. 2014)

6
CYBER SECURITY
Reference
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Cartwright, K., EDIFICE TECHNOLOGIES Inc, 2014. Systems and methods for capturing,
managing, sharing, and visualising asset information of an organization. U.S. Patent
Application 14/270,196.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), p.31.
Hartmann, K. and Steup, C., 2013, June. The vulnerability of UAVs to cyber attacks-An
approach to the risk assessment. In 2013 5th international conference on cyber conflict
(CYCON 2013) (pp. 1-23). IEEE.
Love, P.E., Matthews, J., Simpson, I., Hill, A. and Olatunji, O.A., 2014. A benefits
realization management building information modeling framework for asset
owners. Automation in construction, 37, pp.1-10.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
CYBER SECURITY
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Shamala, P., Ahmad, R. and Yusoff, M., 2013. A conceptual framework of info structure for
information security risk assessment (ISRA). Journal of Information Security and
Applications, 18(1), pp.45-52.